[SECURITY] [DLA 502-1] graphicsmagick security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : graphicsmagick
Version : 1.3.16-1.1+deb7u2
CVE ID : CVE-2016-5118
Debian Bug : 825800
Bob Friesenhahn discovered a command injection vulnerability in
Graphicsmagick, a program suite for image manipulation. An attacker with
control on input image or the input filename can execute arbitrary
commands with the privileges of the user running the application.
This update removes the possibility of using pipe (|) in filenames to
interact with graphicsmagick.
For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u2.
We recommend that you upgrade your graphicsmagick packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJXT/bFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkMuIP+wduQYavYZjWeFQnbX8YosoR
wGYQqf8OXJOpjVu7w1CEiOvDDgom3Xe2cuXu9cKjmLPQM5upBO0DL+II+MEzhiJT
FsQSEQQofg07GESgy2/W/Y25zeh5UR5WBxHVGvfqECxQpDy+FNteEmMDPY2u94Cw
ZvnBICdQQrR932404mYgFSvBL0qyWBKErOsO22XgsH8sc9ccjTJRVprvZoWZPiy6
u6wa/NY7hV2rOk0pDwHyn2CKZGrGAs5bmqx5snQWD1JvLY293soc7Vo9OlkRkVEi
ZLCk+xAEMUvmwdizaRjHuXWHGjyzHryBJm/lcI2N/S28+wFq/Zg4CHjG8Fwpj+l+
lJnoNvpRqrCm8QMAxslqClRGtVP+1zfMnnKlkPmZ+RsVOGPYWXNg3Wrm7mS+4a/l
1e45bP/iL4lHb444CEz3uneho1Lgiw4ihfjIvwbUad73j6PJkw8lORq4PDnQQN8S
e1Ci1SRlNiYlj3iXK3l7N9tUASX68yATbmpQTfQjemmGHb3uBIZJTfAyrKfU68aj
R0p+If8yDO0XMFszuZpFeU4DxoCf+r2v0H6YpKEU2RhP/d8j1ly180zfKYt406Yw
vxQb8eSqngzVKGT/bt30jjI8e187kIOdGNq2bzu7dxu8lYjezX1TTZ1Yt0FzW+sx
CC7X9F5HaYBMPZzXNd4j
=sDBO
-----END PGP SIGNATURE-----
Reply to: