date:20240221

Accepted imagemagick 8:6.9.10.23+dfsg-2.1+deb10u6 (source) into oldoldstable

2024-02-21 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Fri, 19 Jan 2024 13:20:50 -0500
Source: imagemagick
Architecture: source
Version: 8:6.9.10.23+dfsg-2.1+deb10u6
Distribution: buster-security
Urgency: medium
Maintainer: ImageMagick Packaging Team 

Changed-By: Bastien Roucariès 
Changes:
 imagemagick (8:6.9.10.23+dfsg-2.1+deb10u6) buster-security; urgency=medium
 .
   [ Bastien Roucariès ]
   * Fix a heap based overflow in TIFF coder.
   * Avoid a DOS with malformed TIFF file.
   * Avoid a memory leak in TIFF file coder.
   * Fix a non initialized value passed to TIFFGetField().
   * Fix buffer overrun in TIFF coder.
   * In case of exception bail out early in TIFF file handling.
   * Fix unintialised value in TIFF coder.
   * Raise exception when image could not be read but no
 exception was raised in TIFF coder.
   * Fix CVE-2023-39978: a memory leak was present in
 Magick::Draw.
   * Mark rmagick test as flaky
   * Fix CVE-2023-1289: A vulnerability was discovered
 in ImageMagick where a specially created SVG file
 loads itself and causes a segmentation fault.
 This flaw allows a remote attacker to pass a
 specially crafted SVG file that leads to a segmentation
 fault, generating many trash files in "/tmp," resulting in
 a denial of service. When ImageMagick crashes, it generates
 a lot of trash files. These trash files can be large if the
 SVG file contains many render actions.
   * Fix CVE-2023-34151: A vulnerability was found in ImageMagick,
 due to undefined behaviors of casting double to size_t in
 svg, mvg and other coders.
   * Fix CVE-2023-5341: A heap use-after-free flaw was found
 in coders/bmp.c
 .
   [ Santiago Ruano Rincón ]
   * Enable ARM builds in salsa-ci.yml
Checksums-Sha1:
 7af5a1e0dd776b1c4a4b9f73ab0cb8e6f3cd17a3 5239 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc
 641b8eb20e2deb2dad12a101293e9905be6134d7 266256 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz
 44e5d1ed6445607d239733180714c5169efb4e30 31683 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo
Checksums-Sha256:
 53918c05acea7724571ec97ec111c8fa229eab843c96116854d7920e62360dee 5239 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc
 1da356e74bc3c3f1df08d1a379c8d15400989fcd5ed422dbd74b7c66153d55d6 266256 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz
 0803e5caa0253571b089c4dd56acf2d58ec4ee4b56ff6125ad70e8ed2c5c8fed 31683 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo
Files:
 22fee2c63d2be6779ce40b814873a3e2 5239 graphics optional 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc
 e49e6b6111835635e0a9f436b774ee0b 266256 graphics optional 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz
 58c5058b6e550fde8b074ec63aaeffce 31683 graphics optional 
imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmXWVQERHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+w5RAAmnd4qav2hNgnlIfp3eC1mgkHIrOrNUBl
HZNufudpnvKiefYbPsX74w+BtR9h2MKeoav+kGHpXvmlk4RTodO6fh4c/YJPEAPh
A5/2J8zkjF4M7UDBBpzLXE6nUYM6EC64gnJ8rbH+xGnVm3aly17VnCfiatKqfvAc
kc80jqdAM2AhGU9CGFFA2Q7GybSTh0/pWPtu7goBTxQdtj/JXdHV3rY1ZW0haxyk
x2WjG8yF6R76b01pNYkFbPkGJ3jEaBL2ZCyjYwnXK/+nTbCtzsnUmJfJDdzvIIlu
oZp4QTRZGDw5fTw2081r2rgwTiqJ7/IKDKoEO/dAJ8FkgFPwUSPEXlmF3PQj6kCc
8vVtHuocgzP6JF10ZV9+wovdGYOR5B063joCVOBQwzs4dJMD439LzioyD6l03dUL
eVW+PdnGys5+EEmdeQOJrzvKToRYp5LMSUxfOY9js+8RcYwjY8OOvSzr9KW3BWGT
aHDGaVs4eXNeMrS/z+XBfIQcMn/66dpF7rfX1LTFAZnpqaAtvfOFw2y6jA7KWAUo
cqKarA6zPWJAPZLQ2f/iv1GfV12wAF/xTy4pcnMNRVSb/KuC3w+8FLPevRqOBQ3q
x3RuyvNoFERgwCqdzZAavGIAZee9TH2RmmZX/hPrm3y/sJ015oHzDq+Nz7Ar5Nac
ntlUu/yPdrE=
=9ZKr
-END PGP SIGNATURE-



