Please sync graphicsmagick (universe) from unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
graphicsmagick (Ubuntu) |
Fix Released
|
Undecided
|
Scott James Remnant (Canonical) |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects distros/
status confirmed
subscribe ubuntu-archive
Please sync graphicsmagick (universe) from Debian unstable (main).
Changelog since current edgy version 1.1.7-5:
graphicsmagick (1.1.7-8) unstable; urgency=high
* coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
* It seems I've fixed the vulnerabilities described in CVE-2006-3744
(coders/sgi.c) independently in the previous upload already while
the original report had been embargoed.
-- Daniel Kobras <email address hidden> Wed, 6 Sep 2006 18:24:36 +0200
graphicsmagick (1.1.7-7) unstable; urgency=high
* coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder
due to
+ missing boundary checks in SGIDecode();
+ missing validation of pixel depth field;
+ integer overflow via large columns and rows fields (CVE-2006-4144)
Closes: #383333
+ missing validation of chunk size fields (variable 'runlength') in
run-length encoded images.
* coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
* coders/sgi.c: Fix calculation of internal depth value.
-- Daniel Kobras <email address hidden> Fri, 18 Aug 2006 11:50:42 +0200
graphicsmagick (1.1.7-6) unstable; urgency=low
* debian/compat: Bump debhelper compatibility level to 5.
* debian/control: Build-depend on debhelper version 5 and up.
* debian/control: Remove redundant Build-Depends-
* debian/control: Add new package graphicsmagick-dbg containing debugging
symbols for all language bindings and the main executable.
* debian/control: Suggest debugging package where appropriate.
* debian/control: Build-depend on sharutils for uudecode.
* debian/control: Version build-dependency on libwmf-dev. Earlier versions
will fail the testsuite.
* debian/
so don't try to install it.
* debian/
nobody's using them.
* debian/rules: Give in and disable strict aliasing for the moment until
we get fixes for all instances that currently break the rules.
* debian/rules: Place all debugging symbols into graphicsmagick-dbg.
* debian/rules: New libwmf yields better image quality than old reference
image in regression test. We cannot patch the binary image directly in
the Debian diff, so add uudecode magic to check and clean targets.
* debian/ski.miff.uu: Updated version of reference image in WMF regression
test. Uuencoded to fit into the Debian diff.
* magick/cache.c: Include definition of HAVE_PREAD before checking its
value. Now really pulls in proper declarations of pread() and pwrite().
-- Daniel Kobras <email address hidden> Tue, 1 Aug 2006 14:00:30 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFCB9NDec
+wFzq+ZQhl1yVlH
=qmG4
-----END PGP SIGNATURE-----
[Updating] graphicsmagick (1.1.7-5 [Ubuntu] < 1.1.7-8 [Debian]) _1.1.7- 8.dsc: downloading from http:// ftp.debian. org/debian/> - <graphicsmagick _1.1.7. orig.tar. gz: already in distro - downloading from librarian> _1.1.7- 8.diff. gz: downloading from http:// ftp.debian. org/debian/> imagemagick- compat_ 1.1.7-5 [universe]. ck++1_1. 1.7-5 [universe]. libmagick- dev-compat_ 1.1.7-5 [universe]. magick- perl_1. 1.7-5 [universe]. ck1-dev_ 1.1.7-5 [universe]. ck++1-dev_ 1.1.7-5 [universe]. 1.1.7-5 [universe]. ck1_1.1. 7-5 [universe].
* Trying to add graphicsmagick...
- <graphicsmagick
- <graphicsmagick
I: graphicsmagick [universe] -> graphicsmagick-
I: graphicsmagick [universe] -> libgraphicsmagi
I: graphicsmagick [universe] -> graphicsmagick-
I: graphicsmagick [universe] -> libgraphics-
I: graphicsmagick [universe] -> libgraphicsmagi
I: graphicsmagick [universe] -> libgraphicsmagi
I: graphicsmagick [universe] -> graphicsmagick_
I: graphicsmagick [universe] -> libgraphicsmagi