Debian alert DLA-2084-1 (graphicsmagick)
| From: | Thorsten Alteholz <debian@alteholz.de> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2084-1] graphicsmagick security update | |
| Date: | Wed, 29 Jan 2020 22:47:06 +0100 (CET) | |
| Message-ID: | <alpine.DEB.2.20.2001292242080.25258@jupiter.server.alteholz.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : graphicsmagick Version : 1.3.20-3+deb8u8 CVE ID : CVE-2019-19950 CVE-2019-19951 CVE-2019-19953 Three issues have been found in graphicsmagick, a collection of image processing tools. They are basically a heap-based buffer over-read, heap-based buffer overflow and a use-after-free in different functions. For Debian 8 "Jessie", these problems have been fixed in version 1.3.20-3+deb8u8. We recommend that you upgrade your graphicsmagick packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl4x/VpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEdRDA/+NiMgriWaqlMml37foJxRQSD1R4kFnY2JdEBgHGO2UqKoRHHoX0T5xkss zvlRk7/3APhB6qqOQVeGLqKvAc0MhIXShbWIpGjmt575LebnJduBgohks8YiDeai Mm0g1PzzsxUmZUN+HV7NcGzXeiIcymGPFHSGJ8Ya/LFxS540iqrjkh/AOR4vF3e7 FdVIxXk9Wi93pvuHL7JSiU6g+T62YRLBXOgJgMXGkU1uFZMscXqw1ys/Z/wsLXjq L8Bp/usT/vKW+XmU8Fu8A4+U86LZQbsfZFj1B2vuVXF5Beajd5OiG9WDGZG2wnbj iljpoSFniUydGPDfOPk48zmCsIv1337YlmusJ5qkYfqy0Zs4+qaQSCZccoBCvhRZ xBrq3MXfK2WrYYICqKNLZawBtFo9Pz9v6GAVCnlsISMld207JsUToAjBsMWlCy0O WvGnRr5rhR6nTuC93lLhOVaZSfzdgvw1HaLdXxSl24DUAoNGE3XP8bVkp/CR/IrI HyMel6XyjGZDSX+MAwUcLvZO4HJZuLrbuYSrgNoj9cyax8evor08pSaRy3ImRAmR MZ1Yg/p4d1KB7aM0N5vO7a25rHx5ewIclePbeM5hT/WeHiOnEjDaCHaB7Gm/J8bq oM/dWNneU0YLaMXB3Q5HnnHvXb6So9mXHTLsaAgHXOkOcuGtPyU= =MqDJ -----END PGP SIGNATURE-----