Package: graphicsmagick; Maintainer for graphicsmagick is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for graphicsmagick is src:graphicsmagick (PTS, buildd, popcon).
Reported by: Markus Koschany <apo@debian.org>
Date: Sun, 30 Jul 2017 14:21:02 UTC
Severity: grave
Tags: security, upstream
Found in versions graphicsmagick/1.3.26-3, graphicsmagick/1.3.20-3
Fixed in versions graphicsmagick/1.3.26-4, graphicsmagick/1.3.30+hg15796-1~deb9u1
Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#870149
; Package graphicsmagick
.
(Sun, 30 Jul 2017 14:21:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Sun, 30 Jul 2017 14:21:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: graphicsmagick X-Debbugs-CC: team@security.debian.org secure-testing-team@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerabilities were published for graphicsmagick. CVE-2017-11636[0]: | GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() | function in coders/rgb.c when processing multiple frames that have | non-identical widths. CVE-2017-11637[1]: | GraphicsMagick 1.3.26 has a NULL pointer dereference in the | WritePCLImage() function in coders/pcl.c during writes of monochrome | images. CVE-2017-11638[2]: | GraphicsMagick 1.3.26 has a segmentation violation in the | WriteMAPImage() function in coders/map.c when processing a | non-colormapped image, a different vulnerability than CVE-2017-11642. CVE-2017-11641[3]: | GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in | magick/pixel_cache.c during writing of Magick Persistent Cache (MPC) | files. CVE-2017-11642[4]: | GraphicsMagick 1.3.26 has a NULL pointer dereference in the | WriteMAPImage() function in coders/map.c when processing a | non-colormapped image, a different vulnerability than CVE-2017-11638. CVE-2017-11643[5]: | GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() | function in coders/cmyk.c when processing multiple frames that have | non-identical widths. CVE-2017-11722[6]: | The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 | allows remote attackers to cause a denial of service (out-of-bounds | read and application crash) via a crafted file, because the program's | actual control flow was inconsistent with its indentation. This | resulted in a logging statement executing outside of a loop, and | consequently using an invalid array index corresponding to the loop's | exit condition. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11636 [1] https://security-tracker.debian.org/tracker/CVE-2017-11637 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11637 [2] https://security-tracker.debian.org/tracker/CVE-2017-11638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11638 [3] https://security-tracker.debian.org/tracker/CVE-2017-11641 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11641 [4] https://security-tracker.debian.org/tracker/CVE-2017-11642 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11642 [5] https://security-tracker.debian.org/tracker/CVE-2017-11643 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11643 [6] https://security-tracker.debian.org/tracker/CVE-2017-11722 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11722 Please adjust the affected versions in the BTS as needed. Regards, Markus
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#870149
; Package graphicsmagick
.
(Sun, 30 Jul 2017 14:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to László Böszörményi (GCS) <gcs@debian.org>
:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Sun, 30 Jul 2017 14:33:05 GMT) (full text, mbox, link).
Message #10 received at 870149@bugs.debian.org (full text, mbox, reply):
Hi Markus, On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany <apo@debian.org> wrote: > Package: graphicsmagick > Severity: grave > Tags: security [...] > the following vulnerabilities were published for graphicsmagick. Thanks for the heads-up - all of these are in the tracker since 26th of July, committed by Salvatore (carnil), right? Regards, Laszlo/GCS
Information forwarded
to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#870149
; Package graphicsmagick
.
(Sun, 30 Jul 2017 14:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Markus Koschany <apo@debian.org>
:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Sun, 30 Jul 2017 14:39:03 GMT) (full text, mbox, link).
Message #15 received at 870149@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi László, Am 30.07.2017 um 16:30 schrieb László Böszörményi (GCS): > Hi Markus, > > On Sun, Jul 30, 2017 at 4:19 PM, Markus Koschany <apo@debian.org> wrote: >> Package: graphicsmagick >> Severity: grave >> Tags: security > [...] >> the following vulnerabilities were published for graphicsmagick. > Thanks for the heads-up - all of these are in the tracker since 26th > of July, committed by Salvatore (carnil), right? > > Regards, > Laszlo/GCS Right. I just wanted to make sure that we track these new issues with a bug report. Have a nice weekend. Regards, Markus
[signature.asc (application/pgp-signature, attachment)]
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 30 Jul 2017 15:45:04 GMT) (full text, mbox, link).
