-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4675-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 05, 2020                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : graphicsmagick
CVE ID         : CVE-2019-12921 CVE-2020-10938

Several vulnerabilities have been discovered in GraphicsMagick, a set of
command-line applications to manipulate image files, which could result
in information disclosure, denial of service or the execution of
arbitrary code if malformed image files are processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 1.3.30+hg15796-1~deb9u4.

For the stable distribution (buster), these problems have been fixed in
version 1.4+really1.3.35-1~deb10u1.

We recommend that you upgrade your graphicsmagick packages.

For the detailed security status of graphicsmagick please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/graphicsmagick

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl6x0CVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RvQg//R5OBPZhCbOTsA/1o3jRXNYlkTeAoJ7rfh4VyGBqdLEqVPhrTWlylLg9p
Lxpi+fmzbfEIcfC9joA/f8RCJIPC6ybTt719tjvufV4tw0xGWvdgMBqWAcKYSEKX
nJeeA5RlB5shcn/K8zS1C794+m9HxeUPRS8ATgu+siRPnLQRABQ2g2zswaRYoPAG
bKihL2Td36PBqCR1YcKYkXHmCP0hzuNItNuy7ajiGeqx4KqNylankyBykFIAiRuf
6CJqkSmz9iw+EJnjBZU8au05bh3GUvrwDWQMx5BjokklxV+45fc0abHuZyqxlxr4
0m+Xi/SRHtpf8LorOuYekeLjbfU2TaSV0YIF8t69Q+OhgngW+mbxd3G+nqJARlF8
+W+HbFuv0T8oES5oqpd65HcslMt+WevauTHqqg/3q//SjdSztJz9uhQeMJj/57LX
S5K+I0Q5ax7i9wLrYfv1sTTVIC4c4Z7EEUl7lXhDwB+0O9ZB2GMtBHCE+wrv22i4
Dk0ydpEBrE49uugfwH6Kjn6zY1384AAAKSm39xaeXH9oHwjs54cqnyDvSu80fVfA
c7Y+Y1FC7AsHgiKKSFxwjiFQuh/T5OHJ5ixRY5HWQL/pSw2dPAThu7ALIHo+Qbpd
UzB7RaUm5VOhFSmvYkaA2q0gZcLarkeHkdWWD2P9GV2LoEaOqF4=
=Uw37
-----END PGP SIGNATURE-----