-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : graphicsmagick Version : 1.3.16-1.1+deb7u7 CVE ID : CVE-2017-9098 Debian Bug : 862967
Chris Evans discovered that graphicsmagick used uninitialized memory in the RLE decoder, allowing an remote attacker to leak sensitive information from process memory space. More information are available at: https://scarybeastsecurity.blogspot.de/2017/05/bleed-continues-18-byte-file-14k-bounty.html For Debian 7 "Wheezy", these problems have been fixed in version 1.3.16-1.1+deb7u7. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlkoKOVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQhLw/8DPSi/xVDVrGH4vM8XOOl3be81G0pzAcL0EqwdsAKUIFaaO+RNSaXugW+ GS8UdqVpWGjncMVwZbnHJusWvouUuiD1TsheV0DKzStOPW7NICUL2Uxjmvpcy4Qv vH5OLDP2VwrTh9aNPBOa7EOS2Q517pfoRrVYhATg8LMJO3yO23a/ExVIVj243NJ7 6huZFB4hRXCfGIeYQDENyUDMx83jhRgundaFGUEhEU7PGb7ZpNztBu0nixGvj+p8 zf6xJ2pcmwHxwZ2IaOPIcAynOgA+U8PG0rCr89LMr5u1kDjcaI0JOPJjRMc2cVg2 Rgv+wzdbX7B2F/6971d4Sm8TPc6L0/8xQ31TkYg8cczAI6uQMJookJ8bFsZcH7FL jtDnUy+l0KBTfsgZA2oM+5hYqOs9a8bm/5o266InlmsVAl8r2h8GJeaTty6nPo7T tgslf/TyyWXZ5fZRQi1u0wpe65GHe9hNwFa0t5Gb7flpj2bhEtdGm0bQcaflZLSO FUWZqFaXgCUQukkm43h5dLMq18SEFYnBFcWdKozZuHPKQbxXo5NIWVPh0gBdK+dJ TOpJ12osswze6CDi5cJE0lhES8cWv11oZjoLCm3KUjmYibkAzxJnsjr7pnwVT3ze gkrLU8vnXLMaTZ1eb522U5n+yoVzy6OFSL30/YFu2wYAMio4cGs= =dND/ -----END PGP SIGNATURE-----
