Change log for graphicsmagick package in Ubuntu

175 of 117 results
Published in hirsute-release on 2020-10-23
Published in groovy-release on 2020-06-21
Deleted in groovy-proposed (Reason: moved to Release)
graphicsmagick (1.4+really1.3.35+hg16297-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - fix WPG heap-buffer-overflow in ImportGrayQuantumType(),
    - fix WPG heap-buffer-overflow in InsertRow(),
    - fix WPG thrown assertion due to a double-free of memory.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 07 Jun 2020 21:02:16 +0200
Superseded in groovy-proposed on 2020-06-07
graphicsmagick (1.4+really1.3.35+hg16296-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - ReadWPGImage(): Terminate reading when a pixel cache resource limit is
      hit rather than moving on to heap buffer overflow,
    - WriteTIFFImage(): WebP compression only supports a depth of 8; fixes
      use-of-uninitialized-value in GammaToLinear.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 03 Jun 2020 17:49:58 +0200
Superseded in groovy-proposed on 2020-06-03
graphicsmagick (1.4+really1.3.35-2) unstable; urgency=high

  * Backport security fix for CVE-2020-12672, MNG: small heap overwrite or
    assertion if magnifying and image to be magnified has rows or columns == 1
    (closes: #960000).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 30 May 2020 17:41:09 +0200
Superseded in groovy-release on 2020-06-21
Published in focal-release on 2020-03-30
Deleted in focal-proposed (Reason: moved to Release)
graphicsmagick (1.4+really1.3.35-1) unstable; urgency=high

  * New upstream release, fixing the following security issues among others:
    - ReadSVGImage(): Fix dereference of NULL pointer when stopping image
      timer,
    - DrawImage(): Fix integer-overflow in DrawPolygonPrimitive() .
  * Update library symbols for this release.

  [ Nicolas Boulenguez <email address hidden> ]
  * mime: improve formatting.
  * mime: adjust priority for all images (closes: #951758).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 23 Feb 2020 20:42:10 +0000
Superseded in focal-proposed on 2020-02-24
graphicsmagick (1.4+really1.3.34+hg16230-1) unstable; urgency=medium

  * Mercurial snapshot, fixing the following security issues:
    - WritePICTImage(): Eliminating small buffer overrun when run-length
      encoding pixels,
    - WriteOneJNGImage(): Detect when JPEG encoder has failed, and throw
      exception,
    - DecodeImage(): Fix heap buffer over-reads,
    - DecodeImage(): Allocate extra scanline memory to allow small
      RLE overrun.
  * Update library symbols for this release.
  * Update Standards-Version to 4.5.0 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 07 Feb 2020 19:02:36 +0000
Published in xenial-updates on 2020-02-04
Published in xenial-security on 2020-02-04
graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
    - debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
      reading heap data beyond the allocated size.
    - CVE-2017-17912
  * SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
    - debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
      the image pointer provided by libwebp is valid.
    - debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
      0.5.0+ by disabling progress indication.
    - CVE-2017-17913
  * SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
    - debian/patches/CVE-2017-17915.patch: Check range limit before accessing
      byte to avoid minor heap read overflow.
    - CVE-2017-17915
  * SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
    - debian/patches/CVE-2017-18219.patch: check MemoryResource before
      attempting to allocate ping_pixels array.
    - CVE-2017-18219
  * SECURITY UPDATE: Allocation failure in ReadTIFFImage()
    - debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
      tile memory allocation requests based on file size.
    - CVE-2017-18229
  * SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
    - debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
    - CVE-2017-18230
  * SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
    - debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
    - CVE-2017-18231

