Accepted nginx 1.6.2-5+deb8u5 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 12 Jul 2017 10:29:22 +0300 Source: nginx Binary: nginx nginx-doc nginx-common nginx-full nginx-full-dbg nginx-light nginx-light-dbg nginx-extras nginx-extras-dbg Architecture: source all amd64 Version: 1.6.2-5+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Kartik Mistry Changed-By: Christos Trochalakis Description: nginx - small, powerful, scalable web/proxy server nginx-common - small, powerful, scalable web/proxy server - common files nginx-doc - small, powerful, scalable web/proxy server - documentation nginx-extras - nginx web/proxy server (extended version) nginx-extras-dbg - nginx web/proxy server (extended version) - debugging symbols nginx-full - nginx web/proxy server (standard version) nginx-full-dbg - nginx web/proxy server (standard version) - debugging symbols nginx-light - nginx web/proxy server (basic version) nginx-light-dbg - nginx web/proxy server (basic version) - debugging symbols Closes: 868109 Changes: nginx (1.6.2-5+deb8u5) jessie-security; urgency=high . * Handle CVE-2017-7529 Integer overflow in the range filter (Closes: #868109) Checksums-Sha1: 2527db1f794788a538971737d27a2cddcb09b7db 2965 nginx_1.6.2-5+deb8u5.dsc 0b1e85bfff8267d58ab82dc8f567d4c779b2 611576 nginx_1.6.2-5+deb8u5.debian.tar.xz 8ab91f3c757bee9988ddc63d23a1453761c778a8 72646 nginx_1.6.2-5+deb8u5_all.deb 2ceb850de8582c163fff74933ef5ab69a40b30c0 84094 nginx-doc_1.6.2-5+deb8u5_all.deb a62623a0d02ef1af93e7cdfa794c0e90ed291777 88004 nginx-common_1.6.2-5+deb8u5_all.deb 4eb390d9973d4de27cd6140ed7958cca23472e3f 430500 nginx-full_1.6.2-5+deb8u5_amd64.deb b87690f1b5143cc555876ffce72d657aa2ab6b8c 3145982 nginx-full-dbg_1.6.2-5+deb8u5_amd64.deb 6ae0ecf6929cd932b52970a3edf4664bfd85ae2a 333136 nginx-light_1.6.2-5+deb8u5_amd64.deb a9dd80ad12d3380e1ba5e4ab436f0056f45f7686 2179620 nginx-light-dbg_1.6.2-5+deb8u5_amd64.deb a7738eca627e0463b9d00f559368181b28cd1c84 595492 nginx-extras_1.6.2-5+deb8u5_amd64.deb 91b180712bca4eaa315579706fa445dab02c52b2 4979316 nginx-extras-dbg_1.6.2-5+deb8u5_amd64.deb Checksums-Sha256: 70d8e0fca4155ee7efee3b052a5182b7aa8300f68e4e7e07d7b4c70fa6036705 2965 nginx_1.6.2-5+deb8u5.dsc 0775bf1407067b888ab3cb4d2325a81e4c74eae30f753f1b38d0a52fa1f7e9d3 611576 nginx_1.6.2-5+deb8u5.debian.tar.xz 207d94e1110dc1ab751078a78ac73e2479970115a869f040567c078be3de0c55 72646 nginx_1.6.2-5+deb8u5_all.deb 67dc496a3d39078dbe734b9a1173265a28e8ea7f201329e4b894c704f837c437 84094 nginx-doc_1.6.2-5+deb8u5_all.deb af32af58e7a89d0f6f6aa85eeef59168536405c4ec0196e3c0bc5d176bb82949 88004 nginx-common_1.6.2-5+deb8u5_all.deb 5de2491552a365bc5bd33185a78e689efa4ba4e613e3b3f01bf8443ab773c6d6 430500 nginx-full_1.6.2-5+deb8u5_amd64.deb 61e3fc92e9df588bffa95e638df389ee425c134ec5fdd71c307ff67352791316 3145982 nginx-full-dbg_1.6.2-5+deb8u5_amd64.deb 77c0cb01f56b8f9530dd510fd601f348cdc1e77cfc0a7d2e89ccddbc991a4345 333136 nginx-light_1.6.2-5+deb8u5_amd64.deb 4ffa7af8c897545e3a73a32a076ce242f461a7c2c635e26632a0fa6d855a5b10 2179620 nginx-light-dbg_1.6.2-5+deb8u5_amd64.deb 622103e16fccc11d70fa1cce8afa99cfd3bf83ee97090ec49f9d96254a36011b 595492 nginx-extras_1.6.2-5+deb8u5_amd64.deb 