Marked as found in versions graphicsmagick/1.3.26-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 30 Jul 2017 15:54:03 GMT) (full text, mbox, link).
Bug 870149 cloned as bugs 870153, 870154, 870155, 870156, 870157, 870158
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 30 Jul 2017 15:57:02 GMT) (full text, mbox, link).
Changed Bug title to 'graphicsmagick: CVE-2017-11637' from 'CVE-2017-11636, CVE-2017-11637, CVE-2017-11638, CVE-2017-11641, CVE-2017-11642, CVE-2017-11643, CVE-2017-11722'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sun, 30 Jul 2017 15:57:03 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
You have taken responsibility.
(Sun, 30 Jul 2017 21:09:05 GMT) (full text, mbox, link).
Notification sent
to Markus Koschany <apo@debian.org>
:
Bug acknowledged by developer.
(Sun, 30 Jul 2017 21:09:05 GMT) (full text, mbox, link).
Message #28 received at 870153-close@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick Source-Version: 1.3.26-4 We believe that the bug you reported is fixed in the latest version of graphicsmagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870153@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 30 Jul 2017 18:47:55 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.26-4 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Closes: 870149 870153 870154 870155 870156 870157 870158 Changes: graphicsmagick (1.3.26-4) unstable; urgency=high . * Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function (closes: #870157). * Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function (closes: #870149). * Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if input is not colormapped (closes: #870154, #870156). * Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache format (closes: #870155). * Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage() function (closes: #870153). * Fix CVE-2017-11722: denial of service via a crafted file (closes: #870158). * Remove autotools-dev and dh-autoreconf build dependencies. Checksums-Sha1: 12e0f95b125eae52b333c32e664dd9e8dc52218c 2774 graphicsmagick_1.3.26-4.dsc 3726682e10dc66b9ad2500325bd4f5ba26273978 146100 graphicsmagick_1.3.26-4.debian.tar.xz 03c317e36a0eb1a85cdc66bf3cb7fafe840300fc 3174116 graphicsmagick-dbg_1.3.26-4_amd64.deb a892530e1388be13d210f95fdb929a0ceadefa30 23074 graphicsmagick-imagemagick-compat_1.3.26-4_all.deb f15eff5b82863ade94a99baa2a318e2426c83c3d 26512 graphicsmagick-libmagick-dev-compat_1.3.26-4_all.deb d8e16c9f2c853900872093238871802daed0675a 11432 graphicsmagick_1.3.26-4_amd64.buildinfo 00b8817973e63c337a976142c04614feaae9acab 864292 graphicsmagick_1.3.26-4_amd64.deb 206fc93bf28410553bb82c695ccd82aa69a5ae1c 70034 libgraphics-magick-perl_1.3.26-4_amd64.deb f53ab3a21c129f864ab17b6440a194ee0968dde4 117526 libgraphicsmagick++-q16-12_1.3.26-4_amd64.deb 8d79e892c40d0f0ab4d66acc55f9bd4d04e963bf 302300 libgraphicsmagick++1-dev_1.3.26-4_amd64.deb 0d4e0e577100b275e7bcc7ee3e3cb3bdc08ce647 1112214 libgraphicsmagick-q16-3_1.3.26-4_amd64.deb 514c8fd92ba327e628462d9a4e2cf935ea0d36ec 1334842 libgraphicsmagick1-dev_1.3.26-4_amd64.deb Checksums-Sha256: c62cd077bd3e39fbc964bea3b46fa5b4ccf0468545c0a115a8f596651f375c14 2774 graphicsmagick_1.3.26-4.dsc 6645c18f68a27053bdb8bce2f147320541c085e15ae0e147828a648d2e30c18e 146100 graphicsmagick_1.3.26-4.debian.tar.xz