Back to graphicsmagick PTS page

Accepted graphicsmagick 1.3.28-2 (source amd64 all) into unstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 31 Mar 2018 11:05:51 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.28-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 894396
Changes:
 graphicsmagick (1.3.28-2) unstable; urgency=high
 .
   * Backport security fixes:
     - don't use rescale map if it was not allocated,
     - validate number of colormap bits to avoid undefined shift behavior,
     - defend against partial scanf() expression matching, resulting in benign
       use of uninitialized data,
     - don't use rescale map if it was not allocated,
     - fix tile index overflow,
     - reject XPM if it contains non-whitespace control characters,
     - fix forged amount of frames 6755,
     - validate header length and offset properties,
     - fixed memory leak when tile overflows,
     - fix forged amount of frames 7076,
     - check for forged image that overflows file size,
     - validate size request prior to allocation,
     - validate that file size is sufficient for claimed image properties,
     - fix signed integer overflow when computing pixels size,
     - include number of FITS scenes in file size validations,
     - allocate space for null termination and null terminate string,
     - validate that samples per pixel is in valid range,
     - check whether datablock is really read,
     - verify that sufficient backing data exists before allocating memory to
       read it,
     - duplicate image check for data with fixed geometry,
     - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
       changed while ticks_per_second is zero (closes: #894396),
     - add checks for EOF,
     - validate that PICT rectangles do not have zero dimensions,
     - check image pixel limits before allocating memory for tile.
   * Backport patch to redesign ReadBlobDwordLSB() to be more effective.
   * Backport patch to destroy tile_image in ThrowPICTReaderException() macro
     to simplify logic.
   * Backport patch to remove shadowed tile_image variable which defeats new
     ThrowPICTReaderException() implementation.
Checksums-Sha1:
 b4464f9bb498db098b59ffe96b5f94326ad8b6a6 2797 graphicsmagick_1.3.28-2.dsc
 390f37f53838d700b397d0fd3174dceec71275ef 160056 graphicsmagick_1.3.28-2.debian.tar.xz
 9d3624bf6db0d0cc006740f14d17b6663dfb02d3 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
 bcc6d1b28d96b3e5fc63d8a894dd9b78bb60d11c 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
 78d757c30b9460f877ccd612807f4e3e75ebf968 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
 45f233716d8a6b12ad8f6c14c78b47740d968050 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
 a71ef0ec9b263e03bdf9e977452f7d727ffa4b38 877600 graphicsmagick_1.3.28-2_amd64.deb
 04f107a3b1d27c769dc8794bf8c89f0c0c46b514 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
 ca4a7e860412653bad1921b1642bdf9d336fbced 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
 1f2ccbfd746b763458c32f56f61ad96b030cd802 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
 108c430f75d23f7491a71d2dadb089756d0e16cd 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
 c84f5a0d29a038fc6e9c25560a9cf5c7b1a5f912 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Checksums-Sha256:
 0671ceead3d4f720a8a2ce4e1647ebb17f6933d5f7cbaf10b707260c6c61a25a 2797 graphicsmagick_1.3.28-2.dsc