463128befba5ba561938d6639d8086c747bf4e5f09ad71cbea5932265339cf26 4979316 nginx-extras-dbg_1.6.2-5+deb8u5_amd64.deb Files: f6c3096ccb162de4d5823e48c74f7166 2965 httpd optional nginx_1.6.2-5+deb8u5.dsc 27edceb6b52a57ca76af729f5b1ccb86 611576 httpd optional nginx_1.6.2-5+deb8u5.debian.tar.xz b59ccad401b9c2328769bba45e5c2038 72646 httpd optional nginx_1.6.2-5+deb8u5_all.deb 0018600bf428cfe1a1663eedab4b9a92 84094 doc optional nginx-doc_1.6.2-5+deb8u5_all.deb 403ef8f2b60bbfb2e9aee5ea113369e6 88004 httpd optional nginx-common_1.6.2-5+deb8u5_all.deb 93ba37dd8eff3ca894990a54d5b78bbf 430500 httpd optional nginx-full_1.6.2-5+deb8u5_amd64.deb b25ba045f9bb4996982c5ae92840891e 3145982 debug extra nginx-full-dbg_1.6.2-5+deb8u5_amd64.deb 6d4f755cc392024f8117ce4f1c205cf8 333136 httpd extra nginx-light_1.6.2-5+deb8u5_amd64.deb 13ae7d750d505df27b88c9545a305528 2179620 debug extra nginx-light-dbg_1.6.2-5+deb8u5_amd64.deb 7d6be0e4ddc8db9c014d96d3832bc507 595492 httpd extra nginx-extras_1.6.2-5+deb8u5_amd64.deb a2ad537b700d7c7b97c39eb9426cf7b4 4979316 debug extra nginx-extras-dbg_1.6.2-5+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEf2SPbCEjyY+zKcgrETYmAKdH7NkFAlll8CQACgkQETYmAKdH 7NmsjQ//TWj91BewH4/RMWk/H4A7mPb9CRzSf8IaNeK2CQlI1Zg5zEyS2ClaDurs 2CsmA/j9I6P310H1XI3KykurE16O/k9lNbvFqSUyUaYPeVHQBtItjkQlaK0nxXL/ 82Q+CM1p8+fY5lWYhJV5DFjcrbm8R1os8aneNvL83MpSzPGZ3ywaR08L1K/rz6lA 5/khAgOIRdPV31/H61sc13Gv5d8Ix0MaJdLyPhR7hPAT17NvtHpRKb0fZwTGT0Vo sbt6i0kaEsnStiDVgbWKsL3oNH/KZkPykBDF5FoaUr+p4gGrxC623XbykUbmwgj1 Edgun4zZdSSQExMu8HrinbIJLJVKf45KrwmdruJngsjblrQNDczUqJI29nAsJQU3 U+5To2pexBrC4XZPfSMftAu18W8vrAkR+VEfNnF6vAUArzoCDcmw8/VpfDNESwKq K8qmPOqwCLuksS9JW4p4Zeo5qnhuaO25B1Te076nsLbZW3v6D7hwflw8M8tWGNhy IIs/sIsEI7WpVYfU8s
Accepted apache2 2.4.25-3+deb9u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jul 2017 20:37:33 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-utils apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-ssl-dev apache2-dbg Architecture: source amd64 all Version: 2.4.25-3+deb9u2 Distribution: stretch-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Stefan Fritsch Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-ssl-dev - Apache HTTP Server (mod_ssl development headers) apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) Changes: apache2 (2.4.25-3+deb9u2) stretch-security; urgency=medium . * CVE-2017-9788: mod_auth_digest: Fix leak of uninitialized memory Checksums-Sha1: dacb6fe4bad686f0c0667e27fe42d229d59fbd66 2986 apache2_2.4.25-3+deb9u2.dsc af595142656e8c4b34be07f97ba9170b504e7e07 697952 apache2_2.4.25-3+deb9u2.debian.tar.xz 93a97605bb009d6ea84cb39c0d2db899d784299d 1180034 apache2-bin_2.4.25-3+deb9u2_amd64.deb 93b2b4668eab19d558ca818452e674287f673479 162162 apache2-data_2.4.25-3+deb9u2_all.deb e1739e673a3c1301a523f6641d2ac8cb3c3dca50 4001394 apache2-dbg_2.4.25-3+deb9u2_amd64.deb 1a0a909689e22571167d5765b09914c243e1e115 313118 apache2-dev_2.4.25-3+deb9u2_amd64.deb 74e60860097fb77543558a10b7ef6ecc304b2396 3770150 apache2-doc_2.4.25-3+deb9u2_all.deb b27c77564983edba3ad183cc7a5212801133920c 2264 apache2-ssl-dev_2.4.25-3+deb9u2_amd64.deb 1cbfb4f7aed40724d4734162191e441807c68493 