c5af28a0721c4f26fbb23c1e127d888ce7e58ee6b8bbf111a15ca97b80bf8093 3174116 graphicsmagick-dbg_1.3.26-4_amd64.deb 07d273efe9e4a381af7641ebd6d9a2342444b3dde1fe87e0d03599cfbff4e818 23074 graphicsmagick-imagemagick-compat_1.3.26-4_all.deb 07e70a7c941f56336a075aa111a55e378b16955823aca2d96842596fb12feecb 26512 graphicsmagick-libmagick-dev-compat_1.3.26-4_all.deb be5aa5e91debeceae2a77409043be70686285e245ee477ee3dc43493b420e997 11432 graphicsmagick_1.3.26-4_amd64.buildinfo bfc1ee0365f195e20d4d108d390dfad8d5ee5e77ff93dca1923fcccf13c01cf9 864292 graphicsmagick_1.3.26-4_amd64.deb c252e0cb6a4b421e8bf9661462969ad34fec32201be91d2cd6e4160780236535 70034 libgraphics-magick-perl_1.3.26-4_amd64.deb e4dab6dd7a606d33d9349306cf13092afe8b5eabee0a6f96473ba71f0d02a57c 117526 libgraphicsmagick++-q16-12_1.3.26-4_amd64.deb f0ebd80d7836bbb7f00eb2e44e71d8e809c489180166076475d48c83633bc32f 302300 libgraphicsmagick++1-dev_1.3.26-4_amd64.deb 4c8c4ec4c415ad69e0ccdd87cd151abbf88538f8d59b4f230a63eaa615a01020 1112214 libgraphicsmagick-q16-3_1.3.26-4_amd64.deb 72ebfdd8358a1b2ff0df7949bf3a18b8857b41ba22775ed23884b6ffa9e1c166 1334842 libgraphicsmagick1-dev_1.3.26-4_amd64.deb Files: 5dac87409dedd003328fc4fb1925e10d 2774 graphics optional graphicsmagick_1.3.26-4.dsc 4421b266e5a9932a93c16c38dec3c96d 146100 graphics optional graphicsmagick_1.3.26-4.debian.tar.xz df1c42b55a600b604868ba42ac6f322b 3174116 debug extra graphicsmagick-dbg_1.3.26-4_amd64.deb 4e418ea3fc373ac9c9f6ce4b5e7151c1 23074 graphics extra graphicsmagick-imagemagick-compat_1.3.26-4_all.deb 18bfb5fa56d5810dc2fa561fff581234 26512 graphics extra graphicsmagick-libmagick-dev-compat_1.3.26-4_all.deb a5d1061fbee9c1d68bd8c2ac47f7b32d 11432 graphics optional graphicsmagick_1.3.26-4_amd64.buildinfo 1496eacdf31e9362b70792e5990e7ece 864292 graphics optional graphicsmagick_1.3.26-4_amd64.deb f77f01aab175d563fd13e6f01e2e30d8 70034 perl optional libgraphics-magick-perl_1.3.26-4_amd64.deb d0b18c9529afa2840ad489dca8514da6 117526 libs optional libgraphicsmagick++-q16-12_1.3.26-4_amd64.deb 7891e1a8d370a56970a13e3565a90d68 302300 libdevel optional libgraphicsmagick++1-dev_1.3.26-4_amd64.deb 2755e409c5da7b88894cfc8a4d97a7b5 1112214 libs optional libgraphicsmagick-q16-3_1.3.26-4_amd64.deb 127b354307dbe71c7f214d5b12ff2605 1334842 libdevel optional libgraphicsmagick1-dev_1.3.26-4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAll+Rl0ACgkQ3OMQ54ZM yL/QXA//Z7NajGCqQg1njS7lXpTm5Y4U+AfOpzI+6WhxuTKjcp89rrmpN/ZLJdt8 ksiPHHPseEJVRlqv6YwTlzXPz08ZRRDwz0GRHRQudze2bvPI9wwAKgzAlX84LUx6 4eyM9oK1f6QwpyFiXz81cybT4sHrzbA2BEAld2bgG9/j8xKak6yVOCana/1rtOiG EPPLqg5+TNd2dp7gWFkS3FDnTqugHzTIjdsxSe0BeGZrL/czSWhxDK5kBHAgLPOS UaZ3/fSDcjZDOMDKY6vB9dZxtwtH9Qz/j07CJWZAifo9TkfwGibIDRrZrrPcgNMb UNHBWC/dxgT/LmVp7ZvPUDjbIB7gAu3xaq3aIlzbRdw7JIrRjxQp2kFsvRGI5icG bk/HyU/R2DcScJF9wYcRTxlJVtC2TyNnb6IaM2Y2fIKjnVGyv//pFDhvaJ0xaDdp T3HmbFPN3/8JK+01L3UsQG1rd2nNvjAI4R9rGA2lFSvbKi4ZTWUnKLTzcBbGzh9o 82H8yOU+OQykTJp1i5z2w3m7sT1EODnNTugyWsvlgW4YVAno4pTozA6tQE57VGlH dFa53drROTxmqaFmpk1+nNz0quEvuSQqpz7w/YT9B/wxseTF4Jg+d1WFpPdElhba 5XiRTp1s8e2yrYhrdJKUwmngzBi/qMkYFkrW8VmJ4u085ZOtjE0= =QBaD -----END PGP SIGNATURE-----
Marked as found in versions graphicsmagick/1.3.20-3.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Mon, 31 Jul 2017 04:21:10 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
You have taken responsibility.
(Sat, 20 Oct 2018 09:48:22 GMT) (full text, mbox, link).
Notification sent
to Markus Koschany <apo@debian.org>
:
Bug acknowledged by developer.
(Sat, 20 Oct 2018 09:48:22 GMT) (full text, mbox, link).
Message #35 received at 870153-close@bugs.debian.org (full text, mbox, reply):
Source: graphicsmagick Source-Version: 1.3.30+hg15796-1~deb9u1 We believe that the bug you reported is fixed in the latest version of graphicsmagick, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870153@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphicsmagick package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 03 Oct 2018 20:33:06 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.30+hg15796-1~deb9u1 Distribution: stretch-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Closes: 842787 863564 867060 867077 867085 867746 870149 870153 870154 870155 870156 870157 870158 871306 872574 872575 872576 873119 873129 873130 873538 874724 876460 878511 879999 881391 881524 884904 884905 887158 894396 Changes: graphicsmagick (1.3.30+hg15796-1~deb9u1) stretch-security; urgency=high . * Security backport for Stretch. * Relax g++ build dependency. * Relax debhelper build dependency. * Relax Standards-Version to 3.9.8 . . graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - WEBP: Fix compiler warnings regarding uninitialized structure members, - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit, - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in case libjpeg fails to completely initialize it, - WriteOnePNGImage(): Free png_pixels as soon as possible, - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid subsequent heap read overflow, - ReadMVGImage(): Don't assume that in-memory MVG blob is a null-terminated C string, - ReadMVGImage(): Don't allow MVG files to side-load a file as the drawing primitive using '@' syntax, - FileToBlob(): Use confirm access APIs to verify that read access is allowed, and verify that file is a regular file, - ExtractTokensBetweenPushPop() needs to always return a valid pointer into the primitive string, - DrawPolygonPrimitive(): Fix leak of polygon set when object is completely outside image, - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using pixels in-core rather than using a staging area for the case where the nexus rows extend beyond the image raster boundary, - ReadCINEONImage(): Quit immediately on EOF and detect short files, - ReadMVGImage(): Fix memory leak, - Add mechanism to approve embedded subformats in WPG, - ReadXBMImage(): Add validations for row and column dimensions, - MAT InsertComplexFloatRow(): Avoid signed overflow, - InsertComplexFloatRow(): Try not to lose the previous intention while avoiding signed overflow, - XBMInteger(): Limit the number of hex digits parsed to avoid signed integer overflow, - MAT: More aggresive data corruption checking, - MAT: Correctly check GetBlobSize(image) even for zipstreams inside blob, - MAT: Explicitly reject non-seekable streams, - DrawImage(): Add missing error-reporting logic to return immediately upon memory reallocation failure. Apply memory resource limits to PrimitiveInfo array allocation, - MagickAtoFChk(): Add additional validation checks for floating point values. NAN and +/- INFINITY values also map to 0.0 , - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified prior to any comment, and that there is only one comment, - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid possible heap write overflow, - WPG: Fix intentional 64 bit file offset overflow, - DrawImage(): Be more precise about error detection and reporting, - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a one-byte stack write overflow, - DrawImage(): Fix excessive memory consumption due to SetImageAttribute() appending values, - QuantumTransferMode(): CIE Log images with an alpha channel are not supported, - ConvertPrimitiveToPath(): Second attempt to prevent heap write overflow of PathInfo array, - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder, - MIFF and MPC, need to avoid leaking value allocation (day-old bug), - ReadSFWImage(): Enforce that file is read using the JPEG reader, - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from signed