Publishing details

Changelog

graphicsmagick (1.3.28-2) unstable; urgency=high

  * Backport security fixes:
    - don't use rescale map if it was not allocated,
    - validate number of colormap bits to avoid undefined shift behavior,
    - defend against partial scanf() expression matching, resulting in benign
      use of uninitialized data,
    - don't use rescale map if it was not allocated,
    - fix tile index overflow,
    - reject XPM if it contains non-whitespace control characters,
    - fix forged amount of frames 6755,
    - validate header length and offset properties,
    - fixed memory leak when tile overflows,
    - fix forged amount of frames 7076,
    - check for forged image that overflows file size,
    - validate size request prior to allocation,
    - validate that file size is sufficient for claimed image properties,
    - fix signed integer overflow when computing pixels size,
    - include number of FITS scenes in file size validations,
    - allocate space for null termination and null terminate string,
    - validate that samples per pixel is in valid range,
    - check whether datablock is really read,
    - verify that sufficient backing data exists before allocating memory to
      read it,
    - duplicate image check for data with fixed geometry,
    - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
      changed while ticks_per_second is zero (closes: #894396),
    - add checks for EOF,
    - validate that PICT rectangles do not have zero dimensions,
    - check image pixel limits before allocating memory for tile.
  * Backport patch to redesign ReadBlobDwordLSB() to be more effective.
  * Backport patch to destroy tile_image in ThrowPICTReaderException() macro
    to simplify logic.
  * Backport patch to remove shadowed tile_image variable which defeats new
    ThrowPICTReaderException() implementation.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 31 Mar 2018 11:05:51 +0000

Available diffs

Builds

Built packages

Package files