154630 apache2-suexec-custom_2.4.25-3+deb9u2_amd64.deb a6a6b75ab9b065d1f52fba4e7ea92d6567261229 153156 apache2-suexec-pristine_2.4.25-3+deb9u2_amd64.deb 4eeb5e76e8ac1ed12c6fdcb9d2f0c0468a54b50e 216528 apache2-utils_2.4.25-3+deb9u2_amd64.deb 367a7a7828d6d3a4f8ae1c3017bf48e4173d93ff 9685 apache2_2.4.25-3+deb9u2_amd64.buildinfo 71e56d993af35324290a69a4246dd080bb764337 235148 apache2_2.4.25-3+deb9u2_amd64.deb Checksums-Sha256: c919d5adbd5027a3401a1768bc1e73587366fea8e16ac687a292b296336a5f87 2986 apache2_2.4.25-3+deb9u2.dsc 47137850b92ea03285e0f57b2ce64c2749612995a1a9b284b1c1abbb375ccfe4 697952 apache2_2.4.25-3+deb9u2.debian.tar.xz eee8dce1fcae6c3504a420ba1d1fd783d676b29e90ecf270592a0e92d09752dc 1180034 apache2-bin_2.4.25-3+deb9u2_amd64.deb 0f532bfb133a0cafcd00dfea9a82a503e05cb618ef598a36c0d7688b434213e6 162162 apache2-data_2.4.25-3+deb9u2_all.deb 144a2eeff9f7fc1e1d35e5c1e4d594cf9ad22433971a4d2f8cba14e2028b9315 4001394 apache2-dbg_2.4.25-3+deb9u2_amd64.deb 22a7945c2757cffc957f19dfa81e0792f1554b92fbb26e99328a604eded39d20 313118 apache2-dev_2.4.25-3+deb9u2_amd64.deb c622a76f5f758e92d4ccffabed75598484bae83c0968bb80d77bcc1c7339c130 3770150 apache2-doc_2.4.25-3+deb9u2_all.deb 6ebcb55096ce0518d7fefb5b79dc491b21eb3626087a0d651eafbdf180a9b91f 2264 apache2-ssl-dev_2.4.25-3+deb9u2_amd64.deb 298aac43097bc0f310dcbd0bff519e4c6cd76e966a5593d41fc42847574dc08e 154630 apache2-suexec-custom_2.4.25-3+deb9u2_amd64.deb cc6550e40013022d33353a460903ebfe7696a44a5cd404a02e23910ed1f68038 153156 apache2-suexec-pristine_2.4.25-3+deb9u2_amd64.deb 9562aacafb42cb6b08acbcc479487e9556fadcb180e7b6743696f1d9b0a6d5b4 216528 apache2-utils_2.4.25-3+deb9u2_amd64.deb 14de3de522404bb92562eeef12a17f929b3c5564386e62c3e0ebf79c0b08c2ca 9685 apache2_2.4.25-3+deb9u2_amd64.buildinfo 1d4da041f9d75f2fce6fd170b0ee74ab57c6e968f3da730e5f34eb5804e6a2aa 235148 apache2_2.4.25-3+deb9u2_amd64.deb Files: aafd418429e6c61e269f7cfbd4c8e37e 2986 httpd optional apache2_2.4.25-3+deb9u2.dsc 2cb1813a314d59fce038f6cd3f88631f 697952 httpd optional apache2_2.4.25-3+deb9u2.debian.tar.xz 7f832796b414cd3bbc031e8d7b01e01c 1180034 httpd optional apache2-bin_2.4.25-3+deb9u2_amd64.deb a3aa0a84be555e01f87fa7f5503b4217 162162 httpd optional apache2-data_2.4.25-3+deb9u2_all.deb eec6318f071dfb7d5b8dccedc7d5db29 4001394 debug extra apache2-dbg_2.4.25-3+deb9u2_amd64.deb 6765eb59a9121226bde6610c7079fdf5 313118 httpd optional apache2-dev_2.4.25-3+deb9u2_amd64.deb 3cfa45cc2a4e497dcfb324f28ebd80e9 3770150 doc optional apache2-doc_2.4.25-3+deb9u2_all.deb 2563eaa6c77d4c21c2e5e71d6131809c 2264 httpd optional apache2-ssl-dev_2.4.25-3+deb9u2_amd64.deb 515524c16d4db41b08a5de0647b30a95 154630 httpd extra apache2-suexec-custom_2.4.25-3+deb9u2_amd64.deb a0269b032022d29c6212c8ff74b86664 153156 httpd optional apache2-suexec-pristine_2.4.25-3+deb9u2_amd64.deb b509377ca37975d449a1595bcd416327 216528 httpd optional apache2-utils_2.4.25-3+deb9u2_amd64.deb 0d2c8e4bfac418c3f31cea19bb43e978 9685 httpd optional apache2_2.4.25-3+deb9u
