Source: graphicsmagick
Version: 1.3.27-1
Severity: normal
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/graphicsmagick/bugs/529/

Hi,

the following vulnerability was published for graphicsmagick, this is
basically to track the upstream source fix as we build with
QuantumDepth=16 (in unstable) and thus the issue is not triggred.

CVE-2017-17783[0]:
| In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage
| in coders/palm.c when QuantumDepth is 8.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-17783
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17783
[1] https://sourceforge.net/p/graphicsmagick/bugs/529/
[2] 
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to