Accepted graphicsmagick 1.4+really1.3.35-1~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 18 Apr 2020 16:30:17 +0000
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.35-1~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 935099 947311 951758
Changes:
graphicsmagick (1.4+really1.3.35-1~deb10u1) buster-security; urgency=high
.
* Security backport for Buster.
* Relax Standards-Version to 4.3.0 .
.
graphicsmagick (1.4+really1.3.35-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- ReadSVGImage(): Fix dereference of NULL pointer when stopping image
timer,
- DrawImage(): Fix integer-overflow in DrawPolygonPrimitive() .
* Update library symbols for this release.
.
[ Nicolas Boulenguez <nicolas@debian.org> ]
* mime: improve formatting.
* mime: adjust priority for all images (closes: #951758).
.
graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium
.
* Mercurial snapshot, fixing the following security issues:
- WritePICTImage(): Eliminating small buffer overrun when run-length
encoding pixels,
- WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw
exception,
- DecodeImage(): Fix heap buffer over-reads,
- DecodeImage(): Allocate extra scanline memory to allow small
RLE overrun.
* Update library symbols for this release.
* Update Standards-Version to 4.5.0 .
.
graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium
.
* Mercurial snapshot, fixing the following security issue:
- WritePCXImage(): Fix heap overflow in PCX writer when bytes per line
value overflows its 16-bit storage unit.
* Fix definition of ResourceInfinity.
.
[ Nicolas Boulenguez <nicolas@debian.org> ]
* Lower MIME priority for PS/PDF (closes: #935099).
.
graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium
.
* Still use glibc malloc allocator.
.
graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- PNMInteger(): Place a generous arbitrary limit on the amount of PNM
comment text to avoid DoS opportunity,
- MagickClearException(): Destroy any existing exception info before
re-initializing the exception info or else there will be a memory leak,
- HuffmanDecodeImage(): Fix signed overflow on range check which leads
to heap overflow,
- ReadMNGImage(): Only magnify the image if the requested magnification
methods are supported,
- GenerateEXIFAttribute(): Add validations to prevent heap buffer
overflow,
- DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern
of cloned draw_info are not null,
- CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit
is exceeded (closes: #947311).
* Build with Google Thread-Caching Malloc library.
* Update Standards-Version to 4.4.1 .
.
graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issue:
- CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob()
reports failure.
.
graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- ReadMNGImage(): skip coalescing layers if there is only one layer,
- DrawStrokePolygon(): handle case where TraceStrokePolygon() returns
NULL,
- DrawDashPolygon(): handle case where DrawStrokePolygon() returns
MagickFail,
- TraceBezier(): detect arithmetic overflow and return errors via
normal error path rather than exiting,
- ExtractTokensBetweenPushPop(): fix non-terminal parsing loop,
- GenerateEXIFAttribute(): check that we are not being directed to read
an IFD that we are already parsing and quit in order to avoid a loop,
- ReallocColormap(): avoid dereferencing a NULL pointer if
image->colormap is NULL,
- png_read_raw_profile(): fix validation of raw profile length,
- TraceArcPath(): substitute a lineto command when tracing arc is
impossible,
- GenerateEXIFAttribute(): skip unsupported/invalid format 0.
.
graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium
.
* New upstream release, including many security fixes.
.
graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- DrawImage(): Terminate drawing if DrawCompositeMask() reports failure,
- DrawImage(): Detect an error in TracePath() and quit rather than
forging on.
* Backport security fixes:
- ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable,
- WriteDIBImage(): Detect arithmetic overflow of image_size,
- WriteBMPImage(): Detect arithmetic overflow of image_size,
- WriteBMPImage(): Assure that chromaticity uses double-precision for
multiply before casting to unsigned integer.
.
graphicsmagick (1.4~hg16039-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also
fix undefined behavior caused by large left shifts of an unsigned char,
- ThrowException(), ThrowLoggedException(): Handle the case where some
passed character strings refer to existing exception character strings,
- PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage()
stack,
- WritePDFImage(): Allocate working buffer on stack and pass as argument
to EscapeParenthesis() to eliminate a thread safety problem,
- TranslateTextEx(): Remove support for reading from a file using
'@filename' syntax,
- DrawImage(): Only support '@filename' syntax to read drawing primitive
from a file if we are not already drawing.
* Update library symbols for this release.
Checksums-Sha1:
88b68f8368a7cece1b4b323ccb6aa280faeed5f1 2928 graphicsmagick_1.4+really1.3.35-1~deb10u1.dsc
b0460d7fb8b2d542a44446322ea62c053bc54b0c 5543224 graphicsmagick_1.4+really1.3.35.orig.tar.xz
1d28c9e8ea9ae95ca0c5c0c581d314aac5aff838 145796 graphicsmagick_1.4+really1.3.35-1~deb10u1.debian.tar.xz
Checksums-Sha256:
9f69f24b2c8cd29128b54a52380615d276c84dfa512f3db2d4e5e187b64090d5 2928 graphicsmagick_1.4+really1.3.35-1~deb10u1.dsc
188a8d6108fea87a0208723e8d206ec1d4d7299022be8ce5d0a9720509250250 5543224 graphicsmagick_1.4+really1.3.35.orig.tar.xz
41a2ca52e385009082259d1d4dc9354b079dee4c4d9af4fd71c7daa7fbc94c2e 145796 graphicsmagick_1.4+really1.3.35-1~deb10u1.debian.tar.xz
Files:
4bcaca963065d5441dada71a5816c850 2928 graphics optional graphicsmagick_1.4+really1.3.35-1~deb10u1.dsc
e565b6ce1564d62409b3faa5c747096e 5543224 graphics optional graphicsmagick_1.4+really1.3.35.orig.tar.xz
454c6aea75d18f5239098d27554a2ec7 145796 graphics optional graphicsmagick_1.4+really1.3.35-1~deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl6xJV4ACgkQ3OMQ54ZM
yL8/FA//c+vGHo2DLuLvnTZIJY3sRtNq6lANkkeZQX8u/M3ybS3xj5E1l9NSiDZY
1QKk+1iNqwNEu6T6Gw/6np46gzCW4TWNOcL5lmoh0Eo9HASp+SNr/6MnX37iIWee
MTMgjGwHcupYVssUtRNngdqam3e5wgqiwkwDw7dXfU1wbUB18IUpRJTx7N7x2Yo3
n1hrBmIxxYW+fDiCTLsGv8qbO6Mwdi7i7Qz/fEBvY9A/3FIfcLA5/WxbTlv7YJKL
/9hKELErlsESIuDd52/CJH7E1E+nYcGS04fDsQ7LrK6zYilNBQXkGqNjhUVxT4sw
eCvyJYLysQy/ZJWU8ybupjjchZGlLpyO8luzkvQ4ReQDM1WuX4oIy70rC51DxynU
jeqqczIxmD7QwDPTO/HLKJ2b0IFFK0qI/kdQC/vTZuTgIJgqj46y6Qidjafoz348
mpoOgfTvp18cM5xvYBe0GZFwu4vn9VMCy7DU10XA0OWJlEwLlOAaI0KONNA+/h/b
hhyJlk6w/E3jXVNNGfzdhsdPDis9GqS5KYRIukQ1AzHNaIwjDu2gzA8ArAfzNlWp
boH750QYcjbrcBGIZmH7MloHaRVHlhOeaUkux+6HZeX0uqbF6gmna9hJKDXrqbJw
nu7m16v7ZW161BG3PsoxS5BayLOpLs+wCQ/s93JOE7+TtEOhd5Q=
=ZL3g
-----END PGP SIGNATURE-----