Accepted atril 1.16.1-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jul 2017 06:59:09 +0200 Source: atril Binary: atril atril-common libatrilview3 libatrilview-dev libatrildocument3 libatrildocument-dev gir1.2-atril Architecture: source Version: 1.16.1-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: MATE Packaging Team Changed-By: Santiago Ruano Rincón Description: atril - MATE document viewer atril-common - MATE document viewer (common files) gir1.2-atril - GObject introspection data for Atril libatrildocument-dev - MATE document rendering library (development files) libatrildocument3 - MATE document rendering library libatrilview-dev - MATE document viewing library (development files) libatrilview3 - MATE document viewing library Closes: 868500 Changes: atril (1.16.1-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload * Add 0001-CVE-2017-183-comics-Remove-support-for-tar-and-tar-like-command.patch Fixes a command injection vulnerability in CBT handler. CVE-2017-183 (Closes: #868500) Checksums-Sha1: b81cba34e81a6a31363922d52c419e32290682e2 2890 atril_1.16.1-2+deb9u1.dsc 5ee0a110b6ecacde4bdfaaa35cad197a3ddcc56c 1305180 atril_1.16.1.orig.tar.xz 6fbe08895066f5ce31b4d4c924a5bb4dc0e5bf21 15332 atril_1.16.1-2+deb9u1.debian.tar.xz e33bc6c37b640de627fdfc0b5cad032327485aa9 16006 atril_1.16.1-2+deb9u1_source.buildinfo Checksums-Sha256: aa61dec257dbca8b9fe578220448f9cbb1c087838dc3fb7e0e6198db789cf692 2890 atril_1.16.1-2+deb9u1.dsc 7d0017af51933411466785a342bcc8b216df45b6a934d73d5773dae211bae4a3 1305180 atril_1.16.1.orig.tar.xz 4a9a2a6a8cbe4dc45642257f55511f2525615a5cc163672b21c0d72cbc5fa3f2 15332 atril_1.16.1-2+deb9u1.debian.tar.xz cf62f32e74f54acb36a8a8b8ce4d77f292f6a1b2987a40297cac7542d55351dc 16006 atril_1.16.1-2+deb9u1_source.buildinfo Files: a34072c83c2f8bd616632d7e73d8b786 2890 x11 optional atril_1.16.1-2+deb9u1.dsc 5b420e04cf3eabc8fbe50ad02743c956 1305180 x11 optional atril_1.16.1.orig.tar.xz 8141a230b45676265d84ee0798052a64 15332 x11 optional atril_1.16.1-2+deb9u1.debian.tar.xz 90f0fed33739c5fab26b5824bad9d4d5 16006 x11 optional atril_1.16.1-2+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZBjBLN3JFZ8LzvKD3m/9uMjWSL0FAllxxwwACgkQ3m/9uMjW SL1d7w//e38mg1/jakNmn3jF00bQJ7QpZTK0ZkwAghFtFi5FX5MY4l3Xv/pBNeot axrFcbjLkU9C+9zK5iVPnBUyvPhsAgAFiEd51R62bduSuZYMIvj6EdHAn1PeaxJL m6OEeRJhQg+DBG6Ys+8zdPz/h7AdkdTJnTiH+T+w4gpywJ4WfzwDZPJQ29BYZ8lM jTWi3pOoI0Q2ZvwN1d40aNS1PkbrjKxT3pVHSoLZyoTnMvlJdgivuRIIe2NC5hqf H25Pi3OxRYqogPLMzKES5CaVvaAaBLu2rgSMVG/PL+jhyPRGEFylMgqK0/UH72vE lgOfHYjRgx7DAsrlj1GewjxbpX8ndwx4AArM1qtUuQDvovfY8/yqEKSTilcMdaMM njhexh9r7iR7YmgA+vsa6JyscajAMO+cdrhkhyPLdLIe6EW2RgzFNMKBBD+pCt+v 9EUIlNYS3VvGBz8sFM2v3WeTSC03QZR+YO1FclT6wx6Zs+IHSv3yKmS/AZyqkrmb xb2n475YJNt/v10dYiEasV+iw2/G3uNYZTclDzvqsLJ1BMFp9qj0zp5D2GVi/S4d dKm/rUEPn3wyUVCmmvNQHZbQJxMNwtmLQIpxztJ9bNFFziLRh20j1YNDBnPDx6t4 o2egynL3I2iyYxCyBU+2B/cQI7OQWeXly9sIG+KwUbls/c1RBlI= =7Zr4 -END PGP SIGNATURE-
