graphicsmagick: CVE-2017-11637

Debian Bug report logs - #870153
graphicsmagick: CVE-2017-11637

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2017-11636, CVE-2017-11637, CVE-2017-11638, CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722

Date: Sun, 30 Jul 2017 16:19:05 +0200

[Message part 1 (text/plain, inline)]

Package: graphicsmagick
X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org
Severity: grave
Tags: security

Hi,

the following vulnerabilities were published for graphicsmagick.

CVE-2017-11636[0]:
| GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage()
| function in coders/rgb.c when processing multiple frames that have
| non-identical widths.

CVE-2017-11637[1]:
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the
| WritePCLImage() function in coders/pcl.c during writes of monochrome
| images.

CVE-2017-11638[2]:
| GraphicsMagick 1.3.26 has a segmentation violation in the
| WriteMAPImage() function in coders/map.c when processing a
| non-colormapped image, a different vulnerability than CVE-2017-11642.

CVE-2017-11641[3]:
| GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in
| magick/pixel_cache.c during writing of Magick Persistent Cache (MPC)
| files.

CVE-2017-11642[4]:
| GraphicsMagick 1.3.26 has a NULL pointer dereference in the
| WriteMAPImage() function in coders/map.c when processing a
| non-colormapped image, a different vulnerability than CVE-2017-11638.

CVE-2017-11643[5]:
| GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage()
| function in coders/cmyk.c when processing multiple frames that have
| non-identical widths.

CVE-2017-11722[6]:
| The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26
| allows remote attackers to cause a denial of service (out-of-bounds
| read and application crash) via a crafted file, because the program's
| actual control flow was inconsistent with its indentation. This
| resulted in a logging statement executing outside of a loop, and
| consequently using an invalid array index corresponding to the loop's
| exit condition.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11636
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11636
[1] https://security-tracker.debian.org/tracker/CVE-2017-11637
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11637
[2] https://security-tracker.debian.org/tracker/CVE-2017-11638
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11638
[3] https://security-tracker.debian.org/tracker/CVE-2017-11641
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11641
[4] https://security-tracker.debian.org/tracker/CVE-2017-11642
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11642
[5] https://security-tracker.debian.org/tracker/CVE-2017-11643
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11643
[6] https://security-tracker.debian.org/tracker/CVE-2017-11722
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11722

Please adjust the affected versions in the BTS as needed.

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #10 received at 870149@bugs.debian.org (full text, mbox, reply):

From: László Böszörményi (GCS) <gcs@debian.org>

To: Markus Koschany <apo@debian.org>, 870149@bugs.debian.org

Subject: Re: Bug#870149: CVE-2017-11636, CVE-2017-11637, CVE-2017-11638, CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722

Date: Sun, 30 Jul 2017 16:30:27 +0200

Hi Markus,

On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany <apo@debian.org> wrote:
> Package: graphicsmagick
> Severity: grave
> Tags: security
[...]
> the following vulnerabilities were published for graphicsmagick.
 Thanks for the heads-up - all of these are in the tracker since 26th
of July, committed by Salvatore (carnil), right?

Regards,
Laszlo/GCS

Message #15 received at 870149@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: László Böszörményi (GCS) <gcs@debian.org>

Cc: 870149@bugs.debian.org

Subject: Re: Bug#870149: CVE-2017-11636, CVE-2017-11637, CVE-2017-11638, CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722

Date: Sun, 30 Jul 2017 16:34:10 +0200

[Message part 1 (text/plain, inline)]

Hi László,

Am 30.07.2017 um 16:30 schrieb László Böszörményi (GCS):
> Hi Markus,
> 
> On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany <apo@debian.org> wrote:
>> Package: graphicsmagick
>> Severity: grave
>> Tags: security
> [...]
>> the following vulnerabilities were published for graphicsmagick.
>  Thanks for the heads-up - all of these are in the tracker since 26th
> of July, committed by Salvatore (carnil), right?
> 
> Regards,
> Laszlo/GCS

Right. I just wanted to make sure that we track these new issues with a bug report. Have a nice weekend.

