Accepted graphicsmagick 1.3.24-1 (source amd64 all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 30 May 2016 20:02:31 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.24-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 814732 825800
Changes:
graphicsmagick (1.3.24-1) unstable; urgency=high
.
* New upstream release, focusing on security fixes for the following image
formats:
- DIB: fix out of bound reads and add more header validations,
- JNG: file size limits are enforced,
- MATLAB: fix DoS and hang on corrupt deflate stream,
- META (Embedded Image Profiles): fix out of bounds reads and writes,
- MIFF (Magick): fix thrown assertion,
- CVE-2016-3716: Magick Scripting Language file processing is not done by
default but need to be prefixed with 'msl:',
- Magick Vector Graphics file processing is not done by default but need
to be prefixed with 'mvg:' and prevent head overflow problems,
- PCX: fix unreasonable memory allocation due to intentionally corrupt
file,
- PDB: fix heap buffer overflow and out of bounds read,
- PICT: fix out of bounds write,
- CVE-2016-3717: for PostScript files always run Ghostscript with -dSAFER
for safer execution,
- PSD: fix segmentation violations, heap buffer overflows and out of
bound writes,
- RLE: fix out of bounds reads and writes,
- ReadImages(): fix possible infinite recursion due to a crafted input
file,
- RotateImage(): fix thrown assertion,
- SGI: fix out of bounds writes,
- SUN: fix out of bounds reads and writes,
- SVG: fix CVE-2016-2317 and CVE-2016-2318, heap and stack buffer
overflows, as well as segmentation violations (closes: #814732);
also fix endless loop, unexpectedly large memory allocation, divide by
zero and recursion issues,
- TIFF: fix assertion while reading and fix benign heap overflow,
- VIFF: fix excessive memory allocation with intentonally corrupted
input file,
- XCF: fix heap buffer overflow,
- XPM: fix several heap buffer overflows and out of bound reads/writes;
also fix a case of excessive memory allocation,
- CVE-2016-5118: popen() shell vulnerability via filename that contains
'|', remove pipe support entirely (closes: #825800);
file names starting with a '|' character are no longer interpreted as
shell commands to be executed as input or output,
- default.mgk file has been pared down in order to reduce security
exposure,
- CVE-2016-3714: Gnuplot ('gplt' delegate) support for rendering these
files is removed since the format is inherently insecure,
- CVE-2016-3715: adding a 'tmp:' prefix to a filename no longer removes
the file since this seems dangerous,
- CVE-2016-3718: sanity check the image file path or URL before passing
it to ReadImage(),
- fix several Coverity issues like dereference after null check, multiple
resource leaks and logically dead code.
* Update library symbols for this release.
Checksums-Sha1:
0140a2b366b42b3a80ffcd3b6eb5847567193d38 2792 graphicsmagick_1.3.24-1.dsc
2ec6c00365e8db8a008307a0541d1b5929ca0fd2 7673463 graphicsmagick_1.3.24.orig.tar.bz2
de14256aab4c9852a17911cfabde2341f7b4016f 137424 graphicsmagick_1.3.24-1.debian.tar.xz
604c7d6fac51d0d521c69ce529642cd1b0bf7389 2994580 graphicsmagick-dbg_1.3.24-1_amd64.deb
ede7a676cf2bcf30b1ba4f595f53d358b84cc07e 23174 graphicsmagick-imagemagick-compat_1.3.24-1_all.deb
0b650027c992d27580553ca28fc29b8852ea5d41 26654 graphicsmagick-libmagick-dev-compat_1.3.24-1_all.deb
aff706ad89e419ade9b9e932cc71d99135ce26a8 850216 graphicsmagick_1.3.24-1_amd64.deb
48bccbbe432d6ed13810db14ebb63864c62f0753 70636 libgraphics-magick-perl_1.3.24-1_amd64.deb
89a4e30b63548030b8aaec411b15925e73787246 117428 libgraphicsmagick++-q16-12_1.3.24-1_amd64.deb
