graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
- debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
reading heap data beyond the allocated size.
- CVE-2017-17912
* SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
- debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
the image pointer provided by libwebp is valid.
- debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
0.5.0+ by disabling progress indication.
- CVE-2017-17913
* SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
- debian/patches/CVE-2017-17915.patch: Check range limit before accessing
byte to avoid minor heap read overflow.
- CVE-2017-17915
* SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
- debian/patches/CVE-2017-18219.patch: check MemoryResource before
attempting to allocate ping_pixels array.
- CVE-2017-18219
* SECURITY UPDATE: Allocation failure in ReadTIFFImage()
- debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
tile memory allocation requests based on file size.
- CVE-2017-18229
* SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
- debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
- CVE-2017-18230
* SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
- debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
- CVE-2017-18231
Date: 2020-02-04 17:55:15.020890+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barre...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.23-1ubuntu0.6
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
