Format: 1.8
Date: Thu, 28 Nov 2019 11:12:37 -0300
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: ppc64el
Version: 1.3.28-2ubuntu0.1
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-ppc64el-007.buildd>
Changed-By: Eduardo Barretto <eduardo.barretto@canonical.com>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Changes:
 graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function.
     - debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than
       65535.
     - CVE-2018-20184
   * SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function.
     - debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if
       sample_bits <= 32.
     - debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due
       to arithmetic overflow.
     - debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations
       to guard against arithmetic overflow.
     - CVE-2018-20185
   * SECURITY UPDATE:  DoS (crash) in ReadDIBImage.
     - debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits
       per pixel are not colormapped.
     - CVE-2018-20189
   * SECURITY UPDATE: Stack-based buffer overflow in the function
     SVGStartElement.
     - debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while
       parsing quoted font family value.
     - CVE-2019-11005
   * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage.
     - debian/patches/CVE-2019-11006.patch: Detect end of file while reading
       RLE packets.
     - CVE-2019-11006
   * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage.
     - debian/patches/CVE-2019-11007-1.patch: New function to reallocate an
       image colormap.
     - debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one
       PixelPacket) of image colormap.
     - CVE-2019-11007
   * SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage.
     - debian/patches/CVE-2019-11008.patch: Perform more header validations, a
       file size validation, and fix arithmetic overflows leading to heap
       overwrite.
     - CVE-2019-11008
   * SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage.
     - debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while
       reading DirectClass XWD file.
     - CVE-2019-11009
   * SECURITY UPDATE: Memory leak in the function ReadMPCImage.
     - debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero,
       or an irrationally large profile length.
     - CVE-2019-11010
   * SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and
     crash) by crafting an XWD image file.
     - debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to
       avoid crashes due to FPE and invalid reads.
     - debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed
       arbitrary memory allocation.
     - debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation
       violation and invalid memory read with more validations.
     - CVE-2019-11473
     - CVE-2019-11474
   * SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage.
     - debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than
       image->depth. Avoids potential buffer overflow.
     - CVE-2019-11505
   * SECURITY UPDATE: Heap-based buffer overflow in the function
     WriteMATLABImage.
     - debian/patches/CVE-2019-11506.patch: Add completely missing error
       handling.
     - CVE-2019-11506
Checksums-Sha1:
 adeabd2ee41d000d66870e7e16f5ffb908e31fc2 3413880 graphicsmagick-dbg_1.3.28-2ubuntu0.1_ppc64el.deb
 05c598583a9b6bb0e7551af65c8be1075e47cdf3 11583 graphicsmagick_1.3.28-2ubuntu0.1_ppc64el.buildinfo
 b50853409a6f74e9d6428b58d7203fa415946b18 634560 graphicsmagick_1.3.28-2ubuntu0.1_ppc64el.deb
 98e2716bca6c0c1c8541cf29e6fb70eb7af06432 51604 libgraphics-magick-perl_1.3.28-2ubuntu0.1_ppc64el.deb
 a95f02b2d7ffbb9621151e17bbd6b404bc34ae8f 107180 libgraphicsmagick++-q16-12_1.3.28-2ubuntu0.1_ppc64el.deb
 64057d81c22e37032814313858871c653a41ba97 278008 libgraphicsmagick++1-dev_1.3.28-2ubuntu0.1_ppc64el.deb
 b4e8d1c91d5ed56c5f28602f89a67709bf1c1fcd 1013284 libgraphicsmagick-q16-3_1.3.28-2ubuntu0.1_ppc64el.deb
 97b957d73cd372933aa9666a1cfd3f7bcad91027 1308032 libgraphicsmagick1-dev_1.3.28-2ubuntu0.1_ppc64el.deb
Checksums-Sha256:
 c40e909e32c03ba0cb0818b49f18f6ab267c8cd96750585fdc34e0d5998f13e6 3413880 graphicsmagick-dbg_1.3.28-2ubuntu0.1_ppc64el.deb
 88c2fc6859f676527134e264b0cd3787901cc4712dbd4d7aa8aaae80033964bd 11583 graphicsmagick_1.3.28-2ubuntu0.1_ppc64el.buildinfo
 cb9012f9fc9143ebb7f7db6f66d470d9c6d051fcefcd9749d41a2bdeb6679aa2 634560 graphicsmagick_1.3.28-2ubuntu0.1_ppc64el.deb
 58844e3f1b469f7c2080fbe612a106c3d1ab1625121f94b200589303a8456cec 51604 libgraphics-magick-perl_1.3.28-2ubuntu0.1_ppc64el.deb
 07bc83ba29c2b52f14fce0c5db071d4a1c2b6dd89038caa64b9b07388ff7ed51 107180 libgraphicsmagick++-q16-12_1.3.28-2ubuntu0.1_ppc64el.deb
 2e1e7afe51c18b787c709a6a108e0bfd3069bdf02dc441c9ddc12032a06e0d2f 278008 libgraphicsmagick++1-dev_1.3.28-2ubuntu0.1_ppc64el.deb
 bbd49c01e6c02a90a54a735f797ccd6da8a4b72a57955ba771096ec6b81ed359 1013284 libgraphicsmagick-q16-3_1.3.28-2ubuntu0.1_ppc64el.deb
 ac627553abd5676ebfb3516bd8cc775e2c3b6be9dd3fe7e3b12ab93a300b7834 1308032 libgraphicsmagick1-dev_1.3.28-2ubuntu0.1_ppc64el.deb
Files:
 8d572a0667e2936725fe4b6aceca8f6a 3413880 debug optional graphicsmagick-dbg_1.3.28-2ubuntu0.1_ppc64el.deb
 80400fe997a2c3fc4f6a5e4688c04c6a 11583 graphics optional graphicsmagick_1.3.28-2ubuntu0.1_ppc64el.buildinfo
 d864912b89850e6f68904059e96300bd 634560 graphics optional graphicsmagick_1.3.28-2ubuntu0.1_ppc64el.deb
 1e7c8be9c5883410a94b38651066b006 51604 perl optional libgraphics-magick-perl_1.3.28-2ubuntu0.1_ppc64el.deb
 1a55ac08c32763a13c42290a1dae9157 107180 libs optional libgraphicsmagick++-q16-12_1.3.28-2ubuntu0.1_ppc64el.deb
 92bae608b3f456080e5a5dfb1c5a4b41 278008 libdevel optional libgraphicsmagick++1-dev_1.3.28-2ubuntu0.1_ppc64el.deb
 493f718d596b92c31c74c46e12f9e94f 1013284 libs optional libgraphicsmagick-q16-3_1.3.28-2ubuntu0.1_ppc64el.deb
 373d2169146c4b721207097ccb48c35a 1308032 libdevel optional libgraphicsmagick1-dev_1.3.28-2ubuntu0.1_ppc64el.deb
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>