[ubuntu/xenial-updates] nss 2:3.28.4-0ubuntu0.16.04.10 (Accepted)
nss (2:3.28.4-0ubuntu0.16.04.10) xenial-security; urgency=medium * SECURITY UPDATE: Possible wrong length for cryptographic primitives input - debian/patches/CVE-2019-17006.patch: adds checks for length of crypto primitives in nss/lib/freebl/chacha20poly1305.c, nss/lib/freebl/ctr.c, nss/lib/freebl/gcm.c, nss/lib/freebl/intel-gcm-wrap.c, nss/lib/freebl/rsapkcs.c. - CVE-2019-17006 Date: 2020-01-08 12:38:20.905834+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.10 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] graphicsmagick 1.3.23-1ubuntu0.4 (Accepted)
graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage() - debian/patches/CVE-2017-14165.patch: Verify that file header data length, and file length are sufficient for claimed image dimensions. - CVE-2017-14165 * SECURITY UPDATE: Heap-based buffer over-read in DrawImage() - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in DrawDashPolygon(). - CVE-2017-14314 * SECURITY UPDATE: Null pointer dereference in ReadPNMImage() - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256 colors. - CVE-2017-14504 * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c - debian/patches/CVE-2017-14649.patch: Validate JNG data properly. - CVE-2017-14649 * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage() - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha flag is present. - CVE-2017-14733 * SECURITY UPDATE: Null pointer dereference in ReadDCMImage() - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer. - CVE-2017-14994 * SECURITY UPDATE: Integer underflow in ReadPICTImage() - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to astonishingly large allocation request. - CVE-2017-14997 * SECURITY UPDATE: Resource leak in ReadGIFImage() - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully initialized. - CVE-2017-15277 * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage() - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer when transferring JPEG scanlines. - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null PixelPacket pointer. - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable dimensions given the file size. - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception gets reported on read failure. - CVE-2017-15930 * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage() - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow while describing visual image directory. - CVE-2017-16352 * SECURITY UPDATE: Memory information disclosure in DescribeImage() - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the IPTC profile. - CVE-2017-16353 Date: 2020-01-08 15:20:39.828370+00:00 Changed-By: Eduardo dos Santos Barretto Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.23-1ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] nss 2:3.28.4-0ubuntu0.16.04.10 (Accepted)
nss (2:3.28.4-0ubuntu0.16.04.10) xenial-security; urgency=medium * SECURITY UPDATE: Possible wrong length for cryptographic primitives input - debian/patches/CVE-2019-17006.patch: adds checks for length of crypto primitives in nss/lib/freebl/chacha20poly1305.c, nss/lib/freebl/ctr.c, nss/lib/freebl/gcm.c, nss/lib/freebl/intel-gcm-wrap.c, nss/lib/freebl/rsapkcs.c. - CVE-2019-17006 Date: 2020-01-08 12:38:20.905834+00:00 Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa) https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.10 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] graphicsmagick 1.3.23-1ubuntu0.4 (Accepted)
graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage() - debian/patches/CVE-2017-14165.patch: Verify that file header data length, and file length are sufficient for claimed image dimensions. - CVE-2017-14165 * SECURITY UPDATE: Heap-based buffer over-read in DrawImage() - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in DrawDashPolygon(). - CVE-2017-14314 * SECURITY UPDATE: Null pointer dereference in ReadPNMImage() - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256 colors. - CVE-2017-14504 * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c - debian/patches/CVE-2017-14649.patch: Validate JNG data properly. - CVE-2017-14649 * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage() - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha flag is present. - CVE-2017-14733 * SECURITY UPDATE: Null pointer dereference in ReadDCMImage() - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce image list with no frames, resulting in null image pointer. - CVE-2017-14994 * SECURITY UPDATE: Integer underflow in ReadPICTImage() - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to astonishingly large allocation request. - CVE-2017-14997 * SECURITY UPDATE: Resource leak in ReadGIFImage() - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully initialized. - CVE-2017-15277 * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage() - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer when transferring JPEG scanlines. - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null PixelPacket pointer. - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable dimensions given the file size. - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception gets reported on read failure. - CVE-2017-15930 * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage() - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow while describing visual image directory. - CVE-2017-16352 * SECURITY UPDATE: Memory information disclosure in DescribeImage() - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the IPTC profile. - CVE-2017-16353 Date: 2020-01-08 15:20:39.828370+00:00 Changed-By: Eduardo dos Santos Barretto https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.23-1ubuntu0.4 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-updates] clamav 0.102.1+dfsg-0ubuntu0.16.04.2 (Accepted)
clamav (0.102.1+dfsg-0ubuntu0.16.04.2) xenial-security; urgency=medium * Updated to 0.102.1 to fix security issue (CVE-2019-15961) - debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1. - debian/clamav-daemon.*.in,clamav-freshclam.*.in, clamav-daemon.templates: added new configuration options, dropped ClamOnAccess. - debian/clamav-deamon.install: install new clamonacc binary. - debian/clamav-docs.*: removed missing docs. - debian/libclamav9.install: added libfreshclam.so.2. - debian/libclamav9.symbols: updated for new version. - debian/rules: bumped CL_FLEVEL to 112. Date: 2020-01-07 16:41:15.552735+00:00 Changed-By: Marc Deslauriers Signed-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes
[ubuntu/xenial-security] clamav 0.102.1+dfsg-0ubuntu0.16.04.2 (Accepted)
clamav (0.102.1+dfsg-0ubuntu0.16.04.2) xenial-security; urgency=medium * Updated to 0.102.1 to fix security issue (CVE-2019-15961) - debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1. - debian/clamav-daemon.*.in,clamav-freshclam.*.in, clamav-daemon.templates: added new configuration options, dropped ClamOnAccess. - debian/clamav-deamon.install: install new clamonacc binary. - debian/clamav-docs.*: removed missing docs. - debian/libclamav9.install: added libfreshclam.so.2. - debian/libclamav9.symbols: updated for new version. - debian/rules: bumped CL_FLEVEL to 112. Date: 2020-01-07 16:41:15.552735+00:00 Changed-By: Marc Deslauriers https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.16.04.2 Sorry, changesfile not available.-- Xenial-changes mailing list Xenial-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/xenial-changes