Accepted graphicsmagick 1.4~hg15873-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Dec 2018 19:04:33 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source
Version: 1.4~hg15873-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
graphicsmagick - collection of image processing tools
graphicsmagick-dbg - format-independent image processing - debugging symbols
graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
libgraphics-magick-perl - format-independent image processing - perl interface
libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
libgraphicsmagick++1-dev - format-independent image processing - C++ development files
libgraphicsmagick-q16-3 - format-independent image processing - C shared library
libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 916719 916721 916752
Changes:
graphicsmagick (1.4~hg15873-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- WriteImage(): Eliminate use of just-freed memory in clone_info->magick,
- ReadMIFFImage(): Fix memory leak of profiles 'name' when claimed length
is zero,
- WriteXPMImage(): Assure that added colormap entry for transparent XPM
is initialized,
- ReadMNGImage(): Fix non-terminal MNG looping,
- ReadMIFFImage(): Sanitize claimed profile size before allocating memory
for it,
- CVE-2018-20185: ReadBMPImage(): Fix heap overflow in 32-bit build due
to arithmetic overflow (closes: #916719),
- CVE-2018-20184: WriteTGAImage(): Image rows/columns must not be larger
than 65535 (closes: #916721),
- ReadTIFFImage(): More validations and stricter error reporting,
- ReadMIFFImage(): Detect and reject zero-length deflate-encoded row in
MIFF version 0,
- CVE-2018-20189: ReadDIBImage(): DIB images claiming more than 8-bits
per pixel are not colormapped (closes: #916752).
* Add pkg-config to build dependency for FreeType 2.9.1+ detection.
* Update library symbols for this release.
Checksums-Sha1:
570a64fc1c84f10e250fe16658ec184ad5feda11 2855 graphicsmagick_1.4~hg15873-1.dsc
b8b928725b9dc11ae384492fa9a3fff72ea5249e 8601140 graphicsmagick_1.4~hg15873.orig.tar.xz
01104bf756373ea16b215370920e7dc82076ed18 142760 graphicsmagick_1.4~hg15873-1.debian.tar.xz
cd484cf006c65e55aa2a4fc67d4bbdffffc147f8 11902 graphicsmagick_1.4~hg15873-1_amd64.buildinfo
Checksums-Sha256:
9693950df9b7ada072bd3a01e63ef777f632fd2ea29e41ffc721120ad38fa9d3 2855 graphicsmagick_1.4~hg15873-1.dsc
7fd10c6f70273af33d40671195682f1b3a8bb478523388e49eee98b0fceda930 8601140 graphicsmagick_1.4~hg15873.orig.tar.xz
e7ee0d298f63f06906d01b95bf9adc05c0c4e06ca3f9f4108a249088d1aca57e 142760 graphicsmagick_1.4~hg15873-1.debian.tar.xz
b418fd324f3be55c2b8827c39f063c3b5c864f3e6f9f8d752e530ba236937f57 11902 graphicsmagick_1.4~hg15873-1_amd64.buildinfo
Files:
6d743b2f0ce9591b00615b495d1eba94 2855 graphics optional graphicsmagick_1.4~hg15873-1.dsc
436d86adba099cf081c25fda5203d4b0 8601140 graphics optional graphicsmagick_1.4~hg15873.orig.tar.xz
4997053a300319d4e660d0f70e595e27 142760 graphics optional graphicsmagick_1.4~hg15873-1.debian.tar.xz
ed36e05e528f8b06a7637e17e9b13f7b 11902 graphics optional graphicsmagick_1.4~hg15873-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlwcQq4ACgkQ3OMQ54ZM
yL8ZLg/+O7y8a5z7x0kvywOfrEfcox5siIv/0OY4U5WuVorc/SlKTptcmc/U5t8u
bGGgRvP9U1RhFTXM9KvOxsDU9jo48ZbuS6K9HjxvUDM3zxgNqCtcuQI7A7dVIrml
qKAdaY6cjKDqjVcRw0HjXmuXf9cy8b8RzPWaA3VRRZ3Hd+RDmu6YICVE8cGEvMrq
2dM0dC4Ih1LAt7DfvHt4l0Hvha1B8dxo0KSbP74F6dmtimXFDb2C9Okxl5JVi0sJ
rk/9ZvAHN0pmrBjCegJuYtmI6u6vvZtNmkSPO+hyhidhqKT/8uEMoHJA2Wbg9RwN
KGHjhXH7OWooeKvH7d3BP8DWGmunx4tbevQ43ncRTEhys4GHlq2EajiRITJiMwdb
bc6+oqv50j3tIWms7NmX3g58irnOE8/acsAOlHmsVVRYdJBtfjBlyDrBwUH2mfp/
Y/ClSNQQsaaBCqAJcnocqjfpcvgDXD+xmeWutSjk+zivNRQKIDxyo0jiUDT9s9QT
B3GZS5rx1qsQG+6RrEsT11jnTL4esLRiMLavqJO5htKkNt5x/yKyp7vsmR9qR7xE
lr+as848W7UWsZWajvFXvv17Qh3HGSWulPW+atBFkNzsPZzt/3+kCF5ZkA6ipMxT
U+EwY49ljer/dRYsxp2W5t9xCAo7PW4ezw0PAFWABa5BPPcW8Kc=
=0f0w
-----END PGP SIGNATURE-----