Accepted graphicsmagick 1.3.28-2 (source amd64 all) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 31 Mar 2018 11:05:51 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.28-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 894396
Changes:
graphicsmagick (1.3.28-2) unstable; urgency=high
.
* Backport security fixes:
- don't use rescale map if it was not allocated,
- validate number of colormap bits to avoid undefined shift behavior,
- defend against partial scanf() expression matching, resulting in benign
use of uninitialized data,
- don't use rescale map if it was not allocated,
- fix tile index overflow,
- reject XPM if it contains non-whitespace control characters,
- fix forged amount of frames 6755,
- validate header length and offset properties,
- fixed memory leak when tile overflows,
- fix forged amount of frames 7076,
- check for forged image that overflows file size,
- validate size request prior to allocation,
- validate that file size is sufficient for claimed image properties,
- fix signed integer overflow when computing pixels size,
- include number of FITS scenes in file size validations,
- allocate space for null termination and null terminate string,
- validate that samples per pixel is in valid range,
- check whether datablock is really read,
- verify that sufficient backing data exists before allocating memory to
read it,
- duplicate image check for data with fixed geometry,
- CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
changed while ticks_per_second is zero (closes: #894396),
- add checks for EOF,
- validate that PICT rectangles do not have zero dimensions,
- check image pixel limits before allocating memory for tile.
* Backport patch to redesign ReadBlobDwordLSB() to be more effective.
* Backport patch to destroy tile_image in ThrowPICTReaderException() macro
to simplify logic.
* Backport patch to remove shadowed tile_image variable which defeats new
ThrowPICTReaderException() implementation.
Checksums-Sha1:
b4464f9bb498db098b59ffe96b5f94326ad8b6a6 2797 graphicsmagick_1.3.28-2.dsc
390f37f53838d700b397d0fd3174dceec71275ef 160056 graphicsmagick_1.3.28-2.debian.tar.xz
9d3624bf6db0d0cc006740f14d17b6663dfb02d3 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
bcc6d1b28d96b3e5fc63d8a894dd9b78bb60d11c 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
78d757c30b9460f877ccd612807f4e3e75ebf968 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
45f233716d8a6b12ad8f6c14c78b47740d968050 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
a71ef0ec9b263e03bdf9e977452f7d727ffa4b38 877600 graphicsmagick_1.3.28-2_amd64.deb
04f107a3b1d27c769dc8794bf8c89f0c0c46b514 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
ca4a7e860412653bad1921b1642bdf9d336fbced 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
1f2ccbfd746b763458c32f56f61ad96b030cd802 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
108c430f75d23f7491a71d2dadb089756d0e16cd 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
c84f5a0d29a038fc6e9c25560a9cf5c7b1a5f912 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Checksums-Sha256:
0671ceead3d4f720a8a2ce4e1647ebb17f6933d5f7cbaf10b707260c6c61a25a 2797 graphicsmagick_1.3.28-2.dsc
68f6349179985aa130e2b0794649f1c5d0574fd12cc97bb801d9743c6362c234 160056 graphicsmagick_1.3.28-2.debian.tar.xz
ebc581df0c76be14e4815c70e687ac3ff1f2222c1c8bbb20002325b6da371895 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
823d6a690a68a2700745cee17dadc063139d1c0a54e0fbb3ce9755fadb84b618 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
599d1eb3b37d596b947d828c2db1b9edf7bb57bef371f03b0d2326568ee6dbc4 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
c0813c138faa251426b36f74a1ac14b19188889c83e40df0cf177a4d3be2fd7d 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
9e64bb3e3be5dc7a39f152aa372e014b974a1c2ff87e0e8ecb2a837da28f7748 877600 graphicsmagick_1.3.28-2_amd64.deb
42965ddab07a9ceea9779b2f2ddcffb3d273ef1973e379c0727204062231470c 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
3027039592618d4e78f534136a8fbf0b0f51f10fce2b8f25737987fab09bc5f5 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
0c4f399b0410ba5b0b5b3ae1e9349d3c45a045f41d90563920921334c2a37df0 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
198cbd30ba820ae361d1cf195fe8049338d4e677812206d14f201a6568103e19 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
78a93c82b88bcc6754de2e3821be7bbabe61b22cc8c7446bc55025f20e7e77b8 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Files:
250731224a0493bcd1e5a53ea2ca908f 2797 graphics optional graphicsmagick_1.3.28-2.dsc
865c0b168fd1e45e0c13139d2437396c 160056 graphics optional graphicsmagick_1.3.28-2.debian.tar.xz
78bfead8e742260ed8f14e935f7fb43e 3191296 debug optional graphicsmagick-dbg_1.3.28-2_amd64.deb
031d7c23a0e4ae52f626ebc2ce3886a9 23628 graphics optional graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
f1c0cc0318a2aa508969cfbeecd31171 27064 graphics optional graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
04441f7f28a4bb74825ef0be365b67f1 11585 graphics optional graphicsmagick_1.3.28-2_amd64.buildinfo
eb1c0ed1b7b7c095d0b18c3b7ab849e6 877600 graphics optional graphicsmagick_1.3.28-2_amd64.deb
5f5d3491df50a87cb4d98c563291cac4 70404 perl optional libgraphics-magick-perl_1.3.28-2_amd64.deb
bfeea401156b22be0cff51de90338168 118268 libs optional libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
89a42fbc27d6f059824331eb048c3a21 303072 libdevel optional libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
af2312352800d2ec18e57fd08db412f0 1120000 libs optional libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
789039bad9d157b18223c74e693f524b 1345600 libdevel optional libgraphicsmagick1-dev_1.3.28-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlq/4nkACgkQ3OMQ54ZM
yL+G5Q//T83yQyWAoqyNXQjc86frf4CPl5w2DbUpBE0lCQTLm5ifFEZusFvqfOod
7x11jbq/c5X7baqEGK6+UdCBs5uRusM6juNmo8hFLkdMKHK09u832jE4tLN3JtIm
tWv1S+2hTFiDdhlLImRfcAGDQIW2AemolVTvK9pu8fNglXj6Ftrmb3LlmV1RsUA/
lQBbRpg8a5GlOjk9+tmcpD7d0U/fMXHr9ndrbqDmJdRVfLhMDnzl1v9HwJykeb/A
FY8Lxdz5D6IBv0O1jK1C72gZlBY5JogiXQsuvEXGzxwReinwszmbhgl1eyMYSbO4
uz2DK8/95xHFIGzndt5rNcbEwv/NFDmdciA2sAPYKsPSVg7WEJe/Br/DFsLx4mxc
3XSuq+8rWFlL6/Y+dhVDYwtSO3UPxB4BQgaLWqx1qyEk+nPokffBlG8gA72DbACz
zMQkSG+MfZsY5uF7d/ZVN3n4GuTBhM2LMd3dW3k/6fBj+eAUlW+400tvksbpMHPf
NXUJbWW4nTqkLBh36WZonVDug80/q7ElguCCV3HgrZkzhmlxSUQ4nSB859EkITmc
p4GTSkrmeWGNs61i2SXoKRMEHSs/ml17dKwJQnuHhAwa7xyAkT15E2Ux7BjHAPOi
RoxMOLe+AvFSLwB8lYD/VD6R2+0e6C3Amv1Bi7QSO3OC9fXrZyM=
=Wuxa
-----END PGP SIGNATURE-----