 -- Eduardo Barretto <email address hidden>  Mon, 03 Feb 2020 16:47:01 -0300
Superseded in xenial-updates on 2020-02-04
Superseded in xenial-security on 2020-02-04
graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS in ReadWPGImage()
    - debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a
      PseudoClass type with valid colormapped indexes.
    - CVE-2017-16545
  * SECURITY UPDATE: DoS (negative strncpy) in DrawImage()
    - debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads
      to large strncpy size request and bad array index.
    - CVE-2017-16547
  * SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c
    - debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when
      something fails.
    - debian/patches/CVE-2017-16669-2.patch: Wrong row count checking.
    - debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes
      pointer due to programming error and report it.
    - debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to
      produce expected PseudoClass indexes.
    - debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value.
    - debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for
      all calls.
    - CVE-2017-16669
  * SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage()
    - debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing
      gray+alpha 1-bit/sample.
    - CVE-2017-17498
  * SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage()
    - debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17500
  * SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage()
    - debian/patches/CVE-2017-17501.patch: Fix heap read overrun while
      testing pixels for opacity.
    - CVE-2017-17501
  * SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage()
    - debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17502
  * SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage()
    - debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile
      outside image bounds.
    - CVE-2017-17503
  * SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage()
    - debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk
      which caused heap read overflow.
    - CVE-2017-17782
  * SECURITY UPDATE: Buffer over-read in ReadPALMImage()
    - debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build
      while initializing color palette.
    - CVE-2017-17783

 -- Eduardo Barretto <email address hidden>  Tue, 21 Jan 2020 14:15:33 -0300
Superseded in xenial-updates on 2020-01-22
Superseded in xenial-security on 2020-01-22
graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage()
    - debian/patches/CVE-2017-14165.patch: Verify that file header data length,
      and file length are sufficient for claimed image dimensions.
    - CVE-2017-14165
  * SECURITY UPDATE: Heap-based buffer over-read in DrawImage()
    - debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in
      DrawDashPolygon().
    - CVE-2017-14314
  * SECURITY UPDATE: Null pointer dereference in ReadPNMImage()
    - debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256
      colors.
    - CVE-2017-14504
  * SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c
    - debian/patches/CVE-2017-14649.patch: Validate JNG data properly.
    - CVE-2017-14649
  * SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage()
    - debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha
      flag is present.
    - CVE-2017-14733
  * SECURITY UPDATE: Null pointer dereference in ReadDCMImage()
    - debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce
      image list with no frames, resulting in null image pointer.
    - CVE-2017-14994
  * SECURITY UPDATE: Integer underflow in ReadPICTImage()
    - debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to
      astonishingly large allocation request.
    - CVE-2017-14997
  * SECURITY UPDATE: Resource leak in ReadGIFImage()
    - debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully
      initialized.
    - CVE-2017-15277
  * SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage()
    - debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer
      when transferring JPEG scanlines.
    - debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null
      PixelPacket pointer.
    - debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable
      dimensions given the file size.
    - debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception
      gets reported on read failure.
    - CVE-2017-15930
  * SECURITY UPDATE: Heap-based buffer overflow in DescribeImage()
    - debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow
      while describing visual image directory.
    - CVE-2017-16352
  * SECURITY UPDATE: Memory information disclosure in DescribeImage()
    - debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the
      IPTC profile.
    - CVE-2017-16353

 -- Eduardo Barretto <email address hidden>  Mon, 06 Jan 2020 15:39:05 -0300
Superseded in focal-release on 2020-03-30
Deleted in focal-proposed on 2020-03-31 (Reason: moved to Release)
graphicsmagick (1.4+really1.3.34+hg16181-1) unstable; urgency=medium

  * Mercurial snapshot, fixing the following security issue:
    - WritePCXImage(): Fix heap overflow in PCX writer when bytes per line
      value overflows its 16-bit storage unit.
  * Fix definition of ResourceInfinity.

