Accepted graphicsmagick 1.3.16-1.1+deb7u13 (source amd64 all) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 03 Nov 2017 19:52:34 +0100
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.16-1.1+deb7u13
Distribution: wheezy-security
Urgency: high
Maintainer: Daniel Kobras <kobras@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick++3 - format-independent image processing - C++ shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
libgraphicsmagick3 - format-independent image processing - C shared library
Changes:
graphicsmagick (1.3.16-1.1+deb7u13) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-16352: Graphicsmagick was vulnerable to a heap-based buffer
overflow vulnerability found in the "Display visual image directory"
feature of the DescribeImage() function of the magick/describe.c file.
One possible way to trigger the vulnerability is to run the identify
command on a specially crafted MIFF format file with the verbose flag.
* Fix CVE-2017-16353: Graphicsmagick was vulnerable to a memory information
disclosure vulnerability found in the DescribeImage function of the
magick/describe.c file, because of a heap-based buffer over-read. The
portion of the code containing the vulnerability is responsible for
printing the IPTC Profile information contained in the image. This
vulnerability can be triggered with a specially crafted MIFF file. There is
an out-of-bounds buffer dereference because certain increments are never
checked.
Checksums-Sha1:
97685057d8e8d191232a314f7e05030a9f227185 2837 graphicsmagick_1.3.16-1.1+deb7u13.dsc
50fc2d21697d588c30ebfb2252e5cdeb72b4b7e6 203294 graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz
d9a55a76c2755ed6c7b3a248182c32017b25fc61 1033614 graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb
72a2ae164b8e3f38c0d5a3d5b47ee0226f42a744 1327820 libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb
f5d66a399b646788b47b28fb172b215187c22b35 1824950 libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb
0893756ff5d2c1b0d5933a19bb465879429c6dd6 155596 libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb
e0bd3a380406213f31b53c7cc11a0196bef68a6d 407972 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb
aac097116e3523c3a07335386b70c7bb9d24426b 84954 libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb
754c9208ace1fcd2fc1f112717c538c3df6d5adf 3272398 graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb
184e04a738b02047fce25a9d8fb3214eaa1698d1 19138 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb
e083b5deb7066bb566b65db8d209c207cf225dcc 22682 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb
Checksums-Sha256:
61f7e06e372d59e56be3ce602121a4291f33a9ba1fb28f0e07efdf09d521c00d 2837 graphicsmagick_1.3.16-1.1+deb7u13.dsc
7827bfb1f01d87910dc9938b5e72986a8e0aac509315e7041ef6eef7f96fb6d1 203294 graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz
e6c1d18ef9f0a232f9ee3afba4978d3287969f376b2925d5b8fceb1df6fab68a 1033614 graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb
c72d819e485e67f62be6285f6864e22b6f9f0a4b6a22843ff37e48068b88fc7f 1327820 libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb
fc5cbf290262633c4d1549f1983f1a23b7c038c1e547174892ec418a4adf7933 1824950 libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb
c92f6ccdd8a007b4a3825f29f1426e32184541a1e6c26e2b4a30e3b08f7c33b7 155596 libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb
aa1974075169423ec1b13de7d38fca0c1b3499e9de05aebf5e010caade0960cf 407972 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb
7aab91c9ddfcbbeef64bf85548f3d590d93d4ccd8402fb261ec2d0d756830e10 84954 libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb
d95a7d3b740a1333ea8ea4e676483397172ba57d0d7df2d564f8b04f99b560ce 3272398 graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb
e8e2ad59b5146fb68b9946fa8053df1c2b4d1e7440937211818131ba090d2eff 19138 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb
028378cee9c6d35ccbbfecdd0fc80ea8ab902e7ac2ea8ad309f2f0e6de70a347 22682 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb
Files:
61366cc93f32c646e5b14a3b8120c26a 2837 graphics optional graphicsmagick_1.3.16-1.1+deb7u13.dsc
c73cd8ff973aff0d7254d6e6567100ce 203294 graphics optional graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz
05095beebbd0eeb6fbb92706b309e39b 1033614 graphics optional graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb
59aff88d24bb3e9ea86c08d8f9146a01 1327820 libs optional libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb
542ed862b6a341d8498d38a7900c5887 1824950 libdevel optional libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb
905e29da70ef9c5abc7c3f46db080290 155596 libs optional libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb
ee787d8f0478db536333fc496bdac3a9 407972 libdevel optional libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb
620a10d0214bb0424209890188ec9a9a 84954 perl optional libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb
3e6bc77b2e86b4529fb050b9dd715d36 3272398 debug extra graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb
53205ea172bf937e3cbec4d3a6bb4b0b 19138 graphics extra graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb
b61fee764b46bf5b97b66005e86f6739 22682 graphics extra graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln8xBZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkjK0P/RTX3MTdrA213fGs8cYdnyb05pjG2sQ6q/8W
rnnOf0O52qJFs1xeAUDl74t8U4hUbQBHE2Q+eVNHZZiH+tOHLhFN6qMEhcVP5XJ/
gByGTg1BEPn4e3wXT0Ebm6oQtJjJJBk3Kbp2APqGD22DnEn0qlSgRXXNDDii4Vua
T1VNUQHrkTXnkPQeqfddzs8OtrmyX2Ibs2Yyjh9qcOp8ntmUDLsvzMG6OQsaTlM4
E7bSR8/omddxdg90ouHtqmSQYJshS4TEJPJJ0DwzkM3fSOBNVCMtEg4QWB2XDYwD
tfPGmn46a+gb0xQbZaYrfbffbZ95mXFI3ZSDMLdbx1JKGUb7LIZZfcJnt7zPFcVQ
LGYt6dxzVY4v4mj2X+BZlQMEHk1KbB7fOVdjJPSLnQgBTq84225cMxDSnuNVY4fZ
AFq352muXk+INtNui07MHi43/zUOcglVJbh2gV87C8h3IlPMAmRKYoMzLNG0RQl1
PhqdBlV4g28E1IUqD2Usxbehu42D67ttSw3mOUvdnXqPALAzkm0V/d6WG7obXgcN
leqmWJwTMuRrEfUoflBK1V9jQl8yj6TVkAinF131weq1vKCuYmJtB9A1iYmnBpe2
ztCM+Q7uSS6BoPNK+B96bVWdZuwnAGwwXMvmcufmqGhAX8jyKgAoJCuJ5K+OIncQ
Z/inNPK4
=+n0A
-----END PGP SIGNATURE-----
Reply to: