[SECURITY] [DLA 2084-1] graphicsmagick security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2084-1] graphicsmagick security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Wed, 29 Jan 2020 22:47:06 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.2001292242080.25258@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : graphicsmagick
Version        : 1.3.20-3+deb8u8
CVE ID         : CVE-2019-19950 CVE-2019-19951 CVE-2019-19953

Three issues have been found in graphicsmagick, a collection of imageprocessing tools.They are basically a heap-based buffer over-read, heap-based bufferoverflow and a use-after-free in different functions.



For Debian 8 "Jessie", these problems have been fixed in version
1.3.20-3+deb8u8.

We recommend that you upgrade your graphicsmagick packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4x/VpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdRDA/+NiMgriWaqlMml37foJxRQSD1R4kFnY2JdEBgHGO2UqKoRHHoX0T5xkss
zvlRk7/3APhB6qqOQVeGLqKvAc0MhIXShbWIpGjmt575LebnJduBgohks8YiDeai
Mm0g1PzzsxUmZUN+HV7NcGzXeiIcymGPFHSGJ8Ya/LFxS540iqrjkh/AOR4vF3e7
FdVIxXk9Wi93pvuHL7JSiU6g+T62YRLBXOgJgMXGkU1uFZMscXqw1ys/Z/wsLXjq
L8Bp/usT/vKW+XmU8Fu8A4+U86LZQbsfZFj1B2vuVXF5Beajd5OiG9WDGZG2wnbj
iljpoSFniUydGPDfOPk48zmCsIv1337YlmusJ5qkYfqy0Zs4+qaQSCZccoBCvhRZ
xBrq3MXfK2WrYYICqKNLZawBtFo9Pz9v6GAVCnlsISMld207JsUToAjBsMWlCy0O
WvGnRr5rhR6nTuC93lLhOVaZSfzdgvw1HaLdXxSl24DUAoNGE3XP8bVkp/CR/IrI
HyMel6XyjGZDSX+MAwUcLvZO4HJZuLrbuYSrgNoj9cyax8evor08pSaRy3ImRAmR
MZ1Yg/p4d1KB7aM0N5vO7a25rHx5ewIclePbeM5hT/WeHiOnEjDaCHaB7Gm/J8bq
oM/dWNneU0YLaMXB3Q5HnnHvXb6So9mXHTLsaAgHXOkOcuGtPyU=
=MqDJ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2083-1] hiredis security update
Next by Date: [SECURITY] [DLA 2085-1] zlib security update
Previous by thread: [SECURITY] [DLA 2083-1] hiredis security update
Next by thread: [SECURITY] [DLA 2085-1] zlib security update
Index(es):
- Date
- Thread