Regards,

Markus

[signature.asc (application/pgp-signature, attachment)]

Message #28 received at 870153-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 870153-close@bugs.debian.org

Subject: Bug#870153: fixed in graphicsmagick 1.3.26-4

Date: Sun, 30 Jul 2017 21:04:22 +0000

Source: graphicsmagick
Source-Version: 1.3.26-4

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870153@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 30 Jul 2017 18:47:55 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.26-4
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 870149 870153 870154 870155 870156 870157 870158
Changes:
 graphicsmagick (1.3.26-4) unstable; urgency=high
 .
   * Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function
     (closes: #870157).
   * Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function
     (closes: #870149).
   * Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if
     input is not colormapped (closes: #870154, #870156).
   * Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache
     format (closes: #870155).
   * Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage()
     function (closes: #870153).
   * Fix CVE-2017-11722:  denial of service via a crafted file
     (closes: #870158).
   * Remove autotools-dev and dh-autoreconf build dependencies.
Checksums-Sha1:
 12e0f95b125eae52b333c32e664dd9e8dc52218c 2774 graphicsmagick_1.3.26-4.dsc
 3726682e10dc66b9ad2500325bd4f5ba26273978 146100 graphicsmagick_1.3.26-4.debian.tar.xz
 03c317e36a0eb1a85cdc66bf3cb7fafe840300fc 3174116 graphicsmagick-dbg_1.3.26-4_amd64.deb
 a892530e1388be13d210f95fdb929a0ceadefa30 23074 graphicsmagick-imagemagick-compat_1.3.26-4_all.deb
 f15eff5b82863ade94a99baa2a318e2426c83c3d 26512 graphicsmagick-libmagick-dev-compat_1.3.26-4_all.deb
 d8e16c9f2c853900872093238871802daed0675a 11432 graphicsmagick_1.3.26-4_amd64.buildinfo
 00b8817973e63c337a976142c04614feaae9acab 864292 graphicsmagick_1.3.26-4_amd64.deb
 206fc93bf28410553bb82c695ccd82aa69a5ae1c 70034 libgraphics-magick-perl_1.3.26-4_amd64.deb
 f53ab3a21c129f864ab17b6440a194ee0968dde4 117526 libgraphicsmagick++-q16-12_1.3.26-4_amd64.deb
 8d79e892c40d0f0ab4d66acc55f9bd4d04e963bf 302300 libgraphicsmagick++1-dev_1.3.26-4_amd64.deb
 0d4e0e577100b275e7bcc7ee3e3cb3bdc08ce647 1112214 libgraphicsmagick-q16-3_1.3.26-4_amd64.deb
 514c8fd92ba327e628462d9a4e2cf935ea0d36ec 1334842 libgraphicsmagick1-dev_1.3.26-4_amd64.deb
Checksums-Sha256:
 c62cd077bd3e39fbc964bea3b46fa5b4ccf0468545c0a115a8f596651f375c14 2774 graphicsmagick_1.3.26-4.dsc
 6645c18f68a27053bdb8bce2f147320541c085e15ae0e147828a648d2e30c18e 146100 graphicsmagick_1.3.26-4.debian.tar.xz
 c5af28a0721c4f26fbb23c1e127d888ce7e58ee6b8bbf111a15ca97b80bf8093 3174116 graphicsmagick-dbg_1.3.26-4_amd64.deb
 07d273efe9e4a381af7641ebd6d9a2342444b3dde1fe87e0d03599cfbff4e818 23074 graphicsmagick-imagemagick-compat_1.3.26-4_all.deb
