[SECURITY] [DLA 651-1] graphicsmagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 651-1] graphicsmagick security update
From: Brian May <bam@debian.org>
Date: Tue, 11 Oct 2016 17:40:00 +1100
Message-id: <[🔎] 20161011064000.p6efyayaat5tv2we@prune.linuxpenguins.xyz>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u4
CVE ID         : CVE-2016-7446 CVE-2016-7447 CVE-2016-7449 CVE-2016-7800
Debian Bug     : 


Various security issues were found and fixed in graphicsmagick in Debian
wheezy LTS.

CVE-2016-7446

    Heap buffer overflow issue in MVG/SVG rendering.

CVE-2016-7447

    Heap overflow of the EscapeParenthesis() function

CVE-2016-7449

    TIFF related problems due to use of strlcpy use.

CVE-2016-7800

    Fix unsigned underflow leading to heap overflow when
    parsing 8BIM chunk.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u4.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----

iQI1BAEBCAAfBQJX/IjOGBxicmlhbkBsaW51eHBlbmd1aW5zLnh5egAKCRAXhFd/
gR9urGleEACVZqbK5DxCNTWGMpeKu/BHPO9uPX6JO2RiT1A62KMV/u2GUCZKhkL7
+DixRiT5EdTNyfd6/B63S1M8ab5CwSO9wj31SyRMy6ZOaXGWc8VaN66xC7e3lKMi
p2+FmdnIG4/dBCUIqCCYpVCteKuQz7E7wI9fmg209FaBWm2qteamMrmSuYOMkvvE
sGtL2hOKzaLc7HCoXlcNUtYpNR4gEYbuRJIPinH3Wv4IznBvhbFS8kNKiDKXKJhv
1MnEjJ/yK0jBw0/p/yUgMNag4mb3YrjaEhVyCa9y9UKbByDIsSguK88kV6yVbd2u
0CkkVA2P2HY9JHpQ/EI5qoAPtfVMm1wzvdok8XasrAJHTnhUhOaXQUkr2USLQsLM
coRppqN0sxIyY3NdmGaHAtI5NJU1btkGoLjg3YwnuJPvyUdtAn+BSa4ipSosAz/A
Ov7H92NnQVUBY1eeoEdkvSnChtTGOaXenXyOXlUe+pM7/Br8yPRhy6ANTYFDalRO
IwmjWCsPFLdPro1hhda/B/86nXx5tD+yRgq9gwTzxPYB7GKG0jWq10WiB7H8hAbh
mGKfSSj6OSiV28GVSGqRyyVZs2T0qzYcPs5mCSrQYiBKs6ht1XCRVuHxSDY3ZDb4
3kuyUu5acXQu7tsZ13VlrMVciwUJIm9LBqyfTFdEqY4YG72GrOw4zA==
=YsKP
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 650-1] mat security update
Next by Date: [SECURITY] [DLA 652-1] qemu security update
Previous by thread: [SECURITY] [DLA 650-1] mat security update
Next by thread: [SECURITY] [DLA 652-1] qemu security update
Index(es):
- Date
- Thread