[SECURITY] [DLA 574-1] graphicsmagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 574-1] graphicsmagick security update
From: Chris Lamb <lamby@debian.org>
Date: Mon, 11 Jul 2016 18:27:25 +0200
Message-id: <[🔎] 1468254445.1618883.663010233.15B69B2D@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u3
CVE IDs        : 2016-5240 2016-5241

It was discovered that there were two denial of service vulnerabilities
in graphicsmagick, a collection of image processing tools:

  * CVE-2016-5240: Prevent denial-of-service by detecting and rejecting
    negative stroke-dasharray arguments which were resulting in an
    endless loop.

  * CVE-2016-5241: Fix divide-by-zero problem if fill or stroke pattern
    image has zero columns or rows to prevent DoS attack.

For Debian 7 "Wheezy", this issue has been fixed in graphicsmagick version
1.3.16-1.1+deb7u3.

We recommend that you upgrade your graphicsmagick packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXg8hBAAoJEB6VPifUMR5Y2MEP/3+Q7D0c72JraBVbV9Ls2Ain
7KBVlP6x7URyn9Ai7/hN0J+jPTuEQ7FRf5udVOl2IExhXgxo8/Fb3/FA2GUl67Gq
QFfo0apTFiaeBVFUXa2fWXxJs0oDPlXhqliu5Lfr/7Tz+tJQjA7hC9wK94/ajm2F
1vDTW6BR7Xijc1KK+fVf3kVHqmwS+RTND+GpQt+FS82YbIDw8nUaVBvT+MXbm1so
1mEIDHv6o/s97/KHKs+0TCjqAkc9kRob9up8UkWzEAiGrdANEiGWHgqMKEeI+5WI
bapjY1yQ58UnNKBF99+ZqC4QrWJO8ukricU2z/s4qlKEE4M58+ErJA41ULZTGTLQ
GQJDATEA8ds7v+pDjGDPS5laPB6vnR7vnKtg8Dc3Bi+gzDrE775XQYW0T+jckg1H
5uZO6MhQjHieHKBO7qYXCxSRkdtybCPNAAEcUc3Vv+cIj1uF81X/xXRmB18D02do
/RMzxXc5YR9ZJsY2X5dJqlq57aRodVaY+sCsmuHT9M7CnhZdYGMdBiWxZsu/HVy2
LfV/VDH3SZNwuWHa9WPK+moWyxoi9Rs7fjnRGC/WADScsc9tP49QjyEtXdLHqyvL
j0NMuxBwflRNs4MfIf+eibDXPrpaEhgJ5yYyUCPOtvn4mhiWheXjHvFIa7nGotZ7
/sbBsmpVeWsMehqtRBen
=Jg6j
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 546-1] clamav version update
Next by Date: [SECURITY] [DLA 548-1] drupal7 security update
Previous by thread: [SECURITY] [DLA 546-1] clamav version update
Next by thread: [SECURITY] [DLA 548-1] drupal7 security update
Index(es):
- Date
- Thread