 07e70a7c941f56336a075aa111a55e378b16955823aca2d96842596fb12feecb 26512 graphicsmagick-libmagick-dev-compat_1.3.26-4_all.deb
 be5aa5e91debeceae2a77409043be70686285e245ee477ee3dc43493b420e997 11432 graphicsmagick_1.3.26-4_amd64.buildinfo
 bfc1ee0365f195e20d4d108d390dfad8d5ee5e77ff93dca1923fcccf13c01cf9 864292 graphicsmagick_1.3.26-4_amd64.deb
 c252e0cb6a4b421e8bf9661462969ad34fec32201be91d2cd6e4160780236535 70034 libgraphics-magick-perl_1.3.26-4_amd64.deb
 e4dab6dd7a606d33d9349306cf13092afe8b5eabee0a6f96473ba71f0d02a57c 117526 libgraphicsmagick++-q16-12_1.3.26-4_amd64.deb
 f0ebd80d7836bbb7f00eb2e44e71d8e809c489180166076475d48c83633bc32f 302300 libgraphicsmagick++1-dev_1.3.26-4_amd64.deb
 4c8c4ec4c415ad69e0ccdd87cd151abbf88538f8d59b4f230a63eaa615a01020 1112214 libgraphicsmagick-q16-3_1.3.26-4_amd64.deb
 72ebfdd8358a1b2ff0df7949bf3a18b8857b41ba22775ed23884b6ffa9e1c166 1334842 libgraphicsmagick1-dev_1.3.26-4_amd64.deb
Files:
 5dac87409dedd003328fc4fb1925e10d 2774 graphics optional graphicsmagick_1.3.26-4.dsc
 4421b266e5a9932a93c16c38dec3c96d 146100 graphics optional graphicsmagick_1.3.26-4.debian.tar.xz
 df1c42b55a600b604868ba42ac6f322b 3174116 debug extra graphicsmagick-dbg_1.3.26-4_amd64.deb
 4e418ea3fc373ac9c9f6ce4b5e7151c1 23074 graphics extra graphicsmagick-imagemagick-compat_1.3.26-4_all.deb
 18bfb5fa56d5810dc2fa561fff581234 26512 graphics extra graphicsmagick-libmagick-dev-compat_1.3.26-4_all.deb
 a5d1061fbee9c1d68bd8c2ac47f7b32d 11432 graphics optional graphicsmagick_1.3.26-4_amd64.buildinfo
 1496eacdf31e9362b70792e5990e7ece 864292 graphics optional graphicsmagick_1.3.26-4_amd64.deb
 f77f01aab175d563fd13e6f01e2e30d8 70034 perl optional libgraphics-magick-perl_1.3.26-4_amd64.deb
 d0b18c9529afa2840ad489dca8514da6 117526 libs optional libgraphicsmagick++-q16-12_1.3.26-4_amd64.deb
 7891e1a8d370a56970a13e3565a90d68 302300 libdevel optional libgraphicsmagick++1-dev_1.3.26-4_amd64.deb
 2755e409c5da7b88894cfc8a4d97a7b5 1112214 libs optional libgraphicsmagick-q16-3_1.3.26-4_amd64.deb
 127b354307dbe71c7f214d5b12ff2605 1334842 libdevel optional libgraphicsmagick1-dev_1.3.26-4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAll+Rl0ACgkQ3OMQ54ZM
yL/QXA//Z7NajGCqQg1njS7lXpTm5Y4U+AfOpzI+6WhxuTKjcp89rrmpN/ZLJdt8
ksiPHHPseEJVRlqv6YwTlzXPz08ZRRDwz0GRHRQudze2bvPI9wwAKgzAlX84LUx6
4eyM9oK1f6QwpyFiXz81cybT4sHrzbA2BEAld2bgG9/j8xKak6yVOCana/1rtOiG
EPPLqg5+TNd2dp7gWFkS3FDnTqugHzTIjdsxSe0BeGZrL/czSWhxDK5kBHAgLPOS
UaZ3/fSDcjZDOMDKY6vB9dZxtwtH9Qz/j07CJWZAifo9TkfwGibIDRrZrrPcgNMb
UNHBWC/dxgT/LmVp7ZvPUDjbIB7gAu3xaq3aIlzbRdw7JIrRjxQp2kFsvRGI5icG
bk/HyU/R2DcScJF9wYcRTxlJVtC2TyNnb6IaM2Y2fIKjnVGyv//pFDhvaJ0xaDdp
T3HmbFPN3/8JK+01L3UsQG1rd2nNvjAI4R9rGA2lFSvbKi4ZTWUnKLTzcBbGzh9o
82H8yOU+OQykTJp1i5z2w3m7sT1EODnNTugyWsvlgW4YVAno4pTozA6tQE57VGlH
dFa53drROTxmqaFmpk1+nNz0quEvuSQqpz7w/YT9B/wxseTF4Jg+d1WFpPdElhba
5XiRTp1s8e2yrYhrdJKUwmngzBi/qMkYFkrW8VmJ4u085ZOtjE0=
=QBaD
-----END PGP SIGNATURE-----