008a4fd6651db6e20df09079035a755a427c7f93 300266 libgraphicsmagick++1-dev_1.3.24-1_amd64.deb
e6377c8db5b1a8ab8ce83ac0964a8e3a354bd129 1106494 libgraphicsmagick-q16-3_1.3.24-1_amd64.deb
4107bba00babeaa4c340a8f90cd0429e0641efc4 1296128 libgraphicsmagick1-dev_1.3.24-1_amd64.deb
Checksums-Sha256:
536288f4304702480a6e89e2265606bcea8118af2527c9eb1cb27d5ad01b1621 2792 graphicsmagick_1.3.24-1.dsc
b060a4076308f93c25d52c903ad9a07e71b402dcb2a5c62356384865c129dff2 7673463 graphicsmagick_1.3.24.orig.tar.bz2
4c7642a8f148d09fd8c2f079c0c245d3e167a5465c2694afc204e11723ffe745 137424 graphicsmagick_1.3.24-1.debian.tar.xz
febf3dfafebb5112b5b8a39fa12b80df27dc824f493709ac7a81980b5a953953 2994580 graphicsmagick-dbg_1.3.24-1_amd64.deb
7046124e4fbe63f31727c69ed29dadcb2609ac7492a56a123036f092aedd5f57 23174 graphicsmagick-imagemagick-compat_1.3.24-1_all.deb
fe7646b2d2857ccb1fbd2d19c84c7bca50fea41140029779d3ca3e5c1da94a3c 26654 graphicsmagick-libmagick-dev-compat_1.3.24-1_all.deb
772cc43b378b2aa17f901e318a05224426d20042ae82b8d27f569fdff2f4e6a6 850216 graphicsmagick_1.3.24-1_amd64.deb
efb55ebfb9c0e0a5bafbbb19643fcde020c0f5fc76d9bc41676d8198dfd9858f 70636 libgraphics-magick-perl_1.3.24-1_amd64.deb
2707042a57adea4f9d63882a38ba53056fd1def55d7c89d24029c4820c6334bb 117428 libgraphicsmagick++-q16-12_1.3.24-1_amd64.deb
ea5eb6d86f0885249074ca857287f54b47504289c48a43be26dcd681ea04a26c 300266 libgraphicsmagick++1-dev_1.3.24-1_amd64.deb
971345d63993e9e0c623d261c27f9c6fdba5504331b1e31b6efb8b47e4b3b631 1106494 libgraphicsmagick-q16-3_1.3.24-1_amd64.deb
a63cacee3750d907ff4a2f1f019dacbd468f87196b329d38da54575ae7701250 1296128 libgraphicsmagick1-dev_1.3.24-1_amd64.deb
Files:
a3cd87ca8cbe0dcddcc87beff2b4ff86 2792 graphics optional graphicsmagick_1.3.24-1.dsc
08e2d3126ba83ba29caea3a503b96b1a 7673463 graphics optional graphicsmagick_1.3.24.orig.tar.bz2
9b19b2c5f5d83b0954e9c1c980253a32 137424 graphics optional graphicsmagick_1.3.24-1.debian.tar.xz
adf3e806b31d72d8077a9bd801eb185a 2994580 debug extra graphicsmagick-dbg_1.3.24-1_amd64.deb
f0a927c5af135d0632c34ccd5905c0a5 23174 graphics extra graphicsmagick-imagemagick-compat_1.3.24-1_all.deb
3047be06ef6e01f0783ef5bea362de33 26654 graphics extra graphicsmagick-libmagick-dev-compat_1.3.24-1_all.deb
d6381ebd28f91340b512034528828da5 850216 graphics optional graphicsmagick_1.3.24-1_amd64.deb
57e552e3f0ef92465ac1fe0aae2789dc 70636 perl optional libgraphics-magick-perl_1.3.24-1_amd64.deb
d8dd2bfcd7e672a269192a525104591d 117428 libs optional libgraphicsmagick++-q16-12_1.3.24-1_amd64.deb
6361b1a3f5998f37f444dc085424eb27 300266 libdevel optional libgraphicsmagick++1-dev_1.3.24-1_amd64.deb
82d13931e7af4d14ee5b7f5945e89076 1106494 libs optional libgraphicsmagick-q16-3_1.3.24-1_amd64.deb
9cfd4f45e01e72322c430565f09f1ffa 1296128 libdevel optional libgraphicsmagick1-dev_1.3.24-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXTMMpAAoJENzjEOeGTMi/zfIP/R/szOnw56jSrSWK+Y2ueDod
7XMsUSt24iHk9C3KQB3CyZXVULiUS8GctbklNWe5lSyhZemUv6n/B6RYTO8kCjWy
aHxyaaPDWFwX48rdDg04w+0hC8CFyu7Ay40GcF/k8DBgGtIUXF8Q3iidYfQk1UBc
7yVlgJkkGVjgwMDRxYDxSnrFMctsM9sIpQBJaZnMAsBtb+c9nok9vrjrovPCZqrq
1Qh/fCk/2U2Hrs+HIpTeWDK0sMskl4yHld5eY+EmqFv0BtDqFqhHP0EEGxQzCNR/
us+x7+WnTfkjbFl+ph6ECAFmQFqrGlZsdWwIh6sk03vOsIWmWQvB0eDp7Qu/QTqg
2xATBqZTD/nKEfcWCuYqJm9qyYMb2pdGUElG8NN5zYhd5h4zsBgYw51cUqpx6rCF
7ialOfOUififxpeLhRLHblYASf2ElA3UZsZdtL7yJt1McSH+IUT20lR6iI+x+FE8
YScQF29Yzv53CbM17Y0bPulBrTvOvRkY9TZJfEvUxuUy+ZsJoMNG50oNwXrZ6BCT
FJWJt/LDDvlSSYj7JIvTXyV/keSuJgchjvWWgY4cOmXa5twrGNsrkzji/+BiReRt
mqDhX9HPaXX6tWa1rscubWi+U06WKDsNMTwK+6QPCfs9NnuhCpUjujwWQYRlIEOb
ia7y8TTG4XC3ePI9L/bO
=Cxll
-----END PGP SIGNATURE-----