Accepted imagemagick 8:6.9.7.4+dfsg-11+deb9u1 (source all amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jul 2017 15:56:50 +0200 Source: imagemagick Binary: imagemagick-6-common imagemagick-6-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagick++-6.q16-7 libmagick++-6.q16-dev libimage-magick-q16-perl imagemagick-6.q16hdri libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libimage-magick-q16hdri-perl imagemagick-common imagemagick-doc perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev imagemagick Architecture: source all amd64 Version: 8:6.9.7.4+dfsg-11+deb9u1 Distribution: stretch-security Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Description: imagemagick - image manipulation programs -- binaries imagemagick-6-common - image manipulation programs -- infrastructure imagemagick-6-doc - document files of ImageMagick imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-6.q16hdri - image manipulation programs -- quantum depth Q16HDRI imagemagick-common - image manipulation programs -- infrastructure dummy package imagemagick-doc - document files of ImageMagick -- dummy package libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libimage-magick-q16hdri-perl - Perl interface to the ImageMagick graphics routines -- Q16HDRI ve libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-7 - C++ interface to ImageMagick -- quantum depth Q16 libmagick++-6.q16-dev - C++ interface to ImageMagick - development files (Q16) libmagick++-6.q16hdri-7 - C++ interface to ImageMagick -- quantum depth Q16HDRI libmagick++-6.q16hdri-dev - C++ interface to ImageMagick - development files (Q16HDRI) libmagick++-dev - object-oriented C++ interface to ImageMagick -- dummy package libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-3 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-3-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-6.q16hdri-3 - low-level image manipulation library -- quantum depth Q16HDRI libmagickcore-6.q16hdri-3-extra - low-level image manipulation library - extra codecs (Q16HDRI) libmagickcore-6.q16hdri-dev - low-level image manipulation library - development files (Q16HDRI libmagickcore-dev - low-level image manipulation library -- dummy package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-3 - image manipulation library -- quantum depth Q16 libmagickwand-6.q16-dev - image manipulation library - development files (Q16) libmagickwand-6.q16hdri-3 - image manipulation library -- quantum depth Q16HDRI libmagickwand-6.q16hdri-dev - image manipulation library - development files (Q16HDRI) libmagickwand-dev - image manipulation library -- dummy package perlmagick - Perl interface to ImageMagick -- dummy package Closes: 863126 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264 Changes: imagemagick (8:6.9.7.4+dfsg-11+deb9u1) stretch-security; urgency=high . * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126) + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c,
Accepted ruby-mixlib-archive 0.2.0-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jul 2017 17:42:56 +0300 Source: ruby-mixlib-archive Binary: ruby-mixlib-archive Architecture: source all Version: 0.2.0-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Ruby Extras Maintainers Changed-By: Hleb Valoshka <375...