-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : graphicsmagick Version : 1.3.16-1.1+deb7u11 CVE ID : CVE-2017-13737 CVE-2017-15277
Immediately after the previous update to graphicsmagick, two more security issues were identified. These updates are included here. CVE-2017-13737 Incorrect rounding up resulted in scrambling the heap beyond the allocation. CVE-2017-15277 Left the palette uninitialized when processing a GIF file that has neither a global nor local palette. For Debian 7 "Wheezy", these problems have been fixed in version 1.3.16-1.1+deb7u11. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlnoUN0ACgkQF4RXf4Ef bqzi7w//T94/9/tOVGfD02s6XyQdsHkv3CK4xSUs6mfJjSRzbH1tXT1rGacVI3K2 XFmIOiDkonv2QQIgA0e4TupkAwi9auFc/TWBku2W0f0Dm9JGPvPIcpYC8LlSVR4Z anJoYvWFwX2s56c3w54Op2prCcJ0st0tcLyYQLHspNzTVjtSfRA5k3BCkJn2c+vm udGDyIKvrEkTRp14y/Ct4fjbED8pDDxltrftmnXS+VB0+5/xrbvbWp2jQ3b9NnI+ vBJ2HeSVQRFlWmiWUZy4Jlb8hQ84cNxfsGz8+4qy0MH51zVew9ox62mG5BqZJQz9 Izt2Cd+/MNEnIjWgFwySMk2eiHOwSvCrpH5caXS8OaX+fPKS4hj50yhpxMz4rQDO UnDpvpSJcpuUj47SY/YRoDeIbUtk/0OvkgyAEkaXFMvV67bdX+g0L+50IHFKKgOy dmgJUQcE6jPmlLBNS9NJdp4J0+vjF+4ZDNKyTNZwZLSYlWCHP/vwhUBph1hgTUdu ew5JJVgBcIcXnk31GSulM0PrmMfUa2QVxDvdTyOIQ0LHcD1kuDwyxbbCFJbaSIO/ KZsVanexNpXGIA8EP7xYDf0B6kILCrTYCpi49ETNXlkEADKLZHRqdP6vByFgKT0R hLo+ej9GwSFKzt1LfIEo2eJMaYm2AAj/IAOONX2f7D5cA4NGcP0= =y8/A -----END PGP SIGNATURE-----