Back to graphicsmagick PTS page

Accepted graphicsmagick 1.4+really1.3.35-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 18 Apr 2020 16:30:17 +0000
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.35-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 935099 947311 951758
Changes:
 graphicsmagick (1.4+really1.3.35-1~deb10u1) buster-security; urgency=high
 .
   * Security backport for Buster.
   * Relax Standards-Version to 4.3.0 .
 .
 graphicsmagick (1.4+really1.3.35-1) unstable; urgency=high
 .
   * New upstream release, fixing the following security issues among others:
     - ReadSVGImage(): Fix dereference of NULL pointer when stopping image
       timer,
     - DrawImage(): Fix integer-overflow in DrawPolygonPrimitive() .
   * Update library symbols for this release.
 .
   [ Nicolas Boulenguez <nicolas@debian.org> ]
   * mime: improve formatting.
   * mime: adjust priority for all images (closes: #951758).
 .
 graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium
 .
   * Mercurial snapshot, fixing the following security issues:
     - WritePICTImage(): Eliminating small buffer overrun when run-length
       encoding pixels,
     - WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw
       exception,
     - DecodeImage(): Fix heap buffer over-reads,
     - DecodeImage(): Allocate extra scanline memory to allow small
       RLE overrun.
   * Update library symbols for this release.
   * Update Standards-Version to 4.5.0 .
 .
 graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium
 .
   * Mercurial snapshot, fixing the following security issue:
     - WritePCXImage(): Fix heap overflow in PCX writer when bytes per line
       value overflows its 16-bit storage unit.
   * Fix definition of ResourceInfinity.
 .
   [ Nicolas Boulenguez <nicolas@debian.org> ]
   * Lower MIME priority for PS/PDF (closes: #935099).
 .
 graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium
 .
   * Still use glibc malloc allocator.
 .
 graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high
 .
   * New upstream release, fixing the following security issues among others:
     - PNMInteger(): Place a generous arbitrary limit on the amount of PNM
       comment text to avoid DoS opportunity,
     - MagickClearException(): Destroy any existing exception info before
       re-initializing the exception info or else there will be a memory leak,
     - HuffmanDecodeImage(): Fix signed overflow on range check which leads
       to heap overflow,
     - ReadMNGImage(): Only magnify the image if the requested magnification
       methods are supported,
     - GenerateEXIFAttribute(): Add validations to prevent heap buffer
       overflow,
     - DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern
       of cloned draw_info are not null,
     - CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit
       is exceeded (closes: #947311).
   * Build with Google Thread-Caching Malloc library.
   * Update Standards-Version to 4.4.1 .
 .
 graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issue:
     - CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob()
       reports failure.
 .
 graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues:
     - ReadMNGImage(): skip coalescing layers if there is only one layer,
     - DrawStrokePolygon(): handle case where TraceStrokePolygon() returns
       NULL,
     - DrawDashPolygon(): handle case where DrawStrokePolygon() returns
       MagickFail,
     - TraceBezier(): detect arithmetic overflow and return errors via
       normal error path rather than exiting,
     - ExtractTokensBetweenPushPop(): fix non-terminal parsing loop,
     - GenerateEXIFAttribute(): check that we are not being directed to read
       an IFD that we are already parsing and quit in order to avoid a loop,
     - ReallocColormap(): avoid dereferencing a NULL pointer if
       image->colormap is NULL,
     - png_read_raw_profile(): fix validation of raw profile length,
     - TraceArcPath(): substitute a lineto command when tracing arc is
       impossible,
     - GenerateEXIFAttribute(): skip unsupported/invalid format 0.
 .
 graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium
 .
   * New upstream release, including many security fixes.
 .
 graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high
 .
   * New upstream release, fixing the following security issues among others:
     - DrawImage(): Terminate drawing if DrawCompositeMask() reports failure,
     - DrawImage(): Detect an error in TracePath() and quit rather than
       forging on.
   * Backport security fixes:
     - ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable,
     - WriteDIBImage(): Detect arithmetic overflow of image_size,
     - WriteBMPImage(): Detect arithmetic overflow of image_size,
     - WriteBMPImage(): Assure that chromaticity uses double-precision for
       multiply before casting to unsigned integer.
