Format: 1.8 Date: Wed, 05 Jul 2017 16:14:40 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: i386 Version: 1.3.26-1 Distribution: artful-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Laszlo Boszormenyi (GCS) Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Closes: 867060 867077 867085 Changes: graphicsmagick (1.3.26-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800). - WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997). - PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830). - TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335). - JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350). - TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794) (closes: #867085). - DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799) (closes: #867077). - MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800) (closes: #867060). * Remove previously backported security patches. * Self-tests build hack no longer needed. * Update library symbols for this release. * Update Standards-Version to 4.0.0 and debhelper level to 10 . Checksums-Sha1: f2b72cf1c0f1d76cdf66be55f59dff569f82dbec 2803576 graphicsmagick-dbg_1.3.26-1_i386.deb 8608ba5c4f2711476eb0e8bb97990a68405490a1 9441 graphicsmagick_1.3.26-1_i386.buildinfo bfe9334ba051ac6146af09633c45780a51f0cdf4 620704 graphicsmagick_1.3.26-1_i386.deb c6aac9509861fa00b8f8adb09d589831732b9211 55448 libgraphics-magick-perl_1.3.26-1_i386.deb ac97baccffbdb1347f4eacdb9d50f83c8ddea259 111980 libgraphicsmagick++-q16-12_1.3.26-1_i386.deb 556fd9350af688778a4f00ce8f636d5d2d8a4b3f 279026 libgraphicsmagick++1-dev_1.3.26-1_i386.deb 8caa96be6d69587d2e8d90e38326c8552699139d 1152050 libgraphicsmagick-q16-3_1.3.26-1_i386.deb 2ff3028fab35af94165f2f89ef492666967240fb 1434854 libgraphicsmagick1-dev_1.3.26-1_i386.deb Checksums-Sha256: 4e2753aee28b20dfa3633dafe878fc4a036701a1b9a67a7232dc387be61eacc0 2803576 graphicsmagick-dbg_1.3.26-1_i386.deb ef0c9ee1e075a620bc9a2963ac573d325da72e6e42466dcad9ff549263d56b77 9441 graphicsmagick_1.3.26-1_i386.buildinfo 1a5cf35b899151c5aca8e3101c3b3ea28d2405ea88f85c7632f6c4ee723ee0cf 620704 graphicsmagick_1.3.26-1_i386.deb f4b5e37c93306fb1373fa1dcfb71a4c753d21301a64d945f8c180e203d5ee863 55448 libgraphics-magick-perl_1.3.26-1_i386.deb b839a1ca87a0d2c0b894bd2ced17166ed32ad71c230113629733952ca2927530 111980 libgraphicsmagick++-q16-12_1.3.26-1_i386.deb 11f3953f8d69dd7ffbcb843d457c74f361ceef3514007591165f2676a1bce89f 279026 libgraphicsmagick++1-dev_1.3.26-1_i386.deb 515eb83baa646eb05ca728186587e4762f8c4065dc9483ad1484d15a6327cbc2 1152050 libgraphicsmagick-q16-3_1.3.26-1_i386.deb ffa428a709f2018c3cc5c83e2e07f7c4103070cbc2a037a821e57aa9b7f2debf 1434854 libgraphicsmagick1-dev_1.3.26-1_i386.deb Files: cb9d8f5fa3b5e999b5718834b41a602e 2803576 debug extra graphicsmagick-dbg_1.3.26-1_i386.deb 194981f7e9b6c25602cacfaca0319a9e 9441 graphics optional graphicsmagick_1.3.26-1_i386.buildinfo 21ce0bed0d0763cd6675ea7e2ba440c6 620704 graphics optional graphicsmagick_1.3.26-1_i386.deb 3e30620d67835de70701f567347914fe 55448 perl optional libgraphics-magick-perl_1.3.26-1_i386.deb 42f1ff6b28e8e9e7ea9bac0446886674 111980 libs optional libgraphicsmagick++-q16-12_1.3.26-1_i386.deb 9ce34db0d97030b941efadd382c34468 279026 libdevel optional libgraphicsmagick++1-dev_1.3.26-1_i386.deb b1f68fae76f6ec975a2bc830fad57a87 1152050 libs optional libgraphicsmagick-q16-3_1.3.26-1_i386.deb cd6bb40ed91e04d6689a0aca3063f4b4 1434854 libdevel optional libgraphicsmagick1-dev_1.3.26-1_i386.deb