Message #35 received at 870153-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>

To: 870153-close@bugs.debian.org

Subject: Bug#870153: fixed in graphicsmagick 1.3.30+hg15796-1~deb9u1

Date: Sat, 20 Oct 2018 09:47:33 +0000

Source: graphicsmagick
Source-Version: 1.3.30+hg15796-1~deb9u1

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870153@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Oct 2018 20:33:06 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.30+hg15796-1~deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 842787 863564 867060 867077 867085 867746 870149 870153 870154 870155 870156 870157 870158 871306 872574 872575 872576 873119 873129 873130 873538 874724 876460 878511 879999 881391 881524 884904 884905 887158 894396
Changes:
 graphicsmagick (1.3.30+hg15796-1~deb9u1) stretch-security; urgency=high
 .
   * Security backport for Stretch.
   * Relax g++ build dependency.
   * Relax debhelper build dependency.
   * Relax Standards-Version to 3.9.8 .
 .
 graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues:
     - WEBP: Fix compiler warnings regarding uninitialized structure members,
     - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
     - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
       case libjpeg fails to completely initialize it,
     - WriteOnePNGImage(): Free png_pixels as soon as possible,
     - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
       subsequent heap read overflow,
     - ReadMVGImage(): Don't assume that in-memory MVG blob is a
       null-terminated C string,
     - ReadMVGImage(): Don't allow MVG files to side-load a file as the
       drawing primitive using '@' syntax,
     - FileToBlob(): Use confirm access APIs to verify that read access is
       allowed, and verify that file is a regular file,
     - ExtractTokensBetweenPushPop() needs to always return a valid pointer
       into the primitive string,
     - DrawPolygonPrimitive(): Fix leak of polygon set when object is
       completely outside image,
     - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
       pixels in-core rather than using a staging area for the case where the
       nexus rows extend beyond the image raster boundary,
     - ReadCINEONImage(): Quit immediately on EOF and detect short files,
     - ReadMVGImage(): Fix memory leak,
     - Add mechanism to approve embedded subformats in WPG,
     - ReadXBMImage(): Add validations for row and column dimensions,
     - MAT InsertComplexFloatRow(): Avoid signed overflow,
     - InsertComplexFloatRow(): Try not to lose the previous intention while
       avoiding signed overflow,
     - XBMInteger(): Limit the number of hex digits parsed to avoid signed
       integer overflow,
     - MAT: More aggresive data corruption checking,
     - MAT: Correctly check GetBlobSize(image) even for zipstreams inside
       blob,
     - MAT: Explicitly reject non-seekable streams,
     - DrawImage(): Add missing error-reporting logic to return immediately
       upon memory reallocation failure. Apply memory resource limits to
       PrimitiveInfo array allocation,
     - MagickAtoFChk(): Add additional validation checks for floating point
       values. NAN and +/- INFINITY values also map to 0.0 ,
     - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
       prior to any comment, and that there is only one comment,
     - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
       possible heap write overflow,
     - WPG: Fix intentional 64 bit file offset overflow,
     - DrawImage(): Be more precise about error detection and reporting,
     - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
       one-byte stack write overflow,
     - DrawImage(): Fix excessive memory consumption due to
       SetImageAttribute() appending values,
     - QuantumTransferMode(): CIE Log images with an alpha channel are not
       supported,
     - ConvertPrimitiveToPath(): Second attempt to prevent heap write
       overflow of PathInfo array,
     - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
     - MIFF and MPC, need to avoid leaking value allocation (day-old bug),
     - ReadSFWImage(): Enforce that file is read using the JPEG reader,
     - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
       signed to unsigned and check for unsigned overflow,
     - GenerateEXIFAttribute(): Eliminate undefined shift,
     - TraceEllipse(): Detect arithmetic overflow when computing the number of