@gmail.com> Description: ruby-mixlib-archive - simple interface to various archive formats Closes: 868572 Changes: ruby-mixlib-archive (0.2.0-1+deb9u1) stretch-security; urgency=high . * Prevent directory traversal attack CVE-2017-126 (Closes: #868572) Checksums-Sha1: 723b19124e5530c78621cda3fd97944bc833 2164 ruby-mixlib-archive_0.2.0-1+deb9u1.dsc 7c78dfae2fc9254f4a4358ace48795377e65f486 8207 ruby-mixlib-archive_0.2.0.orig.tar.gz 24934e375655bde8c10a496bc1863ec70c5b6a42 2604 ruby-mixlib-archive_0.2.0-1+deb9u1.debian.tar.xz 41eed2bedec8988ec23428cc3e949577d93bbf5e 4578 ruby-mixlib-archive_0.2.0-1+deb9u1_all.deb 721e7e02be1102a0ca055b77ce5d116275c8df1c 6881 ruby-mixlib-archive_0.2.0-1+deb9u1_amd64.buildinfo Checksums-Sha256: e5444ea0f13e51c2a95bcbe7221bce43ea5c710294b25cedcee844fc958d5cb1 2164 ruby-mixlib-archive_0.2.0-1+deb9u1.dsc f29b7c00bb698e2d18fb67b13bf12eb4ab12ede74e0470d4f368d31499602105 8207 ruby-mixlib-archive_0.2.0.orig.tar.gz ca5638a2a8d2fa9b3166ead0c8c77d1646186b6d90de2cc9100cff6aebc7f185 2604 ruby-mixlib-archive_0.2.0-1+deb9u1.debian.tar.xz ebe609d749812a243b8941b453bc875efb56cf4b245731149c4e98815f8307f8 4578 ruby-mixlib-archive_0.2.0-1+deb9u1_all.deb 5f75d6e63d384db7f91db69abc83479443fd3fe2ec3aeeb0489f08d36421a8a3 6881 ruby-mixlib-archive_0.2.0-1+deb9u1_amd64.buildinfo Files: 970012f0cb67efb746ef1997663d919f 2164 ruby optional ruby-mixlib-archive_0.2.0-1+deb9u1.dsc 7d13c5b0835c17b88595a9231b09a68d 8207 ruby optional ruby-mixlib-archive_0.2.0.orig.tar.gz b39ad56eda34de7b67a75dab3b6cde2c 2604 ruby optional ruby-mixlib-archive_0.2.0-1+deb9u1.debian.tar.xz c004f431c9a26a7bc99b0b01bd5b5f58 4578 ruby optional ruby-mixlib-archive_0.2.0-1+deb9u1_all.deb 63d9dfe11190e5428fa65a2fc4bfa141 6881 ruby optional ruby-mixlib-archive_0.2.0-1+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAllwqm8ACgkQ+COicpiD yXzExxAApdmQE7k4m0TWl81rH9q2wNBmdthMcQaP3Io19So4Af2QJMbIVdG/J0Sj kVRsCUcCMiJD/QOnCdx0T1xVgKJamqkLAs7NNgJuUNejMmfZHl0YIBdlikVo3Oi9 jz2rPg92H2c2Y8JlS8SQQVpzbekldfx9iPFUu3RaPo9+5sOkA2qid8nLcHvYmRGW 8NhSPJQ6WoU7P3B/2VAzoU1VrtTia6ZNC+xD+Boqciz0VYFVkozwJkUnL0muUkv/ iDhNJKVuYzPSq3J/JUzHx8W3+8PUCFZaWNYV2WLAzFHGfkzRxyiYyPt2U7K7Lkj4 Tjr1USBrfDdXFFqE/2GKlqasdkZZEug1i5Zsnr0tHP8Tm4Xe2otv6XVi3VZbdxw3 H6bT1zEUHA8wSCr1/GcmZMgIrjFZnZ3JjCp5JGu1cHyb6QlmVoJhVV5RaLPOBHDy Jufk8wlqSk9gHOOxL4XG0PqdIqdGSegI+bbUXJITtLiRJFWkOCTHL6ghDfOAXu5Z 6nn0RoH6O3VBigqBY7y13vTCJlWwZe5VNF0R8TKt7hSMVmjlucuc/o5u6bqDZmsg re9zJq2RZAzy82D5TvSZPxh8mJPVt+JoxTYZwhFsuyyJbajrWjiZrFiJ6fJUxEir t4tyrXrIueadhb2l3nhIk5LX4OSattGmqH6QVGfPgbYIqurbKUQ= =okiz -END PGP SIGNATURE-
Accepted atril 1.8.1+dfsg1-4+deb8u1 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jul 2017 07:00:08 +0200 Source: atril Binary: atril atril-dbg atril-common libatrilview3 libatrilview-dev libatrilview3-dbg libatrildocument3 libatrildocument-dev libatrildocument3-dbg Architecture: source all amd64 Version: 1.8.1+dfsg1-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: MATE Packaging Team Changed-By: Santiago Ruano Rincón Description: atril - MATE document viewer atril-common - MATE document viewer (common files) atril-dbg - MATE document viewer (debugging symbols) libatrildocument-dev - MATE document rendering library (development files) libatrildocument3 - MATE document rendering library libatrildocument3-dbg - MATE document rendering library (debugging symbols) libatrilview-dev - MATE document viewing library (development files) libatrilview3 - MATE