-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Nov 2017 19:52:34 +0100 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.16-1.1+deb7u13 Distribution: wheezy-security Urgency: high Maintainer: Daniel Kobras <kob...@debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.16-1.1+deb7u13) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-16352: Graphicsmagick was vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag. * Fix CVE-2017-16353: Graphicsmagick was vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked. Checksums-Sha1: 97685057d8e8d191232a314f7e05030a9f227185 2837 graphicsmagick_1.3.16-1.1+deb7u13.dsc 50fc2d21697d588c30ebfb2252e5cdeb72b4b7e6 203294 graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz d9a55a76c2755ed6c7b3a248182c32017b25fc61 1033614 graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb 72a2ae164b8e3f38c0d5a3d5b47ee0226f42a744 1327820 libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb f5d66a399b646788b47b28fb172b215187c22b35 1824950 libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb 0893756ff5d2c1b0d5933a19bb465879429c6dd6 155596 libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb e0bd3a380406213f31b53c7cc11a0196bef68a6d 407972 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb aac097116e3523c3a07335386b70c7bb9d24426b 84954 libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb 754c9208ace1fcd2fc1f112717c538c3df6d5adf 3272398 graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb 184e04a738b02047fce25a9d8fb3214eaa1698d1 19138 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb e083b5deb7066bb566b65db8d209c207cf225dcc 22682 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb Checksums-Sha256: 61f7e06e372d59e56be3ce602121a4291f33a9ba1fb28f0e07efdf09d521c00d 2837 graphicsmagick_1.3.16-1.1+deb7u13.dsc 7827bfb1f01d87910dc9938b5e72986a8e0aac509315e7041ef6eef7f96fb6d1 203294 graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz e6c1d18ef9f0a232f9ee3afba4978d3287969f376b2925d5b8fceb1df6fab68a 1033614 graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb c72d819e485e67f62be6285f6864e22b6f9f0a4b6a22843ff37e48068b88fc7f 1327820 libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb fc5cbf290262633c4d1549f1983f1a23b7c038c1e547174892ec418a4adf7933 1824950 libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb c92f6ccdd8a007b4a3825f29f1426e32184541a1e6c26e2b4a30e3b08f7c33b7 155596 libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb aa1974075169423ec1b13de7d38fca0c1b3499e9de05aebf5e010caade0960cf 407972 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb 7aab91c9ddfcbbeef64bf85548f3d590d93d4ccd8402fb261ec2d0d756830e10 84954 libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb d95a7d3b740a1333ea8ea4e676483397172ba57d0d7df2d564f8b04f99b560ce 3272398 graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb e8e2ad59b5146fb68b9946fa8053df1c2b4d1e7440937211818131ba090d2eff 19138 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb 028378cee9c6d35ccbbfecdd0fc80ea8ab902e7ac2ea8ad309f2f0e6de70a347 22682 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb Files: 61366cc93f32c646e5b14a3b8120c26a 2837 graphics optional graphicsmagick_1.3.16-1.1+deb7u13.dsc c73cd8ff973aff0d7254d6e6567100ce 203294 graphics optional graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz 05095beebbd0eeb6fbb92706b309e39b 1033614 graphics optional graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb 59aff88d24bb3e9ea86c08d8f9146a01 1327820 libs optional libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb 542ed862b6a341d8498d38a7900c5887 1824950 libdevel optional libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb 905e29da70ef9c5abc7c3f46db080290 155596 libs optional libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb ee787d8f0478db536333fc496bdac3a9 407972 libdevel optional libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb 620a10d0214bb0424209890188ec9a9a 84954 perl optional libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb 3e6bc77b2e86b4529fb050b9dd715d36 3272398 debug extra graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb 53205ea172bf937e3cbec4d3a6bb4b0b 19138 graphics extra graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb b61fee764b46bf5b97b66005e86f6739 22682 graphics extra graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb
-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln8xBZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkjK0P/RTX3MTdrA213fGs8cYdnyb05pjG2sQ6q/8W rnnOf0O52qJFs1xeAUDl74t8U4hUbQBHE2Q+eVNHZZiH+tOHLhFN6qMEhcVP5XJ/ gByGTg1BEPn4e3wXT0Ebm6oQtJjJJBk3Kbp2APqGD22DnEn0qlSgRXXNDDii4Vua T1VNUQHrkTXnkPQeqfddzs8OtrmyX2Ibs2Yyjh9qcOp8ntmUDLsvzMG6OQsaTlM4 E7bSR8/omddxdg90ouHtqmSQYJshS4TEJPJJ0DwzkM3fSOBNVCMtEg4QWB2XDYwD tfPGmn46a+gb0xQbZaYrfbffbZ95mXFI3ZSDMLdbx1JKGUb7LIZZfcJnt7zPFcVQ LGYt6dxzVY4v4mj2X+BZlQMEHk1KbB7fOVdjJPSLnQgBTq84225cMxDSnuNVY4fZ AFq352muXk+INtNui07MHi43/zUOcglVJbh2gV87C8h3IlPMAmRKYoMzLNG0RQl1 PhqdBlV4g28E1IUqD2Usxbehu42D67ttSw3mOUvdnXqPALAzkm0V/d6WG7obXgcN leqmWJwTMuRrEfUoflBK1V9jQl8yj6TVkAinF131weq1vKCuYmJtB9A1iYmnBpe2 ztCM+Q7uSS6BoPNK+B96bVWdZuwnAGwwXMvmcufmqGhAX8jyKgAoJCuJ5K+OIncQ Z/inNPK4 =+n0A -----END PGP SIGNATURE-----