       points to allocate for an ellipse,
     - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
     - ReadJPEGImage(): Apply a default limit of 100 progressive scans before
       the reader quits with an error.
   * Update library symbols for this release.
 .
 graphicsmagick (1.3.30-1) unstable; urgency=high
 .
   * New upstream release, including many security fixes.
   * Build with all hardening enabled.
 .
 graphicsmagick (1.3.29+hg15665-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues:
     - use of uninitialized value in IsMonochromeImage() ,
     - divide by zero in GetPixelOpacity() ,
     - write beyond array bounds in TraceStrokePolygon() ,
     - use of uninitialized value in format8BIM() ,
     - assertion failure in WriteBlob() ,
     - out of bounds write in TraceEllipse() ,
     - memory leak and use of uninitialized memory when handling eXIf chunk
       in png_malloc() ,
     - floating point exception in WriteTIFFImage() ,
     - leak of Image when TIFFReadRGBAImage() reports failure,
     - potentional leak when compressed object is corrupted,
     - floating point exception in WriteTIFFImage() ,
     - heap double free in Magick::BlobRef::~BlobRef() ,
     - direct leak in TIFFClientOpen() ,
     - indirect leak in CloneImage() ,
     - direct leak in ReadOneJNGImage() ,
     - heap buffer overflow in put1bitbwtile() ,
     - use of uninitialized value in SyncImageCallBack() ,
     - validate tile memory requests for TIFFReadRGBATile() .
   * Remove profiles/sRGB Color Space Profile.ICM and
     jp2/data/colorprofiles/srgb.icm for being non-free.
   * Remove zlib/contrib/dotzlib/DotZLib.chm for no source available.
 .
 graphicsmagick (1.3.29-1) unstable; urgency=high
 .
   * New upstream release, including many security fixes.
   * Remove previously backported security patches.
   * Update library symbols for this release.
   * Update debhelper level to 11 .
   * Update Standards-Version to 4.1.4 .
 .
 graphicsmagick (1.3.28-2) unstable; urgency=high
 .
   * Backport security fixes:
     - don't use rescale map if it was not allocated,
     - validate number of colormap bits to avoid undefined shift behavior,
     - defend against partial scanf() expression matching, resulting in benign
       use of uninitialized data,
     - don't use rescale map if it was not allocated,
     - fix tile index overflow,
     - reject XPM if it contains non-whitespace control characters,
     - fix forged amount of frames 6755,
     - validate header length and offset properties,
     - fixed memory leak when tile overflows,
     - fix forged amount of frames 7076,
     - check for forged image that overflows file size,
     - validate size request prior to allocation,
     - validate that file size is sufficient for claimed image properties,
     - fix signed integer overflow when computing pixels size,
     - include number of FITS scenes in file size validations,
     - allocate space for null termination and null terminate string,
     - validate that samples per pixel is in valid range,
     - check whether datablock is really read,
     - verify that sufficient backing data exists before allocating memory to
       read it,
     - duplicate image check for data with fixed geometry,
     - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
       changed while ticks_per_second is zero (closes: #894396),
     - add checks for EOF,
     - validate that PICT rectangles do not have zero dimensions,
     - check image pixel limits before allocating memory for tile.
   * Backport patch to redesign ReadBlobDwordLSB() to be more effective.
   * Backport patch to destroy tile_image in ThrowPICTReaderException() macro
     to simplify logic.
   * Backport patch to remove shadowed tile_image variable which defeats new
     ThrowPICTReaderException() implementation.
 .
 graphicsmagick (1.3.28-1) unstable; urgency=high
 .
   * New upstream release, fixing the following security issues among others:
     - BMP: Fix non-terminal loop due to unexpected bit-field mask value
       (DOS opportunity),
     - PALM: Fix heap buffer underflow in builds with QuantumDepth=8,
     - SetNexus() Fix heap overwrite under certain conditions due to using a
       wrong destination buffer,
     - TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
       NEWS profile.
   * Remove previously backported security patches.
 .
 graphicsmagick (1.3.27-4) unstable; urgency=high
 .
   * Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158).
   * Fix memory leak of global colormap.
   * Fix memory leak of chunk and mng_info in error path.
   * Update Standards-Version to 4.1.3 .
 .
 graphicsmagick (1.3.27-3) unstable; urgency=high
 .
   * Fix heap-buffer-overflow on LocaleNCompare() .
   * Add some assertions to verify that the image pointer provided by libwebp
     is valid.
   * Fix NULL pointer dereference in ReadMNGImage() .
   * Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() .
   * Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() .
 .
 graphicsmagick (1.3.27-2) unstable; urgency=high
 .
   * Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage()
     (closes: #884905).
   * Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904).
 .
 graphicsmagick (1.3.27-1) unstable; urgency=medium
 .
   * New upstream release.
   * Remove previously backported security patches.
   * Update library symbols for this release.
   * Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564).
   * Update Standards-Version to 4.1.2 .
 .
 graphicsmagick (1.3.26-19) unstable; urgency=high
 .
   * Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus()
     (closes: #881391).
   * Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524).
 .
 graphicsmagick (1.3.26-18) unstable; urgency=high
 .
   * Fix CVE-2017-16547: remote denial of service (negative strncpy and
     application crash).
   * Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG
     image.
 .
 graphicsmagick (1.3.26-17) unstable; urgency=high
 .
   * Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() .
   * Fix CVE-2017-16352: heap-based buffer overflow vulnerability in
     DescribeImage() .
 .
 graphicsmagick (1.3.26-16) unstable; urgency=high
 .
   * Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
     scanlines (closes: #879999).
 .
 graphicsmagick (1.3.26-15) unstable; urgency=high
 .
   * Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
 .
 graphicsmagick (1.3.26-14) unstable; urgency=high
 .
   * Fix CVE-2017-15277: assure that global colormap is fully initialized in
     ReadGIFImage() .
   * Fix memory leak in WriteGIFImage() .
   * Fix CVE-2017-15238: use after free in ReadJNGImage() .
 .
 graphicsmagick (1.3.26-13) unstable; urgency=high
 .
   * Fix CVE-2017-14733: heap out of bounds read in ReadRLEImage() .
   * Fix CVE-2017-14994: NULL pointer dereference in DICOM Decoder.
   * Fix CVE-2017-14997: memory allocation error due to malformed image file.
   * Update Standards-Version to 4.1.1 .
 .
 graphicsmagick (1.3.26-12) unstable; urgency=high
 .
   * Update upstream changelog for CVE-2017-14103 .
   * Fix CVE-2017-14649: denial of service due to assertion failure in
     AcquireImagePixels() (closes: #876460).
   * Update Standards-Version to 4.1.0:
     - change graphicsmagick-dbg priority to optional.
 .
 graphicsmagick (1.3.26-11) unstable; urgency=high
 .
   * Fix CVE-2017-14504: NULL pointer dereference triggered by malformed file.
 .
 graphicsmagick (1.3.26-10) unstable; urgency=high
 .
   * Fix CVE-2017-14314: heap-based buffer over-read in DrawDashPolygon() .
 .
 graphicsmagick (1.3.26-9) unstable; urgency=high
 .
   * Fix CVE-2017-14165: remote denial of service due to memory allocation
     failure in magickmalloc (closes: #874724).
   * Fix CVE-2017-14042: memory allocation failure in MagickRealloc()
     (closes: #873538).
 .
 graphicsmagick (1.3.26-8) unstable; urgency=high
 .
   * Fix CVE-2017-13775: denial of service issue in ReadJNXImage() .
   * Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in
     ReadXBMImage() .
   * Fix memory leak vulnerability in ReadJNGImage() which allow attackers to
     cause a denial of service via a crafted file.
   * Fix double-free after reading a malformed JNG.
   * Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do
     not properly manage image pointers after certain error conditions, which
     allows remote use-after-free attacks via a crafted file, related to a
     ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists
     because of an incomplete fix for CVE-2017-11403 .
   * Fix CVE-2017-8350: crash while reading a malformed JNG file.
 .
 graphicsmagick (1.3.26-7) unstable; urgency=high
 .
   * Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the
     GetStyleTokens() function (closes: #873130).
   * Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in
     the GetStyleTokens() function (closes: #873129).
