Please sync graphicsmagick (universe) from unstable (main)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects distros/ubuntu/graphicsmagick
 status confirmed
 subscribe ubuntu-archive

Please sync graphicsmagick (universe) from Debian unstable (main).

Changelog since current edgy version 1.1.7-5:

graphicsmagick (1.1.7-8) unstable; urgency=high

  * coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
  * It seems I've fixed the vulnerabilities described in CVE-2006-3744
    (coders/sgi.c) independently in the previous upload already while
    the original report had been embargoed.

 -- Daniel Kobras <email address hidden> Wed, 6 Sep 2006 18:24:36 +0200

graphicsmagick (1.1.7-7) unstable; urgency=high

  * coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder
    due to
    + missing boundary checks in SGIDecode();
    + missing validation of pixel depth field;
    + integer overflow via large columns and rows fields (CVE-2006-4144)
      Closes: #383333
    + missing validation of chunk size fields (variable 'runlength') in
      run-length encoded images.
  * coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
  * coders/sgi.c: Fix calculation of internal depth value.

 -- Daniel Kobras <email address hidden> Fri, 18 Aug 2006 11:50:42 +0200

graphicsmagick (1.1.7-6) unstable; urgency=low

  * debian/compat: Bump debhelper compatibility level to 5.
  * debian/control: Build-depend on debhelper version 5 and up.
  * debian/control: Remove redundant Build-Depends-Indep.
  * debian/control: Add new package graphicsmagick-dbg containing debugging
    symbols for all language bindings and the main executable.
  * debian/control: Suggest debugging package where appropriate.
  * debian/control: Build-depend on sharutils for uudecode.
  * debian/control: Version build-dependency on libwmf-dev. Earlier versions
    will fail the testsuite.
  * debian/libgraphicsmagick++1.install: There is no libGraphicsMagickWand++,
    so don't try to install it.
  * debian/libgraphicsmagick{,++}1-dev.install: Remove .la files as long as
    nobody's using them.
  * debian/rules: Give in and disable strict aliasing for the moment until
    we get fixes for all instances that currently break the rules.
  * debian/rules: Place all debugging symbols into graphicsmagick-dbg.
  * debian/rules: New libwmf yields better image quality than old reference
    image in regression test. We cannot patch the binary image directly in
    the Debian diff, so add uudecode magic to check and clean targets.
  * debian/ski.miff.uu: Updated version of reference image in WMF regression
    test. Uuencoded to fit into the Debian diff.
  * magick/cache.c: Include definition of HAVE_PREAD before checking its
    value. Now really pulls in proper declarations of pread() and pwrite().

 -- Daniel Kobras <email address hidden> Tue, 1 Aug 2006 14:00:30 +0200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFCB9NDecnbV4Fd/IRAsoYAKDbEPM7cY9A1Tg3VTMI057xK0qXnQCeNbNs
+wFzq+ZQhl1yVlH24P2C4U0=
=qmG4
-----END PGP SIGNATURE-----