pgpcAnFRH9J0u.pgp
Description: PGP signature

Accepted unbound 1.9.0-2+deb10u4 (source) into oldoldstable

2024-02-21 Thread Debian FTP Masters

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Wed, 21 Feb 2024 12:06:49 CET
Source: unbound
Architecture: source
Version: 1.9.0-2+deb10u4
Distribution: buster-security
Urgency: medium
Maintainer: unbound packagers 
Changed-By: Markus Koschany 
Checksums-Sha1:
 cb19ae9923fd9576dd338e5ac77e3d56734be91d 3209 unbound_1.9.0-2+deb10u4.dsc
 746f1e7b96789c9b76b40c18abfb815ea129e0a9 50628 
unbound_1.9.0-2+deb10u4.debian.tar.xz
 15f6bcf6b8d78857e4bc3a19cc38f51c5b085191 11519 
unbound_1.9.0-2+deb10u4_amd64.buildinfo
Checksums-Sha256:
 eb3725142a45ff8211d8b2f8ab0506a58cb5503a6c7527cafb5fe072c4912fa1 3209 
unbound_1.9.0-2+deb10u4.dsc
 37e6fa5153d01ce11240287feb874978c7d3ab76b7f1203050a9a1a7bd2be5be 50628 
unbound_1.9.0-2+deb10u4.debian.tar.xz
 5a72c23c90ff576e7e0fde4a37e22007454f046901b0a02a602622f2c26af6be 11519 
unbound_1.9.0-2+deb10u4_amd64.buildinfo
Changes:
 unbound (1.9.0-2+deb10u4) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2023-50387 and CVE-2023-50868:
 Two vulnerabilities were discovered in unbound, a validating, recursive,
 caching DNS resolver. Specially crafted DNSSEC answers could lead unbound
 down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3
 hash (CVE-2023-50868) validation path, resulting in denial of service.
Files:
 bc808249dc6f81fea9fbefad3192a597 3209 net optional unbound_1.9.0-2+deb10u4.dsc
 6a7f4a95afcbeba56da58e8a1c02dc65 50628 net optional 
unbound_1.9.0-2+deb10u4.debian.tar.xz
 1b6953ed8a5df9b4880becaee239dc03 11519 net optional 
unbound_1.9.0-2+deb10u4_amd64.buildinfo

-BEGIN PGP SIGNATURE-

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmXV2Y9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkpFMP/i4KGn/jNxHxImceBerVMXTuIwFozIQrG8ES
5Hs7lB77jkMDZTV5n8IOjiO3vVKxUpDp+ydyPbv1fbDx8iU1dtOm1Dc7d5Smbm+Q
jvBviG62CEfN7vfebomFGCTRmjK5IynddNZhj+GPEVApXoJJtnc2sLbtU2lCEIsO
wnfnJMlo7IpAwZ6sK7w9HNy+X5lIX1ZwQF8+DH9EPWlxRlcFtS/CgO0p/nksHYSG
c2Hka9MklV0A+PLqx/Kl8KYOZNdf9ubWb9Yjc03qZwFNxl1yRDqueYyE3FNT1yG9
UI2CepqfvNqbVjX6xogeP6ZQUu/ZsaDdY5iiM+76jkdpZgkUFinyyKvV8IfHO6Fq
/XAjCM33UWwRQojdxWhj6ueidsuyA3rRZr155QP15INR/ip7mqmHKuCujtmaqnwb
tqG3lBAW4K1fIAgt8hEbz5M98pROhhrGb8z71pX7q06tYFNNvFVvC1USf4DJNGIS
8i1A0LWzU4S6yISpOWWvqo/hRUpXROfYUN79saJkpSbNPr5If/KmZhBypyszuIOW
ST2KsyTNWnFrX5rhHN/9X55VhdRh1Et85UMo/zCKJtCgcCRWQMx7Zg5CUZThq0k7
vfAsMzJB8gHih5OizGb/KgbiCo2Osko/IiKSHTPHl6kywlBp0F3bs0eFbBgwbzqo
6GkkO8A0
=/ePO
-END PGP SIGNATURE-



pgpdqDGlJnXvO.pgp
Description: PGP signature

Accepted imagemagick 8:6.9.10.23+dfsg-2.1+deb10u6 (source) into oldoldstable

Accepted unbound 1.9.0-2+deb10u4 (source) into oldoldstable

2 matches

Site Navigation

Mail list logo

Footer information