Format: 1.8 Date: Thu, 01 Nov 2018 15:03:05 -0300 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: armhf Version: 1.3.23-1ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Eduardo Barretto Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Changes: graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: DoS (crash) via a crafted SVG file. - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation - CVE-2016-2317 * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG file. - debian/patches/CVE-2016-2318.patch: Make SVG path and other primitive parsing more robust - CVE-2016-2318 * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in a crafted image file. - debian/patches/CVE-2016-3714.patch: Remove delegates support for reading gnuplot files. - CVE-2016-3714 * SECURITY UPDATE: Remote attackers are able to delete arbitrary files via a crafted image. - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic prefix. - CVE-2016-3715 * SECURITY UPDATE: Remote attackers can move arbitrary files via a crafted image. - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension on MSL files. - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG format based on file extension. - CVE-2016-3716 * SECURITY UPDATE: Remote attackers can read arbitrary files via a crafted image. - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in - CVE-2016-3717 * SECURITY UPDATE: Remote attackers can conduct server-side request forgery (SSRF) attacks via a crafted image. - debian/patches/CVE-2016-3718.patch: fix in render.c - CVE-2016-3718 * SECURITY UPDATE: Remote attackers can execute arbitrary files via a pipe character at the start of a filename. - debian/patches/CVE-2016-5118.patch: remove support for reading input from a shell command or writing output to a shell command - CVE-2016-5118 * SECURITY UPDATE: Remote attackers can execute arbitrary commands via unspecified vectors. - debian/patches/CVE-2016-5239.patch: remove delegates support for Gnuplot and varios other file types. - CVE-2016-5239 * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by converting a circularly defined SVG file. - debian/patches/CVE-2016-5240.patch: endless loop problem caused by negative stroke-dasharray arguments - CVE-2016-5240 * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception and application crash) via a crafted svg file. - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if fill or stroke pattern image has zero columns or rows - CVE-2016-5241 * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code. - debian/patches/CVE-2016-7446.patch: fix in svg.c - CVE-2016-7446 * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis. - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of EscapeParenthesis() in annotate.c - CVE-2016-7447 * SECURITY UPDATE: DoS (CPU consumption or large memory allocations) via vectors involving the header information and the file size. - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c - CVE-2016-7448 * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing an "unterminated" string. - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun if buffer not null terminated - CVE-2016-7449 * SECURITY UPDATE: Integer underflow in the parse8BIM function. - debian/patches/CVE-2016-7800.patch: fix unsigned underflow. - CVE-2016-7800 * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format reader. - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c - CVE-2016-7996 - CVE-2016-7997 * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header. - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow while reading SCT file header. - CVE-2016-8682 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted PCX image. - debian/patches/CVE-2016-8683.patch: check that filesize is reasonable given header. - CVE-2016-8683 * SECURITY UPDATE: Memory allocation failure and a "file truncation error for corrupt file" via a crafted SGI image. - debian/patches/CVE-2016-8684.patch: Check that filesize is reasonable given header. - CVE-2016-8684 * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image. - debian/patches/CVE-2016-9830.patch: enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions. - CVE-2016-9830 Checksums-Sha1: 4adcb3df074d693a09f9f4612c023443da37e509 2998186 graphicsmagick-dbg_1.3.23-1ubuntu0.1_armhf.deb 17aaecf657c2ae120c2f70e44b8ededdd4552f82 1290 