document viewing library libatrilview3-dbg - MATE document viewing library (debugging symbols) Closes: 868500 Changes: atril (1.8.1+dfsg1-4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload * Add 0003-CVE-2017-183-evince-comics-remove-tar-commands-support-3-10-3.patch Fixes a command injection vulnerability in CBT handler. CVE-2017-183 (Closes: #868500) Checksums-Sha1: ac1da8eefdb9b260dda5f96c0de7a81773677f5e 2978 atril_1.8.1+dfsg1-4+deb8u1.dsc 1373d4119fe224d8a6515fd3a4d8a56f0ef00c4a 894092 atril_1.8.1+dfsg1.orig.tar.xz ba2ad685871ed1945ba37be7d13bbdba288bdb35 13984 atril_1.8.1+dfsg1-4+deb8u1.debian.tar.xz 952f6bbbf2a53a3b2be82ca75ba1c44682cb7149 392578 atril-common_1.8.1+dfsg1-4+deb8u1_all.deb 028c84784badc4076afa4da1b330a572bc1d50a7 152518 atril_1.8.1+dfsg1-4+deb8u1_amd64.deb 84b03b9d6eb44c2574c44e8aa1b5cc569d785785 705828 atril-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb bceb347659f0684a6e9a46d343e1698437c892df 94126 libatrilview3_1.8.1+dfsg1-4+deb8u1_amd64.deb bfbd8959233539f337fd6c938cfddc214342c6db 13950 libatrilview-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb 68cd4b9301c725b0cf629ead6e695bc753d1b8fb 310632 libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb e49179ff4710a7b3b253065e1e702ce0983392ca 183198 libatrildocument3_1.8.1+dfsg1-4+deb8u1_amd64.deb e879a8fdf5a334c8d06739de88daeae2d0b8acec 24100 libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb dba4d343edc35fb5aadec24cc7b5d9f6a2307a84 549242 libatrildocument3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb Checksums-Sha256: 1a397ddb0f77ee92b66234a6225f212488ae0735ff85f31e04560a9bf0fd880e 2978 atril_1.8.1+dfsg1-4+deb8u1.dsc 4405c1ccbfa41870aaed97701d6be28cc487f1411788ad6f77d104ce9cf6ecc1 894092 atril_1.8.1+dfsg1.orig.tar.xz c211c8b4ff2fe20539d8f5ce4f9db96152763eeb0c090ea8a3793e2ab3d3ec44 13984 atril_1.8.1+dfsg1-4+deb8u1.debian.tar.xz 0ca22ef95602103c552a2ae8d6dbb999daada52fe0dfc9d30d3e06fa32dce0ab 392578 atril-common_1.8.1+dfsg1-4+deb8u1_all.deb 7a59937f6956bd28f7f0227d185c09930ac64037ad0e1aae66b11ce49f3ac56b 152518 atril_1.8.1+dfsg1-4+deb8u1_amd64.deb 76aa4097340cd86ea5dc25f40c925d9a972bbbc5c93cd5385afa46bb4da792d8 705828 atril-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb 40074a009d45ddb47e771dfc4a98090ea8a3c01e33d114b97e2e956ef8f1f458 94126 libatrilview3_1.8.1+dfsg1-4+deb8u1_amd64.deb ac24ab6b834e9107fd727e510894be479c7dc1e7def6c4828797ffb98981b4e2 13950 libatrilview-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb 365d5f9c219c0c698aee027589d7b18261284c68672e1e38002211597d8e8dac 310632 libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb 4f629e0cb6c18e730e69f94f77c0eed31fadbcf86d139e214b9fb1ad57faa83e 183198 libatrildocument3_1.8.1+dfsg1-4+deb8u1_amd64.deb 5281584f1abafb2e9369ae193b37a015054a7f563ec7cb1646edb3ea98cfcc38 24100 libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb ef0a0c8d9aba357646cbb522ae5a04b0dc00c5e9024142da030b4d106572845e 549242 libatrildocument3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb Files: cb2107692abfd2ea19af67494c701a35 2978 x11 optional atril_1.8.1+dfsg1-4+deb8u1.dsc 44df9fcc478f90ad483b1bd32dd2a67a 894092 x11 optional