[SECURITY] [DLA 953-1] graphicsmagick security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : graphicsmagick
Version : 1.3.16-1.1+deb7u7
CVE ID : CVE-2017-9098
Debian Bug : 862967
Chris Evans discovered that graphicsmagick used uninitialized memory
in the RLE decoder, allowing an remote attacker to leak sensitive
information from process memory space.
More information are available at:
https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte-file-14k-bounty.html
For Debian 7 "Wheezy", these problems have been fixed in version
1.3.16-1.1+deb7u7.
We recommend that you upgrade your graphicsmagick packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkoKOVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQhLw/8DPSi/xVDVrGH4vM8XOOl3be81G0pzAcL0EqwdsAKUIFaaO+RNSaXugW+
GS8UdqVpWGjncMVwZbnHJusWvouUuiD1TsheV0DKzStOPW7NICUL2Uxjmvpcy4Qv
vH5OLDP2VwrTh9aNPBOa7EOS2Q517pfoRrVYhATg8LMJO3yO23a/ExVIVj243NJ7
6huZFB4hRXCfGIeYQDENyUDMx83jhRgundaFGUEhEU7PGb7ZpNztBu0nixGvj+p8
zf6xJ2pcmwHxwZ2IaOPIcAynOgA+U8PG0rCr89LMr5u1kDjcaI0JOPJjRMc2cVg2
Rgv+wzdbX7B2F/6971d4Sm8TPc6L0/8xQ31TkYg8cczAI6uQMJookJ8bFsZcH7FL
jtDnUy+l0KBTfsgZA2oM+5hYqOs9a8bm/5o266InlmsVAl8r2h8GJeaTty6nPo7T
tgslf/TyyWXZ5fZRQi1u0wpe65GHe9hNwFa0t5Gb7flpj2bhEtdGm0bQcaflZLSO
FUWZqFaXgCUQukkm43h5dLMq18SEFYnBFcWdKozZuHPKQbxXo5NIWVPh0gBdK+dJ
TOpJ12osswze6CDi5cJE0lhES8cWv11oZjoLCm3KUjmYibkAzxJnsjr7pnwVT3ze
gkrLU8vnXLMaTZ1eb522U5n+yoVzy6OFSL30/YFu2wYAMio4cGs=
=dND/
-----END PGP SIGNATURE-----
Reply to: