[ubuntu/xenial-updates] graphicsmagick 1.3.23-1ubuntu0.5 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jan 22 18:58:11 UTC 2020 

graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in ReadWPGImage() 
    - debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a
      PseudoClass type with valid colormapped indexes.
    - CVE-2017-16545
  * SECURITY UPDATE: DoS (negative strncpy) in DrawImage()
    - debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads
      to large strncpy size request and bad array index.
    - CVE-2017-16547
  * SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c 
    - debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when
      something fails.
    - debian/patches/CVE-2017-16669-2.patch: Wrong row count checking.
    - debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes
      pointer due to programming error and report it.
    - debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to
      produce expected PseudoClass indexes.
    - debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value.
    - debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for
      all calls.
    - CVE-2017-16669
  * SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage()
    - debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing
      gray+alpha 1-bit/sample.
    - CVE-2017-17498
  * SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage()
    - debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17500
  * SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage()
    - debian/patches/CVE-2017-17501.patch: Fix heap read overrun while
      testing pixels for opacity.
    - CVE-2017-17501
  * SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage()
    - debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17502
  * SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage()
    - debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17503
  * SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage()
    - debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk
      which caused heap read overflow.
    - CVE-2017-17782
  * SECURITY UPDATE: Buffer over-read in ReadPALMImage()
    - debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build
      while initializing color palette.
    - CVE-2017-17783

Date: 2020-01-22 16:40:19.357787+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.23-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list