to unsigned and check for unsigned overflow, - GenerateEXIFAttribute(): Eliminate undefined shift, - TraceEllipse(): Detect arithmetic overflow when computing the number of points to allocate for an ellipse, - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long, - ReadJPEGImage(): Apply a default limit of 100 progressive scans before the reader quits with an error. * Update library symbols for this release. . graphicsmagick (1.3.30-1) unstable; urgency=high . * New upstream release, including many security fixes. * Build with all hardening enabled. . graphicsmagick (1.3.29+hg15665-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - use of uninitialized value in IsMonochromeImage() , - divide by zero in GetPixelOpacity() , - write beyond array bounds in TraceStrokePolygon() , - use of uninitialized value in format8BIM() , - assertion failure in WriteBlob() , - out of bounds write in TraceEllipse() , - memory leak and use of uninitialized memory when handling eXIf chunk in png_malloc() , - floating point exception in WriteTIFFImage() , - leak of Image when TIFFReadRGBAImage() reports failure, - potentional leak when compressed object is corrupted, - floating point exception in WriteTIFFImage() , - heap double free in Magick::BlobRef::~BlobRef() , - direct leak in TIFFClientOpen() , - indirect leak in CloneImage() , - direct leak in ReadOneJNGImage() , - heap buffer overflow in put1bitbwtile() , - use of uninitialized value in SyncImageCallBack() , - validate tile memory requests for TIFFReadRGBATile() . * Remove profiles/sRGB Color Space Profile.ICM and jp2/data/colorprofiles/srgb.icm for being non-free. * Remove zlib/contrib/dotzlib/DotZLib.chm for no source available. . graphicsmagick (1.3.29-1) unstable; urgency=high . * New upstream release, including many security fixes. * Remove previously backported security patches. * Update library symbols for this release. * Update debhelper level to 11 . * Update Standards-Version to 4.1.4 . . graphicsmagick (1.3.28-2) unstable; urgency=high . * Backport security fixes: - don't use rescale map if it was not allocated, - validate number of colormap bits to avoid undefined shift behavior, - defend against partial scanf() expression matching, resulting in benign use of uninitialized data, - don't use rescale map if it was not allocated, - fix tile index overflow, - reject XPM if it contains non-whitespace control characters, - fix forged amount of frames 6755, - validate header length and offset properties, - fixed memory leak when tile overflows, - fix forged amount of frames 7076, - check for forged image that overflows file size, - validate size request prior to allocation, - validate that file size is sufficient for claimed image properties, - fix signed integer overflow when computing pixels size, - include number of FITS scenes in file size validations, - allocate space for null termination and null terminate string, - validate that samples per pixel is in valid range, - check whether datablock is really read, - verify that sufficient backing data exists before allocating memory to read it, - duplicate image check for data with fixed geometry, - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties changed while ticks_per_second is zero (closes: #894396), - add checks for EOF, - validate that PICT rectangles do not have zero dimensions, - check image pixel limits before allocating memory for tile. * Backport patch to redesign ReadBlobDwordLSB() to be more effective. * Backport patch to destroy tile_image in ThrowPICTReaderException() macro to simplify logic. * Backport patch to remove shadowed tile_image variable which defeats new ThrowPICTReaderException() implementation. . graphicsmagick (1.3.28-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - BMP: Fix non-terminal loop due to unexpected bit-field mask value (DOS opportunity), - PALM: Fix heap buffer underflow in builds with QuantumDepth=8, - SetNexus() Fix heap overwrite under certain conditions due to using a wrong destination buffer, - TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing NEWS profile. * Remove previously backported security patches. . graphicsmagick (1.3.27-4) unstable; urgency=high . * Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158). * Fix memory leak of global colormap. * Fix memory leak of chunk and mng_info in error path. * Update Standards-Version to 4.1.3 . . graphicsmagick (1.3.27-3) unstable; urgency=high . * Fix heap-buffer-overflow on LocaleNCompare() . * Add some assertions to verify that the image pointer provided by libwebp is valid. * Fix NULL pointer dereference in ReadMNGImage() . * Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() . * Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() . . graphicsmagick (1.3.27-2) unstable; urgency=high . * Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage() (closes: #884905). * Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904). . graphicsmagick (1.3.27-1) unstable; urgency=medium . * New upstream release. * Remove previously backported security patches. * Update library symbols for this release. * Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564). * Update Standards-Version to 4.1.2 . . graphicsmagick (1.3.26-19) unstable; urgency=high . * Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus() (closes: #881391). * Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524). . graphicsmagick (1.3.26-18) unstable; urgency=high . * Fix CVE-2017-16547: remote denial of service (negative strncpy and application crash). * Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG image. . graphicsmagick (1.3.26-17) unstable; urgency=high . * Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() . * Fix CVE-2017-16352: heap-based buffer overflow vulnerability in DescribeImage() . . graphicsmagick (1.3.26-16) unstable; urgency=high . * Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG scanlines (closes: #879999). . graphicsmagick (1.3.26-15) unstable; urgency=high . * Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511). . graphicsmagick (1.3.26-14) unstable; urgency=high . * Fix CVE-2017-15277: assure that global colormap is fully initialized in ReadGIFImage() . * Fix memory leak in WriteGIFImage() . * Fix CVE-2017-15238: use after free in ReadJNGImage() . . graphicsmagick (1.3.26-13) unstable; urgency=high . * Fix CVE-2017-14733: heap out of bounds read in ReadRLEImage() . * Fix CVE-2017-14994: NULL pointer dereference in DICOM Decoder. * Fix CVE-2017-14997: memory allocation error due to malformed image file. * Update Standards-Version to 4.1.1 . . graphicsmagick (1.3.26-12) unstable; urgency=high . * Update upstream changelog for CVE-2017-14103 . * Fix CVE-2017-14649: denial of service due to assertion failure in AcquireImagePixels() (closes: #876460). * Update Standards-Version to 4.1.0: - change graphicsmagick-dbg priority to optional. . graphicsmagick (1.3.26-11) unstable; urgency=high . * Fix CVE-2017-14504: NULL pointer dereference triggered by malformed file. . graphicsmagick (1.3.26-10) unstable; urgency=high . * Fix CVE-2017-14314: heap-based buffer over-read in DrawDashPolygon() . . graphicsmagick (1.3.26-9) unstable; urgency=high . * Fix CVE-2017-14165: remote denial of service due to memory allocation failure in magickmalloc (closes: #874724). * Fix CVE-2017-14042: memory allocation failure in MagickRealloc() (closes: #873538). . graphicsmagick (1.3.26-8) unstable; urgency=high . * Fix CVE-2017-13775: denial of service issue in ReadJNXImage() . * Fix CVE-2017-13776 and CVE-2017-13777: denial of service issue in ReadXBMImage() . * Fix memory leak vulnerability in ReadJNGImage() which allow attackers to cause a denial of service via a crafted file. * Fix double-free after reading a malformed JNG. * Fix CVE-2017-14103: the ReadJNGImage() and ReadOneJNGImage() functions do not properly manage image pointers after certain error conditions, which allows remote use-after-free attacks via a crafted file, related to a ReadMNGImage() out-of-order CloseBlob() call. This vulnerability exists because of an incomplete fix for CVE-2017-11403 . * Fix CVE-2017-8350: crash while reading a malformed JNG file. . graphicsmagick (1.3.26-7) unstable; urgency=high . * Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the GetStyleTokens() function (closes: #873130). * Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in the GetStyleTokens() function (closes: #873129). * Fix CVE-2017-13065: NULL pointer dereference vulnerability in the SVGStartElement() function (closes: #873119). . graphicsmagick (1.3.26-6) unstable; urgency=high . * Fix CVE-2017-12935: invalid memory read in the SetImageColorCallBack() with large MNG images (closes: #872576). * Fix CVE-2017-12936: use-after-free issue for data associated with exception reporting in the ReadWMFImage() function (closes: #872575). * Fix CVE-2017-12937: colormap heap-based buffer over-read in the ReadSUNImage() function (closes: #872574). . graphicsmagick (1.3.26-5) unstable; urgency=medium . * Handle mangling change for conversion operators in GCC 7 (closes: #871306). . [ John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> ] * Honor 'nocheck' in DEB_BUILD_OPTIONS (closes: #842787). . graphicsmagick (1.3.26-4) unstable; urgency=high . * Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function (closes: #870157). * Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function (closes: #870149). * Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if input is not colormapped (closes: #870154, #870156). * Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache format (closes: #870155). * Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage() function (closes: #870153). * Fix CVE-2017-11722: denial of service via a crafted file (closes: #870158). * Remove autotools-dev and dh-autoreconf build dependencies. . graphicsmagick (1.3.26-3) unstable; urgency=high . * Fix CVE-2017-11140: denial of service (resource consumption) via crafted JPEG files. * Fix apparent off-by-one error in MNG FRAM change_clipping processing. * Fix out-of-order CloseBlob() and DestroyImageList() . . graphicsmagick (1.3.26-2) unstable; urgency=high . * Fix CVE-2017-11102: remote denial of service during JNG reading via a zero-length color_image data structrure in ReadOneJNGImage (png.c) (closes: #867746). * Add new DestroyJNGInfo@Base and remove DestroyJNG@Base obsolete symbols. . graphicsmagick (1.3.26-1) unstable; urgency=high . * New upstream release, fixing the following security issues among others: - META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800). - WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997). - PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830). - TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335). - JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350). - TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794) (closes: #867085). - DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799) (closes: #867077). - MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800) (closes: #867060). * Remove previously backported security patches. * Self-tests build hack no longer needed. * Update library symbols for this release. * Update Standards-Version to 4.0.0 and debhelper level to 10 . Checksums-Sha1: d68d1991ef6d0d8c3c6ed77b296d7736d4c1e385 2870 graphicsmagick_1.3.30+hg15796-1~deb9u1.dsc e2a3a50bb3c609f4625b6a2a38de46357b881fe6 27390756 graphicsmagick_1.3.30+hg15796.orig.tar.xz 8636383effee1bd65d84ae173808858567031346 142500 graphicsmagick_1.3.30+hg15796-1~deb9u1.debian.tar.xz 0b7b425ccb7e8408d5a39c3a4c3ab23cd8020b31 3416140 graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb eb14efd6e32e610d14cb7107053ed7f1313684ef 50358 graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u1_all.deb b324bad157ecf7e379b5b1c3c42c03671c802557 53792 graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u1_all.deb d0e2aaa2fca7a611f0661bcd136a4ee862c8073d 12075 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.buildinfo 38ae530eb82601994d1b403aaad2d1bd64a29bbf 953120 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.deb 3ef9152817fb3289d7c3d654d6a27b3fc2c48ee7 96980 libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_amd64.deb 0649f8222a972bb0b8b3f09a60607f7c833e5354 144776 libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_amd64.deb cb9d2d9897996457f4493e0b117f463baa3597fb 331646 libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb 8f545c239c193b4abc9cdb02065e9cb50677a6d9 1174436 libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u1_amd64.deb 0a1d30d5503c7269f64ebc7c346c9f9bde6dc460 