   * Fix CVE-2017-13065: NULL pointer dereference vulnerability in the
     SVGStartElement() function (closes: #873119).
 .
 graphicsmagick (1.3.26-6) unstable; urgency=high
 .
   * Fix CVE-2017-12935: invalid memory read in the SetImageColorCallBack()
     with large MNG images (closes: #872576).
   * Fix CVE-2017-12936: use-after-free issue for data associated with
     exception reporting in the ReadWMFImage() function (closes: #872575).
   * Fix CVE-2017-12937: colormap heap-based buffer over-read in the
     ReadSUNImage() function (closes: #872574).
 .
 graphicsmagick (1.3.26-5) unstable; urgency=medium
 .
   * Handle mangling change for conversion operators in GCC 7 (closes: #871306).
 .
   [ John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> ]
   * Honor 'nocheck' in DEB_BUILD_OPTIONS (closes: #842787).
 .
 graphicsmagick (1.3.26-4) unstable; urgency=high
 .
   * Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function
     (closes: #870157).
   * Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function
     (closes: #870149).
   * Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if
     input is not colormapped (closes: #870154, #870156).
   * Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache
     format (closes: #870155).
   * Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage()
     function (closes: #870153).
   * Fix CVE-2017-11722:  denial of service via a crafted file
     (closes: #870158).
   * Remove autotools-dev and dh-autoreconf build dependencies.
 .
 graphicsmagick (1.3.26-3) unstable; urgency=high
 .
   * Fix CVE-2017-11140: denial of service (resource consumption) via crafted
     JPEG files.
   * Fix apparent off-by-one error in MNG FRAM change_clipping processing.
   * Fix out-of-order CloseBlob() and DestroyImageList() .
 .
 graphicsmagick (1.3.26-2) unstable; urgency=high
 .
   * Fix CVE-2017-11102: remote denial of service during JNG reading via a
     zero-length color_image data structrure in ReadOneJNGImage (png.c)
     (closes: #867746).
   * Add new DestroyJNGInfo@Base and remove DestroyJNG@Base obsolete symbols.
 .
 graphicsmagick (1.3.26-1) unstable; urgency=high
 .
   * New upstream release, fixing the following security issues among others:
     - META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
     - WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash
       (CVE-2016-7997).
     - PNG: Enforce spec requirement that the dimensions of the JPEG embedded
       in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
     - TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
       have only 2 samples per pixel (CVE-2017-6335).
     - JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
     - TIFF: Fix out of bounds read when reading RGB TIFF which claims to have
       only 1 sample per pixel (CVE-2017-10794) (closes: #867085).
     - DPX: Fix excessive use of memory (DOS issue) due to file header claiming
       large image dimensions but insufficient backing data. (CVE-2017-10799)
       (closes: #867077).
     - MAT: Fix excessive use of memory (DOS issue) due to continuing
       processing with insufficient data and claimed large image size. Verify
       each file extent to make sure that it is within range of file size.
       (CVE-2017-10800) (closes: #867060).
   * Remove previously backported security patches.
   * Self-tests build hack no longer needed.
   * Update library symbols for this release.
   * Update Standards-Version to 4.0.0 and debhelper level to 10 .
Checksums-Sha1:
 d68d1991ef6d0d8c3c6ed77b296d7736d4c1e385 2870 graphicsmagick_1.3.30+hg15796-1~deb9u1.dsc
 e2a3a50bb3c609f4625b6a2a38de46357b881fe6 27390756 graphicsmagick_1.3.30+hg15796.orig.tar.xz
 8636383effee1bd65d84ae173808858567031346 142500 graphicsmagick_1.3.30+hg15796-1~deb9u1.debian.tar.xz
 0b7b425ccb7e8408d5a39c3a4c3ab23cd8020b31 3416140 graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb
 eb14efd6e32e610d14cb7107053ed7f1313684ef 50358 graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u1_all.deb
 b324bad157ecf7e379b5b1c3c42c03671c802557 53792 graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u1_all.deb
 d0e2aaa2fca7a611f0661bcd136a4ee862c8073d 12075 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.buildinfo
 38ae530eb82601994d1b403aaad2d1bd64a29bbf 953120 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.deb
 3ef9152817fb3289d7c3d654d6a27b3fc2c48ee7 96980 libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_amd64.deb