 68f6349179985aa130e2b0794649f1c5d0574fd12cc97bb801d9743c6362c234 160056 graphicsmagick_1.3.28-2.debian.tar.xz
 ebc581df0c76be14e4815c70e687ac3ff1f2222c1c8bbb20002325b6da371895 3191296 graphicsmagick-dbg_1.3.28-2_amd64.deb
 823d6a690a68a2700745cee17dadc063139d1c0a54e0fbb3ce9755fadb84b618 23628 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
 599d1eb3b37d596b947d828c2db1b9edf7bb57bef371f03b0d2326568ee6dbc4 27064 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
 c0813c138faa251426b36f74a1ac14b19188889c83e40df0cf177a4d3be2fd7d 11585 graphicsmagick_1.3.28-2_amd64.buildinfo
 9e64bb3e3be5dc7a39f152aa372e014b974a1c2ff87e0e8ecb2a837da28f7748 877600 graphicsmagick_1.3.28-2_amd64.deb
 42965ddab07a9ceea9779b2f2ddcffb3d273ef1973e379c0727204062231470c 70404 libgraphics-magick-perl_1.3.28-2_amd64.deb
 3027039592618d4e78f534136a8fbf0b0f51f10fce2b8f25737987fab09bc5f5 118268 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
 0c4f399b0410ba5b0b5b3ae1e9349d3c45a045f41d90563920921334c2a37df0 303072 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
 198cbd30ba820ae361d1cf195fe8049338d4e677812206d14f201a6568103e19 1120000 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
 78a93c82b88bcc6754de2e3821be7bbabe61b22cc8c7446bc55025f20e7e77b8 1345600 libgraphicsmagick1-dev_1.3.28-2_amd64.deb
Files:
 250731224a0493bcd1e5a53ea2ca908f 2797 graphics optional graphicsmagick_1.3.28-2.dsc
 865c0b168fd1e45e0c13139d2437396c 160056 graphics optional graphicsmagick_1.3.28-2.debian.tar.xz
 78bfead8e742260ed8f14e935f7fb43e 3191296 debug optional graphicsmagick-dbg_1.3.28-2_amd64.deb
 031d7c23a0e4ae52f626ebc2ce3886a9 23628 graphics optional graphicsmagick-imagemagick-compat_1.3.28-2_all.deb
 f1c0cc0318a2aa508969cfbeecd31171 27064 graphics optional graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb
 04441f7f28a4bb74825ef0be365b67f1 11585 graphics optional graphicsmagick_1.3.28-2_amd64.buildinfo
 eb1c0ed1b7b7c095d0b18c3b7ab849e6 877600 graphics optional graphicsmagick_1.3.28-2_amd64.deb
 5f5d3491df50a87cb4d98c563291cac4 70404 perl optional libgraphics-magick-perl_1.3.28-2_amd64.deb
 bfeea401156b22be0cff51de90338168 118268 libs optional libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb
 89a42fbc27d6f059824331eb048c3a21 303072 libdevel optional libgraphicsmagick++1-dev_1.3.28-2_amd64.deb
 af2312352800d2ec18e57fd08db412f0 1120000 libs optional libgraphicsmagick-q16-3_1.3.28-2_amd64.deb
 789039bad9d157b18223c74e693f524b 1345600 libdevel optional libgraphicsmagick1-dev_1.3.28-2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlq/4nkACgkQ3OMQ54ZM
yL+G5Q//T83yQyWAoqyNXQjc86frf4CPl5w2DbUpBE0lCQTLm5ifFEZusFvqfOod
7x11jbq/c5X7baqEGK6+UdCBs5uRusM6juNmo8hFLkdMKHK09u832jE4tLN3JtIm
tWv1S+2hTFiDdhlLImRfcAGDQIW2AemolVTvK9pu8fNglXj6Ftrmb3LlmV1RsUA/
lQBbRpg8a5GlOjk9+tmcpD7d0U/fMXHr9ndrbqDmJdRVfLhMDnzl1v9HwJykeb/A
FY8Lxdz5D6IBv0O1jK1C72gZlBY5JogiXQsuvEXGzxwReinwszmbhgl1eyMYSbO4
uz2DK8/95xHFIGzndt5rNcbEwv/NFDmdciA2sAPYKsPSVg7WEJe/Br/DFsLx4mxc
3XSuq+8rWFlL6/Y+dhVDYwtSO3UPxB4BQgaLWqx1qyEk+nPokffBlG8gA72DbACz
zMQkSG+MfZsY5uF7d/ZVN3n4GuTBhM2LMd3dW3k/6fBj+eAUlW+400tvksbpMHPf
NXUJbWW4nTqkLBh36WZonVDug80/q7ElguCCV3HgrZkzhmlxSUQ4nSB859EkITmc
p4GTSkrmeWGNs61i2SXoKRMEHSs/ml17dKwJQnuHhAwa7xyAkT15E2Ux7BjHAPOi
RoxMOLe+AvFSLwB8lYD/VD6R2+0e6C3Amv1Bi7QSO3OC9fXrZyM=
=Wuxa
-----END PGP SIGNATURE-----