atril_1.8.1+dfsg1.orig.tar.xz e6bbc203450f957f462bdfbaca3b45b4 13984 x11 optional atril_1.8.1+dfsg1-4+deb8u1.debian.tar.xz 5aa09164d50c90a5d6a1e8f662af7847 392578 x11 optional atril-common_1.8.1+dfsg1-4+deb8u1_all.deb 1501082bdf2f96232b4278b8c58c8be5 152518 x11 optional atril_1.8.1+dfsg1-4+deb8u1_amd64.deb 5fba1dc90a84b6a3bc68fb022a5cf786 705828 debug extra atril-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb f0c7805988bd295993aceb201c8bfebd 94126 libs optional libatrilview3_1.8.1+dfsg1-4+deb8u1_amd64.deb 8ff65c5c3b6c92283ddd0854ae261737 13950 libdevel optional libatrilview-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb e2b2427d8e530e0b5f6fa86d41d8 310632 debug extra libatrilview3-dbg_1.8.1+dfsg1-4+deb8u1_amd64.deb cc0664b079950308d9db45e2a67a45d9 183198 libs optional libatrildocument3_1.8.1+dfsg1-4+deb8u1_amd64.deb 429c2f6bde4ac2fac6a6c94c946349d0 24100 libdevel optional libatrildocument-dev_1.8.1+dfsg1-4+deb8u1_amd64.deb ca92dc27a5803026c12f8541a9f34cb3 549242 debug extra libatrildocument3-dbg_1.8.1+dfsg1-4
Accepted imagemagick 8:6.8.9.9-5+deb8u10 (source all amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 15 Jul 2017 10:32:14 +0200 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u10 Distribution: jessie-security Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 863126 863833 863834 864087 864089 864273 864274 867367 867721 867778 867798 867806 867808 867810 867811 867812 867821 867823 867824 867825 867826 867893 867894 867896 867897 868184 868264 Changes: imagemagick (8:6.8.9.9-5+deb8u10) jessie-security; urgency=high . * Fix security bugs: + Previous CVE-2017-9144 fix was incomplete. A crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c (Closes: #863126) + CVE-2017-10928: A heap-based buffer over-read in the GetNextToken function in token.c allows remote attackers to obtain sensitive information from process memory or possibly have unspecified other impact via a crafted SVG document that is mishandled in the GetUserSpaceCoordinateValue function in coders/svg.c. (Closes: #867367). + CVE-2017-9500: An assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. (Closes: #867778). + CVE-2017-9501: An assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. (Closes: #867721). + CVE-2017-9440: A memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. (Closes: 864273). + CVE-2017-9439: A memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. (Closes: #864274). + CVE-2017-11188: CPU exhaustion in ReadDPXImage Because dpx.file.image_offset is a unsigned int, it can be controlled as large as 4294967295. This will cause ImageMagick spend a lot of time to process a crafted DPX imagefile, even if the imagefile is very small. (Closes: #867806) + CVE-2017-11141: memory exhaustion in ReadMATImage When identify MAT file, imagemagick will allocate memory to store data in function ReadMATImage. Modifying MAT's MATLAB_HDR field can cause ImageMagick to allocate a anysize amount of memory, this may cause a memory exhaustion (Closes: #868264) + CVE-2017-11170: memory exhaustion in ReadTGAImage When identify VST file, imagemagick will allocate memory to store data in function ReadTGAImage in