 .
 graphicsmagick (1.4~hg16039-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues:
     - ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also
       fix undefined behavior caused by large left shifts of an unsigned char,
     - ThrowException(), ThrowLoggedException(): Handle the case where some
       passed character strings refer to existing exception character strings,
     - PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage()
       stack,
     - WritePDFImage(): Allocate working buffer on stack and pass as argument
       to EscapeParenthesis() to eliminate a thread safety problem,
     - TranslateTextEx(): Remove support for reading from a file using
       '@filename' syntax,
     - DrawImage(): Only support '@filename' syntax to read drawing primitive
       from a file if we are not already drawing.
   * Update library symbols for this release.
Checksums-Sha1:
 88b68f8368a7cece1b4b323ccb6aa280faeed5f1 2928 graphicsmagick_1.4+really1.3.35-1~deb10u1.dsc
 b0460d7fb8b2d542a44446322ea62c053bc54b0c 5543224 graphicsmagick_1.4+really1.3.35.orig.tar.xz
 1d28c9e8ea9ae95ca0c5c0c581d314aac5aff838 145796 graphicsmagick_1.4+really1.3.35-1~deb10u1.debian.tar.xz
Checksums-Sha256:
 9f69f24b2c8cd29128b54a52380615d276c84dfa512f3db2d4e5e187b64090d5 2928 graphicsmagick_1.4+really1.3.35-1~deb10u1.dsc
 188a8d6108fea87a0208723e8d206ec1d4d7299022be8ce5d0a9720509250250 5543224 graphicsmagick_1.4+really1.3.35.orig.tar.xz
 41a2ca52e385009082259d1d4dc9354b079dee4c4d9af4fd71c7daa7fbc94c2e 145796 graphicsmagick_1.4+really1.3.35-1~deb10u1.debian.tar.xz
Files:
 4bcaca963065d5441dada71a5816c850 2928 graphics optional graphicsmagick_1.4+really1.3.35-1~deb10u1.dsc
 e565b6ce1564d62409b3faa5c747096e 5543224 graphics optional graphicsmagick_1.4+really1.3.35.orig.tar.xz
 454c6aea75d18f5239098d27554a2ec7 145796 graphics optional graphicsmagick_1.4+really1.3.35-1~deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl6xJV4ACgkQ3OMQ54ZM
yL8/FA//c+vGHo2DLuLvnTZIJY3sRtNq6lANkkeZQX8u/M3ybS3xj5E1l9NSiDZY
1QKk+1iNqwNEu6T6Gw/6np46gzCW4TWNOcL5lmoh0Eo9HASp+SNr/6MnX37iIWee
MTMgjGwHcupYVssUtRNngdqam3e5wgqiwkwDw7dXfU1wbUB18IUpRJTx7N7x2Yo3
n1hrBmIxxYW+fDiCTLsGv8qbO6Mwdi7i7Qz/fEBvY9A/3FIfcLA5/WxbTlv7YJKL
/9hKELErlsESIuDd52/CJH7E1E+nYcGS04fDsQ7LrK6zYilNBQXkGqNjhUVxT4sw
eCvyJYLysQy/ZJWU8ybupjjchZGlLpyO8luzkvQ4ReQDM1WuX4oIy70rC51DxynU
jeqqczIxmD7QwDPTO/HLKJ2b0IFFK0qI/kdQC/vTZuTgIJgqj46y6Qidjafoz348
mpoOgfTvp18cM5xvYBe0GZFwu4vn9VMCy7DU10XA0OWJlEwLlOAaI0KONNA+/h/b
hhyJlk6w/E3jXVNNGfzdhsdPDis9GqS5KYRIukQ1AzHNaIwjDu2gzA8ArAfzNlWp
boH750QYcjbrcBGIZmH7MloHaRVHlhOeaUkux+6HZeX0uqbF6gmna9hJKDXrqbJw
nu7m16v7ZW161BG3PsoxS5BayLOpLs+wCQ/s93JOE7+TtEOhd5Q=
=ZL3g
-----END PGP SIGNATURE-----