[SECURITY] [DLA 1401-1] graphicsmagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1401-1] graphicsmagick security update
From: Markus Koschany <apo@debian.org>
Date: Wed, 27 Jun 2018 23:28:32 +0200
Message-id: <[🔎] 1429db52-2a96-a1c3-8ce5-8c669abc42a3@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : graphicsmagick
Version        : 1.3.20-3+deb8u3
CVE ID         : CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 CVE-2016-5241
                 CVE-2016-7446 CVE-2016-7447 CVE-2016-7448 CVE-2016-7449
                 CVE-2017-11636 CVE-2017-11643 CVE-2017-12937
                 CVE-2017-13063 CVE-2017-13064 CVE-2017-13065
                 CVE-2017-13134 CVE-2017-14314 CVE-2017-14733
                 CVE-2017-16353 CVE-2017-16669 CVE-2017-17498
                 CVE-2017-17500 CVE-2017-17501 CVE-2017-17502
                 CVE-2017-17503 CVE-2017-17782 CVE-2017-17912
                 CVE-2017-17915
Debian Bug     : 870149 870157 872574 873130 873129 873119 873099 881524
                 881391 884905

Various security issues were discovered in Graphicsmagick, a collection
of image processing tools. Heap-based buffer overflows or overreads may
lead to a denial of service or disclosure of in-memory information or
other unspecified impact by processing a malformed image file.

For Debian 8 "Jessie", these problems have been fixed in version
1.3.20-3+deb8u3.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls0AX9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTmRBAAsWiwiNsXB1/3ohgGMvJFYoLDnF4muhnqLtearyLXDAEf1KB5FhcmX6QJ
mtvmiu/LhEvI+A4P77Ua58iV4q2Xs0BjLM45zSmRxDu+ogxuO/eJ9SRK3hjzkMiD
bFEVnCunc2YpZWgRVwTaLT2W1e7Tr1eiOEPEv9Vl3dgvFwyZFwqUikzEqhotgoia
T5R543bvEiNrzXyEt4PzKkc/fsSiDg7UHaANSsYAdfYd0PHiUAHo2UV5yBHIw/JN
MvCBhT3mVHC8f9XaMCUTf3/LUv5O5tzYylHl2XC+yu3HPTTYsne+lEv78vglpBtF
H6hPP01Ib4kYSz8eXf7a99N6Z9cyj1ucFTFR+rQVP1Pav7CRR7u+eaBAuh5y+P3E
RFYliQ7d0mQ2g59jT90/cHnQPyrPAs120IsoHGmMkHUIkC/9Q1mRR9loMcIAYmeV
3t4X8tM9IQxHLmgMLTRaZFzje9s8J7sJ5S2aJD9yHbA0H+Sxni+sv7QmsrcutH0z
FnZj4DS+T8DrUoq08Et5ayiDJzcq2SfYYCx2EsRO8Y6haV2lzGA/lqv5IDJnnecJ
x0TM3EJh8F6OkasDyhDkfrRLfW/HzFxbfmQpPtWEvyj7g8/9QaLGlC6rK0LTGWej
NTiARSyn2DDErSvRX6SUXlUAn8LCho1exciw/udT62PAxnnAmoo=
=PNR5
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1400-1] tomcat7 security update
Next by Date: [SECURITY] [DLA 1402-1] exiv2 security update
Previous by thread: [SECURITY] [DLA 1400-1] tomcat7 security update
Next by thread: [SECURITY] [DLA 1402-1] exiv2 security update
Index(es):
- Date
- Thread