[SECURITY] [DLA 1045-1] graphicsmagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1045-1] graphicsmagick security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Jul 2017 18:22:23 +0200
Message-id: <[🔎] d956a1d0-44dd-ae54-941a-ba0c03bf1a67@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : graphicsmagick
Version        : 1.3.16-1.1+deb7u8
CVE ID         : CVE-2017-10799 CVE-2017-11102 CVE-2017-11140
                 CVE-2017-11403 CVE-2017-11636 CVE-2017-11637
                 CVE-2017-11638 CVE-2017-11641 CVE-2017-11642
                 CVE-2017-11643
Debian Bug     : 867077 867746 870149

Multiple security vulnerabilities, NULL pointer dereferences,
use-after-free and heap based overflows, were discovered in
graphicsmagick that can lead to denial of service by consuming all
available memory or segmentation faults.

For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u8.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAll+B75fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQnFBAApb73bWMOM0iagnY2UIC4Izs1nMoBkmqI29AagxVmIaZW4x4C09v1AoZ4
10YGLuFXWWrB6XL0OBt0mjyUFbg5DbhRzxj9P39B8cnhuA7PlKPAPjoT2KBICPFU
I50iHmxLT7ERlI6THfT/rB3OePZOfR2XnV2WVb0gbDLT0CzyNjRBV8rzN9Tsl3eC
zTwjadNpix845n27Dj9DpFfmKdsWshuDrJCK4npYXAk1FNVSCNj72RBPZDwgtgmz
NTxBW1Xdsvf+X/HHB/yF8XptPTnb3Jd+vSeG/TJL5dNXDjqbUxzUpfZ2DB4grNPQ
tPYp8Kp70OPHVxOWe2l1aNiKp3D8r3rcb9MMvng7H2BkiCr77JKOjvTIDSbsmTLu
L3wPod6kRy9Q6Z4FKeAyp/gI6Mfput55Kq5Zjw6RAt4V81Sz+CzVo4h4FwzREeTF
KZ7LjheIR5lPMOzipRln9GczAggI+DQ2RJsvaSqpuGhHJ8aq4c5aVDfJJ1wdWiZw
TB+nwZmyIDeT09zn9UevsC/bttys5BV/Qd60W7qNJEelX2H7nwhFy+irsb8Qs2MZ
qgrlrvtbyKEkQA4/22N3z/ruJYcOHvQBT2fbfJoP97SNsI5GPwUkNnh6wMc5gtoe
1fvZK+k2rbXsZk9564lIt50yR+3yfOF3sU+7QqvSZJEvqBRkyEM=
=Ln0W
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1046-1] lucene-solr security update
Next by Date: [SECURITY] [DLA 1047-1] supervisor security update
Previous by thread: [SECURITY] [DLA 1046-1] lucene-solr security update
Next by thread: [SECURITY] [DLA 1047-1] supervisor security update
Index(es):
- Date
- Thread