 0649f8222a972bb0b8b3f09a60607f7c833e5354 144776 libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_amd64.deb
 cb9d2d9897996457f4493e0b117f463baa3597fb 331646 libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
 8f545c239c193b4abc9cdb02065e9cb50677a6d9 1174436 libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u1_amd64.deb
 0a1d30d5503c7269f64ebc7c346c9f9bde6dc460 1408204 libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
Checksums-Sha256:
 1d4030c972ce9ccadb38cae5514691a64f07d127c0453788a05d90f48fddd146 2870 graphicsmagick_1.3.30+hg15796-1~deb9u1.dsc
 b6748d7368f686c346c90b9077699568d1b60a25e820b7fe2d68168bad4c80b7 27390756 graphicsmagick_1.3.30+hg15796.orig.tar.xz
 ffdc1963e96ed6e67c04af89a26505faa63033eeafaf8826e54ad96b4d362e3b 142500 graphicsmagick_1.3.30+hg15796-1~deb9u1.debian.tar.xz
 f2443c59c7c114e8db8597490577a20f96814ca28fe6b3885d520c1eeffd42e6 3416140 graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb
 7b1eb26ddfe3b7cd665629715b1f3088dbac02f91db4a70b6f60412d67b99b20 50358 graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u1_all.deb
 3614bf4bccb831f39771ed6b2e0c2a9bde56334c66461a5ec7a200c3d528825b 53792 graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u1_all.deb
 99776a1f309c5526cfcc2d7535187dd05dc9e9ca09143da0fe34526a4c497840 12075 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.buildinfo
 070949a267eef6c3ad808f27bfb314e04d50f630c4c0a60e00ac732b57e6bc8d 953120 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.deb
 e3b1981f06371994fb7eb79001b0665e18d98b2ff203902ec9c33aae13bf0bbb 96980 libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_amd64.deb
 beed8172f246c925482a525a017ec41ce58ce90661d476b174183fa9422a7db3 144776 libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_amd64.deb
 c6977a0ff003b135eaa771343d967249dfc6edbabddf6e296fdb8af0fdda371e 331646 libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
 e422dc328b2c57e568f5b967e60ea5c620ac1d217fa265c2dfd7d7290d398bb1 1174436 libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u1_amd64.deb
 377182ec3d70c8bf0204a4f86a13363b815b52876098a3fb0c6e13d7fb1ad67c 1408204 libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
Files:
 e341ee97094ae7d3a9920be306b9f714 2870 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1.dsc
 a03ab1fdd46b33ad7d45a56289ec7ba2 27390756 graphics optional graphicsmagick_1.3.30+hg15796.orig.tar.xz
 1a26002f0f1ac64ccf83fa49a527911e 142500 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1.debian.tar.xz
 f09f80dab4ecce3e2d97ce8c882c3dd6 3416140 debug optional graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb
 441e8db8d26aca20e10d3e0b12b14afc 50358 graphics optional graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u1_all.deb
 6e0d144895c60effb6e2d8e85ec249ba 53792 graphics optional graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u1_all.deb
 9b6fff554d1e873c082b678a763f7706 12075 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.buildinfo
 5a9ca5ec8ae53376394ac4f8b5e3d899 953120 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.deb
 a1617193004eb6f75f5a648e6f264da2 96980 perl optional libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_amd64.deb
 7a0fb1bf1d3d98e197a635d324e1fe07 144776 libs optional libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_amd64.deb
 e453800e686a3f43c96550e6f1bd3a27 331646 libdevel optional libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb
 0b491de97d61176afadd6e9aba415a92 1174436 libs optional libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u1_amd64.deb
 00a22c5f203215d199923c9e233d9ee6 1408204 libdevel optional libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlvAqAwACgkQ3OMQ54ZM
yL95FQ/3ddmtrGDuOUTD3Z6jNe8iqxXkT10eKn/tv7GIRj6Y9VcwrwU1e2o0Klpz
f8EwO9ZnfGkck/7a2YZ9Uz/R5N1i3PIVs9Tl9Xr0WaVcRhHFYKBmJzgiYMB85Xa5
LlqnGvrkqgHFDulifn65Cs6kxoQjhL4k+uG9LM3NfGa1Obsd8/zpHww9ZX7YuwnQ
P+FA/1Io+b/Sxgd/3qTXMdVlfsV21bntORtEaOAsLkQ40CZPbnJEWTh+dHjGzeip
BLgWVQ3tjlB4J6sEmTiF1m39BtoRrNqO1f2rCrlKtJr1sLw4AxOP785KafMxOirv
n878ElycQmoSI2SFwJr8wK/kHxf6sNfURei8EzDsLlR6vd8OzvgznfGc04guuwZM
+odas76zzVyKF7hzHeV65SuauGCf254zFgV+dft1ay6V8JFq71+3wQBVBcufwlUi
0spWH4vyrhzLaiARY00AGperEEAip9If/bjcRQCf/WZVDeqnbP+QwoQuJ9yAer3F
kiV0m7NrYyKCo+hIo38EPVFtgA/PCjGXWYNClVyCIE9eDNbC/CBHkxnayIGGvKSv
tgWF2VjC116e3hXZeW45au2Z2nObFwul9PHWABpAKL7q/JEAtkTailtYOtK90sbC
dpEpl+pObKN7wntWXSdLrqP2rfeDoSN9rC8QBUyY5f9xJKTXxQ==
=KRFO
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.