Back to graphicsmagick PTS page

Accepted graphicsmagick 1.4~hg15968-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 15 Apr 2019 17:40:12 +0000
Source: graphicsmagick
Architecture: source
Version: 1.4~hg15968-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 927029
Changes:
 graphicsmagick (1.4~hg15968-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues
     (closes: #927029):
     - ReadMATImage(): Report a corrupt image exception if reader encounters
       end of file while reading scanlines (use of uninitialized value in
       IsGrayImag() ),
     - ReadTOPOLImage(): Report a corrupt image if reader encounters end of
       file while reading header rows (use of uninitialized value in
       InsertRow() ),
     - OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and
       length as well as for the total pixels calculation to prevent some more
       arithmetic overflows,
     - SetNexus(): Apply resource limits to pixel nexus allocations to prevent
       arithmetic and integer overflows,
     - SetNexus(): Report error for empty region rather than crashing due to
       divide by zero exception,
     - ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating
       point exception in SetNexus(),
     - ReadMATImage(): Quit if image scanlines are not fully populated due to
       exception to prevent use of uninitialized value in
       InsertComplexFloatRow(),
     - ReadMATImage(): Fix memory leak on unexpected end of file,
     - Throwing an exception is now thread-safe,
     - Fx module error handling/reporting improvements,
     - Fix various uses of allocated memory without checking if memory
       allocation has failed,
     - CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or
       an irrationally large profile length to prevent memory leak,
     - CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one
       PixelPacket) of image colormap,
     - CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading
       DirectClass XWD file,
     - CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE
       packets to prevent heap buffer overflow,
     - CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while
       parsing quoted font family value,
     - CVE-2019-11008: XWD: Perform more header validations, a file size
       validation, and fix arithmetic overflows leading to heap overwrite,
     - ReadWMFImage(): Reject WMF files with an empty bounding box to prevent
       division by zero problems,
     - WritePDBImage(): Use correct bits/sample rather than image->depth to
       prevent potential buffer overflow,
     - WriteMATLABImage(): Add completely missing error handling to prevent
       heap buffer overflow,
     - SetNexus(): Fix arithmetic overflow while testing x/y offset limits,
     - DrawPrimitive(): Check primitive point x/y values for NaN to prevent
       integer overflow,
     - DrawImage(): Fix integer overflow while validating gradient dimensions,
     - WritePDBImage(): Assure that input scanline is cleared in order to
       cover up some decoder bug to prevent use of uninitialized value,
     - ReadXWDImage(): Add more validation logic to avoid crashes due to FPE
       and invalid reads.
   * Update library symbols for this release.
Checksums-Sha1:
 d593adbae3d3cd1d7e131e33160f90f4e33f5fdc 2855 graphicsmagick_1.4~hg15968-1.dsc
 005f1e479987a46ff2ce27ce88a80ec53f7d855d 8881012 graphicsmagick_1.4~hg15968.orig.tar.xz
 59f407e71f2ca2b7f6ce7e926a5c4bcb671561dc 144216 graphicsmagick_1.4~hg15968-1.debian.tar.xz
 a98d1f0f10819aa8993c3b8fc89da8983fc9154e 11892 graphicsmagick_1.4~hg15968-1_amd64.buildinfo
Checksums-Sha256:
 2345b0c587141b5c569cde846da414c67a975464387505e5406006eacb7f8a09 2855 graphicsmagick_1.4~hg15968-1.dsc
 eac04fefacac3bc8bd38f92ca35847b4702ebec9e2e13bde03dca3c936b4c1b1 8881012 graphicsmagick_1.4~hg15968.orig.tar.xz
 38d353149c577577d4c15a8ded5463b0bb7d13e4e2a334c22f4ae772f56a9c12 144216 graphicsmagick_1.4~hg15968-1.debian.tar.xz
 dd121ebc9f39f36030d18d9f61c743788663f2b90adc0a91418a840930dcbd5c 11892 graphicsmagick_1.4~hg15968-1_amd64.buildinfo
Files:
 3f421092d03042c2932d3876fb09984a 2855 graphics optional graphicsmagick_1.4~hg15968-1.dsc
 a30fbac5f5aff370d6ec1b181f0704d6 8881012 graphics optional graphicsmagick_1.4~hg15968.orig.tar.xz
 0acd37a677107e493d1b57f2ee615c23 144216 graphics optional graphicsmagick_1.4~hg15968-1.debian.tar.xz
 56baed2ecf58eae0c81aad5a3b35ed74 11892 graphics optional graphicsmagick_1.4~hg15968-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAly02b0ACgkQ3OMQ54ZM
yL/Msg//XitPpv++PfFe/mfSTXPHkXnsY73Pgdz6d+Nirr5a91DiCfxy1R3vOfi3
rb73Bmwss/UcRC46A7PngBsAKdD5vsm0vdicf6602X7nQVEBARVErSaDLkyUH/X7
OB7/qc+DrmAh3b8dtedZmjVcj7nvC1L47E2J3LvtstH68jndD6n/AOB2gYC/ATWo
CwhpsizUTVwl0w7rLt/PDrqzWbdVoimw1V1qVXRsfG0YC8+2TKa5Ix3O/WGJRZyW
ZD4TLl/OKe3bPhAWfslRuFTd04cZqmWPBiBd/esJTtX7ofhQzmj02TufopXkGf60
irkeKiMTmqa/yegnQ/nRwoGFxwCwyHb3xVBRYA/Of7SmOuN4LvixPHLlolBjOrw/
xQVd0Pglo06+LxaYP3wYjTO6vrFrm30pIAwg5UKpsM42sYWPTgMZY964Dh0hMAJe
VWW4Ou9wqbjLADpjnev/m10ZCJaY/S3etVsMtGPWqTt/PRE9LYO8bM/IP2+wAi3M
wHIIRTCdJJMG7QeoggCU8QyiUhPWhWeHX2dcEkuMs27+20W2ktZ/ZusS5HIL4uf/
Gx9A0HJp1VrM1zYCJXCZrMkU19kwet6cQDiHMc5iACXNCD1EkW5jMVwFw6F2/Kyl
xJ84XbmoaVTUMBO+yZhQ4sI4rYVZH87MCQc+xq5PxvUu0j/RyKw=
=pqZc
-----END PGP SIGNATURE-----