Format: 1.8 Date: Mon, 30 May 2016 20:02:31 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: i386 Version: 1.3.24-1 Distribution: yakkety-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Laszlo Boszormenyi (GCS) Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Closes: 814732 825800 Changes: graphicsmagick (1.3.24-1) unstable; urgency=high . * New upstream release, focusing on security fixes for the following image formats: - DIB: fix out of bound reads and add more header validations, - JNG: file size limits are enforced, - MATLAB: fix DoS and hang on corrupt deflate stream, - META (Embedded Image Profiles): fix out of bounds reads and writes, - MIFF (Magick): fix thrown assertion, - CVE-2016-3716: Magick Scripting Language file processing is not done by default but need to be prefixed with 'msl:', - Magick Vector Graphics file processing is not done by default but need to be prefixed with 'mvg:' and prevent head overflow problems, - PCX: fix unreasonable memory allocation due to intentionally corrupt file, - PDB: fix heap buffer overflow and out of bounds read, - PICT: fix out of bounds write, - CVE-2016-3717: for PostScript files always run Ghostscript with -dSAFER for safer execution, - PSD: fix segmentation violations, heap buffer overflows and out of bound writes, - RLE: fix out of bounds reads and writes, - ReadImages(): fix possible infinite recursion due to a crafted input file, - RotateImage(): fix thrown assertion, - SGI: fix out of bounds writes, - SUN: fix out of bounds reads and writes, - SVG: fix CVE-2016-2317 and CVE-2016-2318, heap and stack buffer overflows, as well as segmentation violations (closes: #814732); also fix endless loop, unexpectedly large memory allocation, divide by zero and recursion issues, - TIFF: fix assertion while reading and fix benign heap overflow, - VIFF: fix excessive memory allocation with intentonally corrupted input file, - XCF: fix heap buffer overflow, - XPM: fix several heap buffer overflows and out of bound reads/writes; also fix a case of excessive memory allocation, - CVE-2016-5118: popen() shell vulnerability via filename that contains '|', remove pipe support entirely (closes: #825800); file names starting with a '|' character are no longer interpreted as shell commands to be executed as input or output, - default.mgk file has been pared down in order to reduce security exposure, - CVE-2016-3714: Gnuplot ('gplt' delegate) support for rendering these files is removed since the format is inherently insecure, - CVE-2016-3715: adding a 'tmp:' prefix to a filename no longer removes the file since this seems dangerous, - CVE-2016-3718: sanity check the image file path or URL before passing it to ReadImage(), - fix several Coverity issues like dereference after null check, multiple resource leaks and logically dead code. * Update library symbols for this release. Checksums-Sha1: e4f48ad2047ac6f55c2e527661bdc9a90687fa15 2587634 graphicsmagick-dbg_1.3.24-1_i386.deb 5c7347a554b24aa57de4cac9528a871016f9ac04 1240 graphicsmagick-dbgsym_1.3.24-1_i386.ddeb 826e17ad97253728acb24d364933c5b2ade46872 605550 graphicsmagick_1.3.24-1_i386.deb b2455bd651548f19e05f3e550b86febfa08f0eac 1238 libgraphics-magick-perl-dbgsym_1.3.24-1_i386.ddeb e0c42c405624adb9ee6ccd8ed7ad3e3a1953c4f2 55866 libgraphics-magick-perl_1.3.24-1_i386.deb 63d2cf59cd2e7f3af9f28073756b110c8b407da4 1206 libgraphicsmagick++-q16-12-dbgsym_1.3.24-1_i386.ddeb