1408204 libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb Checksums-Sha256: 1d4030c972ce9ccadb38cae5514691a64f07d127c0453788a05d90f48fddd146 2870 graphicsmagick_1.3.30+hg15796-1~deb9u1.dsc b6748d7368f686c346c90b9077699568d1b60a25e820b7fe2d68168bad4c80b7 27390756 graphicsmagick_1.3.30+hg15796.orig.tar.xz ffdc1963e96ed6e67c04af89a26505faa63033eeafaf8826e54ad96b4d362e3b 142500 graphicsmagick_1.3.30+hg15796-1~deb9u1.debian.tar.xz f2443c59c7c114e8db8597490577a20f96814ca28fe6b3885d520c1eeffd42e6 3416140 graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb 7b1eb26ddfe3b7cd665629715b1f3088dbac02f91db4a70b6f60412d67b99b20 50358 graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u1_all.deb 3614bf4bccb831f39771ed6b2e0c2a9bde56334c66461a5ec7a200c3d528825b 53792 graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u1_all.deb 99776a1f309c5526cfcc2d7535187dd05dc9e9ca09143da0fe34526a4c497840 12075 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.buildinfo 070949a267eef6c3ad808f27bfb314e04d50f630c4c0a60e00ac732b57e6bc8d 953120 graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.deb e3b1981f06371994fb7eb79001b0665e18d98b2ff203902ec9c33aae13bf0bbb 96980 libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_amd64.deb beed8172f246c925482a525a017ec41ce58ce90661d476b174183fa9422a7db3 144776 libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_amd64.deb c6977a0ff003b135eaa771343d967249dfc6edbabddf6e296fdb8af0fdda371e 331646 libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb e422dc328b2c57e568f5b967e60ea5c620ac1d217fa265c2dfd7d7290d398bb1 1174436 libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u1_amd64.deb 377182ec3d70c8bf0204a4f86a13363b815b52876098a3fb0c6e13d7fb1ad67c 1408204 libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb Files: e341ee97094ae7d3a9920be306b9f714 2870 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1.dsc a03ab1fdd46b33ad7d45a56289ec7ba2 27390756 graphics optional graphicsmagick_1.3.30+hg15796.orig.tar.xz 1a26002f0f1ac64ccf83fa49a527911e 142500 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1.debian.tar.xz f09f80dab4ecce3e2d97ce8c882c3dd6 3416140 debug optional graphicsmagick-dbg_1.3.30+hg15796-1~deb9u1_amd64.deb 441e8db8d26aca20e10d3e0b12b14afc 50358 graphics optional graphicsmagick-imagemagick-compat_1.3.30+hg15796-1~deb9u1_all.deb 6e0d144895c60effb6e2d8e85ec249ba 53792 graphics optional graphicsmagick-libmagick-dev-compat_1.3.30+hg15796-1~deb9u1_all.deb 9b6fff554d1e873c082b678a763f7706 12075 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.buildinfo 5a9ca5ec8ae53376394ac4f8b5e3d899 953120 graphics optional graphicsmagick_1.3.30+hg15796-1~deb9u1_amd64.deb a1617193004eb6f75f5a648e6f264da2 96980 perl optional libgraphics-magick-perl_1.3.30+hg15796-1~deb9u1_amd64.deb 7a0fb1bf1d3d98e197a635d324e1fe07 144776 libs optional libgraphicsmagick++-q16-12_1.3.30+hg15796-1~deb9u1_amd64.deb e453800e686a3f43c96550e6f1bd3a27 331646 libdevel optional libgraphicsmagick++1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb 0b491de97d61176afadd6e9aba415a92 1174436 libs optional libgraphicsmagick-q16-3_1.3.30+hg15796-1~deb9u1_amd64.deb 00a22c5f203215d199923c9e233d9ee6 1408204 libdevel optional libgraphicsmagick1-dev_1.3.30+hg15796-1~deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIyBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlvAqAwACgkQ3OMQ54ZM yL95FQ/3ddmtrGDuOUTD3Z6jNe8iqxXkT10eKn/tv7GIRj6Y9VcwrwU1e2o0Klpz f8EwO9ZnfGkck/7a2YZ9Uz/R5N1i3PIVs9Tl9Xr0WaVcRhHFYKBmJzgiYMB85Xa5 LlqnGvrkqgHFDulifn65Cs6kxoQjhL4k+uG9LM3NfGa1Obsd8/zpHww9ZX7YuwnQ P+FA/1Io+b/Sxgd/3qTXMdVlfsV21bntORtEaOAsLkQ40CZPbnJEWTh+dHjGzeip BLgWVQ3tjlB4J6sEmTiF1m39BtoRrNqO1f2rCrlKtJr1sLw4AxOP785KafMxOirv n878ElycQmoSI2SFwJr8wK/kHxf6sNfURei8EzDsLlR6vd8OzvgznfGc04guuwZM +odas76zzVyKF7hzHeV65SuauGCf254zFgV+dft1ay6V8JFq71+3wQBVBcufwlUi 0spWH4vyrhzLaiARY00AGperEEAip9If/bjcRQCf/WZVDeqnbP+QwoQuJ9yAer3F kiV0m7NrYyKCo+hIo38EPVFtgA/PCjGXWYNClVyCIE9eDNbC/CBHkxnayIGGvKSv tgWF2VjC116e3hXZeW45au2Z2nObFwul9PHWABpAKL7q/JEAtkTailtYOtK90sbC dpEpl+pObKN7wntWXSdLrqP2rfeDoSN9rC8QBUyY5f9xJKTXxQ== =KRFO -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 18 Nov 2018 07:28:22 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.