graphicsmagick-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 6d9ab97de98313e061e6c7ad7c9593251c23f790 591554 graphicsmagick_1.3.23-1ubuntu0.1_armhf.deb 6080d621caa32cb81537a9cad7e4f3c03a3e9102 1290 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 9ed8ca96923f4da272aeb121fdbc07634c7d08f9 49712 libgraphics-magick-perl_1.3.23-1ubuntu0.1_armhf.deb 2fa516b87af71447cdd9671d515b2af310100a06 1254 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 61eda62f07efc904cff214fa2a4d773da44b930f 87762 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.1_armhf.deb 2b3c8d26610bad34f4836a7b3e9b1aec8dc2acdd 1264 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb e4e27821382f94aebfa6b7761998b53cc9beb5d5 251534 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.1_armhf.deb d182ef79ef455e5ee3f28b797107efed040d3f76 1248 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 21494d433ce0f54b1df7751e0b9f483cc0311bde 1003324 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.1_armhf.deb 6128849b60f4e4b2a6282ed4c71d195a56afc74a 1256 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb a5afd8a26c2b3f78355b3f67000ff222f565da75 1222100 libgraphicsmagick1-dev_1.3.23-1ubuntu0.1_armhf.deb Checksums-Sha256: 9cda1b46d195edc39818234ea7f754f96d53e98c2957acb9df2d3dcce71f0dd4 2998186 graphicsmagick-dbg_1.3.23-1ubuntu0.1_armhf.deb d7ac9a0c9ed0eb7a7a77a05baf5fb71ec67d31130fd88d478d8d1bb3824f3f8a 1290 graphicsmagick-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 93fd8adf2d71d23782ebf99087daa3efdd23b78f4faf4b65b4a82168004c5673 591554 graphicsmagick_1.3.23-1ubuntu0.1_armhf.deb de3e5c18599a9597a6b644eca4febbaf28d3c01578052968be4ef9c3137b0854 1290 libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 2936be141667c252bda3a9617be6a19ecb657cca2a85f5d7067fa903b4876933 49712 libgraphics-magick-perl_1.3.23-1ubuntu0.1_armhf.deb bf3cff3cf106088ca72e2c0ade67e3d541612a62d991ff518ee80a86a44618cf 1254 libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 799bd52c8cc5f264199f7c65c97fd0a99f082564f7b2f04b29c6008e209d490f 87762 libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.1_armhf.deb 2b388365479a2bff72a5950ec47e1dc4be7642c2652232a689794ab86d005245 1264 libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 4dc22692d9201133696e59c29de4851ca61e9a48abf9bc887ae12723cce26651 251534 libgraphicsmagick++1-dev_1.3.23-1ubuntu0.1_armhf.deb 96f858cdfd8e5b1c410fd335548ebf6d80d7864cb5a32778b34bb1db547ab9a1 1248 libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 95c5a2ebeeba58f9a64068f355736898c8c0939228ba6da3e870aebdfbfeaaeb 1003324 libgraphicsmagick-q16-3_1.3.23-1ubuntu0.1_armhf.deb c00c1b3d418194f4279fa6b8c09d086ca53f89b9949344c13923fa3db25ab62e 1256 libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 92dffc2590a73b94bdefba8e6669327b3757d8c79e56fa2a373b00f2a44fcb6d 1222100 libgraphicsmagick1-dev_1.3.23-1ubuntu0.1_armhf.deb Files: 13b4f9b60f9bd3e2c7c26b2f9ca89261 2998186 debug extra graphicsmagick-dbg_1.3.23-1ubuntu0.1_armhf.deb abf57aaea4ed6afb83c83d7dfcead598 1290 graphics extra graphicsmagick-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 7704d456bef9df84a0707c8b77e62931 591554 graphics optional graphicsmagick_1.3.23-1ubuntu0.1_armhf.deb e72f26d998aa7c0ea546430a792b2685 1290 perl extra libgraphics-magick-perl-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 3e8171d4b2ac8f4dc65a1e1557ae0b70 49712 perl optional libgraphics-magick-perl_1.3.23-1ubuntu0.1_armhf.deb a786084ce78a5efeae93f14055e4a812 1254 libs extra libgraphicsmagick++-q16-12-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 45bd961fce3e1eeec2f50c5019b1df54 87762 libs optional libgraphicsmagick++-q16-12_1.3.23-1ubuntu0.1_armhf.deb 9256519e2d2042d7de296cb7daad0272 1264 libdevel extra libgraphicsmagick++1-dev-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb f6513db62deab790ef888ec703c9e68f 251534 libdevel optional libgraphicsmagick++1-dev_1.3.23-1ubuntu0.1_armhf.deb 517065622aa6aacc2f8c75affb1873c1 1248 libs extra libgraphicsmagick-q16-3-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb d2b5a47945ea87e250144ef57d3b2280 1003324 libs optional libgraphicsmagick-q16-3_1.3.23-1ubuntu0.1_armhf.deb 381ade5a16cb5c46489b73978974cf24 1256 libdevel extra libgraphicsmagick1-dev-dbgsym_1.3.23-1ubuntu0.1_armhf.ddeb 30e0666e3fd32ba1d219ca87ad325a4a 1222100 libdevel optional libgraphicsmagick1-dev_1.3.23-1ubuntu0.1_armhf.deb Original-Maintainer: Laszlo Boszormenyi (GCS)