dad1c1aa881370db7b1097dae83797ba3fd5777e 111076 libgraphicsmagick++-q16-12_1.3.24-1_i386.deb 890900f75bf1c95175de2cc744af5686d5058f4e 1214 libgraphicsmagick++1-dev-dbgsym_1.3.24-1_i386.ddeb 777453720f8b07c212968c8623b60ae0f21c386f 268218 libgraphicsmagick++1-dev_1.3.24-1_i386.deb 4ef97d956a4e60ed680fe373b08a7ca728b4f170 1198 libgraphicsmagick-q16-3-dbgsym_1.3.24-1_i386.ddeb 5b26c9df1b8786789670b14ef76652b217aceda0 1147116 libgraphicsmagick-q16-3_1.3.24-1_i386.deb c6fa598a6cd785f283b1f95e6034289a69f7d672 1206 libgraphicsmagick1-dev-dbgsym_1.3.24-1_i386.ddeb c395312971f903221c5c4c15b67740526b8dd088 1331600 libgraphicsmagick1-dev_1.3.24-1_i386.deb Checksums-Sha256: a92d4331699a53860303c6c58ee71f7b0469e21a7f1eace7d85f5cd99f8d652a 2587634 graphicsmagick-dbg_1.3.24-1_i386.deb 01a16d7cf8706645edfaaae7b2287d95d9a4a12ed7fab5fd0606e584fe70aed7 1240 graphicsmagick-dbgsym_1.3.24-1_i386.ddeb 1a19909bd5dab31873c4d4177e2a9f3f4317209e27ab042005306ffb837f8e1d 605550 graphicsmagick_1.3.24-1_i386.deb a78f56ee0e019faf3525de1e72891d98d4d96ed8c18a76c70c9a068b8664a19a 1238 libgraphics-magick-perl-dbgsym_1.3.24-1_i386.ddeb 78392c8d92f3c4bef81ade7ee366e8abbce85b25e5cb0b4f955625b913b8ad82 55866 libgraphics-magick-perl_1.3.24-1_i386.deb 049a29ba6215bce6f8908219eb3f901ccb9369a52c0d58fcde4f9ddc020e2bc7 1206 libgraphicsmagick++-q16-12-dbgsym_1.3.24-1_i386.ddeb c323cccdbf8de02d6c32ec74d4250a651f47663f6c4eccab9fbbefd3bc5ee68e 111076 libgraphicsmagick++-q16-12_1.3.24-1_i386.deb b164e1c608e97324f56ce520ef0db2ab54d11ac2d2ebfed1998c00f9b781f5bf 1214 libgraphicsmagick++1-dev-dbgsym_1.3.24-1_i386.ddeb 43e274130f702477b8953d7d290e17a4992bc48606f26fb985289b5a5b6a5b29 268218 libgraphicsmagick++1-dev_1.3.24-1_i386.deb b4a1dc01ed8fc45a85452ef8580794fe3e6baf99faea1fe1541462e419e48184 1198 libgraphicsmagick-q16-3-dbgsym_1.3.24-1_i386.ddeb 9c7a88015f8eaa2cf3ec34645e7feafa993c78db38860f1f9a01c2aff1f4b5f4 1147116 libgraphicsmagick-q16-3_1.3.24-1_i386.deb 539f672711a425d8b844c6ae95feea87554675119132f514656a68cf3161e016 1206 libgraphicsmagick1-dev-dbgsym_1.3.24-1_i386.ddeb ca9b782af3429675045a129f40a5ce9542fd3688dc58713c70df39a75ec5e354 1331600 libgraphicsmagick1-dev_1.3.24-1_i386.deb Files: fefda7dcb70dfad67e4d2dd071611db8 2587634 debug extra graphicsmagick-dbg_1.3.24-1_i386.deb 3e0569859dd0876e6b1e4753ec1e4cc7 1240 graphics extra graphicsmagick-dbgsym_1.3.24-1_i386.ddeb 7fccf49ae193561e06f9294e97b68e2d 605550 graphics optional graphicsmagick_1.3.24-1_i386.deb 281d5661e9e36c3d4267e8da3c72f442 1238 perl extra libgraphics-magick-perl-dbgsym_1.3.24-1_i386.ddeb 49e388d727a70edf20750efab3b9c7f3 55866 perl optional libgraphics-magick-perl_1.3.24-1_i386.deb 51ff5a64b2fc0bfc5fed1ee9dbb77fcb 1206 libs extra libgraphicsmagick++-q16-12-dbgsym_1.3.24-1_i386.ddeb c144c6a888f6675ab87112dbd1522e41 111076 libs optional libgraphicsmagick++-q16-12_1.3.24-1_i386.deb 43e03991f25a457df8d4c2f5d2cf7f17 1214 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.24-1_i386.ddeb 560fe578513496f4ba8983113d0432c9 268218 libdevel optional libgraphicsmagick++1-dev_1.3.24-1_i386.deb 65957a05b1149bc7f60fb4340dc77ca4 1198 libs extra libgraphicsmagick-q16-3-dbgsym_1.3.24-1_i386.ddeb 7c422c0a54aac2e9e9a26454f52bfeeb 1147116 libs optional libgraphicsmagick-q16-3_1.3.24-1_i386.deb 4f99174dc7e297c2c8d57799dcadf7d3 1206 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.24-1_i386.ddeb aa606a3417c5b3ac5d6b7f9a5e5b03a1 1331600 libdevel optional libgraphicsmagick1-dev_1.3.24-1_i386.deb