Format: 1.8
Date: Thu, 28 Nov 2019 11:12:37 -0300
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: armhf
Version: 1.3.28-2ubuntu0.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-053.buildd>
Changed-By: Eduardo Barretto <eduardo.barretto@canonical.com>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Changes:
 graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function.
     - debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than
       65535.
     - CVE-2018-20184
   * SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function.
     - debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if
       sample_bits <= 32.
     - debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due
       to arithmetic overflow.
     - debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations
       to guard against arithmetic overflow.
     - CVE-2018-20185
   * SECURITY UPDATE:  DoS (crash) in ReadDIBImage.
     - debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits
       per pixel are not colormapped.
     - CVE-2018-20189
   * SECURITY UPDATE: Stack-based buffer overflow in the function
     SVGStartElement.
     - debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while
       parsing quoted font family value.
     - CVE-2019-11005
   * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage.
     - debian/patches/CVE-2019-11006.patch: Detect end of file while reading
       RLE packets.
     - CVE-2019-11006
   * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage.
     - debian/patches/CVE-2019-11007-1.patch: New function to reallocate an
       image colormap.
     - debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one
       PixelPacket) of image colormap.
     - CVE-2019-11007
   * SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage.
     - debian/patches/CVE-2019-11008.patch: Perform more header validations, a
       file size validation, and fix arithmetic overflows leading to heap
       overwrite.
     - CVE-2019-11008
   * SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage.
     - debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while
       reading DirectClass XWD file.
     - CVE-2019-11009
   * SECURITY UPDATE: Memory leak in the function ReadMPCImage.
     - debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero,
       or an irrationally large profile length.
     - CVE-2019-11010
   * SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and
     crash) by crafting an XWD image file.
     - debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to
       avoid crashes due to FPE and invalid reads.
     - debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed
       arbitrary memory allocation.
     - debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation
       violation and invalid memory read with more validations.
     - CVE-2019-11473
     - CVE-2019-11474
   * SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage.
     - debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than
       image->depth. Avoids potential buffer overflow.
     - CVE-2019-11505
   * SECURITY UPDATE: Heap-based buffer overflow in the function
     WriteMATLABImage.
     - debian/patches/CVE-2019-11506.patch: Add completely missing error
       handling.
     - CVE-2019-11506
Checksums-Sha1:
 5558169a568cd5157ea68196caf34acdf7229ee3 3210528 graphicsmagick-dbg_1.3.28-2ubuntu0.1_armhf.deb
 b2763eab6a82d84f1dca2acd3d0770d9305eca7f 11460 graphicsmagick_1.3.28-2ubuntu0.1_armhf.buildinfo
 4f3210a72009ccc2979256d2cf5afafac646e1d1 634236 graphicsmagick_1.3.28-2ubuntu0.1_armhf.deb
 aabfba47a90d9979a0258795af18a77c4e3e29dd 48576 libgraphics-magick-perl_1.3.28-2ubuntu0.1_armhf.deb
 f6eec5d754cc811fc4d16471967bce0e9013f7a2 87376 libgraphicsmagick++-q16-12_1.3.28-2ubuntu0.1_armhf.deb
 5ca1ce75a7011eeadf256f70de1f85a64874b89e 254712 libgraphicsmagick++1-dev_1.3.28-2ubuntu0.1_armhf.deb
 7a4c55933b5bc221a818724c146eda4aabfc4fc0 1011472 libgraphicsmagick-q16-3_1.3.28-2ubuntu0.1_armhf.deb
 864e7a6d68dd2c9cac2570801821442f1f3eff84 1272776 libgraphicsmagick1-dev_1.3.28-2ubuntu0.1_armhf.deb
Checksums-Sha256:
 a12671861886f928039799fb403efafcae814a7883d0c7fe0ef9a46385b72ae5 3210528 graphicsmagick-dbg_1.3.28-2ubuntu0.1_armhf.deb
 7185f821e09decd5db687dd49d70450b24649ef2cbfdde2eeca5ecaf5d64cd5e 11460 graphicsmagick_1.3.28-2ubuntu0.1_armhf.buildinfo
 b8f03039a28135ff420cff51bed98187ce43bd00620c198bcd9364b541eb67ac 634236 graphicsmagick_1.3.28-2ubuntu0.1_armhf.deb
 77ede16509aa2b86b03c9e9bd9106ec9df195b3e2e5f7bbf7f492d1815a5bca7 48576 libgraphics-magick-perl_1.3.28-2ubuntu0.1_armhf.deb
 a07caf6072007b6d079175487429db09ee1292681fd65efa113ac907827b52e0 87376 libgraphicsmagick++-q16-12_1.3.28-2ubuntu0.1_armhf.deb
 99119a97c7a6aa21aff7d127bd7ec65fe409307496ffe8bb80e9cd3745f32d38 254712 libgraphicsmagick++1-dev_1.3.28-2ubuntu0.1_armhf.deb
 50d0393605102e3468d5b6c0842e7ea3c1d3a5da149decd39c7c44f40bc2076f 1011472 libgraphicsmagick-q16-3_1.3.28-2ubuntu0.1_armhf.deb
 9b59f59464da7ddf768c047c86461adc3be8a1476d458147f965c092d9e2fc19 1272776 libgraphicsmagick1-dev_1.3.28-2ubuntu0.1_armhf.deb
Files:
 db90d86ded5068d7cce43dbc11ccc234 3210528 debug optional graphicsmagick-dbg_1.3.28-2ubuntu0.1_armhf.deb
 51a37704af22665092d0992ca3e8069c 11460 graphics optional graphicsmagick_1.3.28-2ubuntu0.1_armhf.buildinfo
 f76477992f58b79a90a09cd1d0d3ff40 634236 graphics optional graphicsmagick_1.3.28-2ubuntu0.1_armhf.deb
 14670079f39b0084012732386b5ff5de 48576 perl optional libgraphics-magick-perl_1.3.28-2ubuntu0.1_armhf.deb
 eea550aa80a7f3741198eafcd5be9981 87376 libs optional libgraphicsmagick++-q16-12_1.3.28-2ubuntu0.1_armhf.deb
 87cb575a886a071961963ef011324d20 254712 libdevel optional libgraphicsmagick++1-dev_1.3.28-2ubuntu0.1_armhf.deb
 84666e4287d46a50558fb652b89d9072 1011472 libs optional libgraphicsmagick-q16-3_1.3.28-2ubuntu0.1_armhf.deb
 18013d8d3cc4e8e0394088df2c1c903e 1272776 libdevel optional libgraphicsmagick1-dev_1.3.28-2ubuntu0.1_armhf.deb
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>