  [ Nicolas Boulenguez <email address hidden> ]
  * Lower MIME priority for PS/PDF (closes: #935099).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 28 Dec 2019 18:58:57 +0000
Superseded in focal-release on 2019-12-29
Deleted in focal-proposed on 2019-12-31 (Reason: moved to Release)
graphicsmagick (1.4+really1.3.34-2) unstable; urgency=medium

  * Still use glibc malloc allocator.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 25 Dec 2019 10:09:02 +0000
Superseded in focal-release on 2019-12-26
Deleted in focal-proposed on 2019-12-27 (Reason: moved to Release)
graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high

  * New upstream release, fixing the following security issues among others:
    - PNMInteger(): Place a generous arbitrary limit on the amount of PNM
      comment text to avoid DoS opportunity,
    - MagickClearException(): Destroy any existing exception info before
      re-initializing the exception info or else there will be a memory leak,
    - HuffmanDecodeImage(): Fix signed overflow on range check which leads
      to heap overflow,
    - ReadMNGImage(): Only magnify the image if the requested magnification
      methods are supported,
    - GenerateEXIFAttribute(): Add validations to prevent heap buffer
      overflow,
    - DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern
      of cloned draw_info are not null,
    - CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit
      is exceeded (closes: #947311).
  * Build with Google Thread-Caching Malloc library.
  * Update Standards-Version to 4.4.1 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 24 Dec 2019 20:23:10 +0000
Superseded in xenial-updates on 2020-01-08
Superseded in xenial-security on 2020-01-08
graphicsmagick (1.3.23-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Null pointer dereference in WriteMAPImage()
    - debian/patches/CVE-2017-11638_CVE-2017-11642.patch: Fix null pointer
      dereference or SEGV if input is not colormapped.
    - CVE-2017-11638
    - CVE-2017-11642
  * SECURITY UPDATE: Memory leak in PersistCache()
    - debian/patches/CVE-2017-11641.patch: Fix memory leak while writing Magick
      Persistent Cache format.
    - CVE-2017-11641
  * SECURITY UPDATE: Heap overflow in WriteCMYKImage()
    - debian/patches/CVE-2017-11643.patch: Fixed heap overflow with multiple
      frames with varying widths.
    - CVE-2017-11643
  * SECURITY UPDATE: Invalid memory read in SetImageColorCallBack()
    - debian/patches/CVE-2017-12935.patch: Reject MNG with too-large dimensions
      (over 65535).
    - CVE-2017-12935
  * SECURITY UPDATE: Use-after-free in ReadWMFImage()
    - debian/patches/CVE-2017-12936.patch: Eliminate use of already freed heap
      data in error reporting path.
    - CVE-2017-12936
  * SECURITY UPDATE: Heap-based buffer over-read in ReadSUNImage()
    - debian/patches/CVE-2017-12937.patch: Fix heap read overflow while indexing
      colormap in bilevel decoder.
    - CVE-2017-12937
  * SECURITY UPDATE: Heap-based buffer overflow vulnerability
    - debian/patches/CVE-2017-13063_CVE-2017-13064_CVE-2017-13065.patch: Fix
      buffer-overflow and inconsistent behavior in GetStyleTokens().
    - CVE-2017-13063
    - CVE-2017-13064
    - CVE-2017-13065
  * SECURITY UPDATE: Heap-based buffer over-read in SFWScan
    - debian/patches/CVE-2017-13134.patch: Fix heap buffer overflow in
      SFWScan().
    - CVE-2017-13134
  * SECURITY UPDATE: Invalid free in MagickFree()
    - debian/patches/CVE-2017-13737.patch: NumberOfObjectsInArray() must round
      down, rather than up.
    - CVE-2017-13737
  * SECURITY UPDATE: DoS in ReadJNXImage()
    - debian/patches/CVE-2017-13775.patch: Fix DOS issues.
    - CVE-2017-13775
  * SECURITY UPDATE: DoS in ReadXBMImage()
    - debian/patches/CVE-2017-13776_CVE-2017-13777.patch: Fix DOS issues.
    - CVE-2017-13776
    - CVE-2017-13777

 -- Eduardo Barretto <email address hidden>  Thu, 12 Dec 2019 11:31:23 -0300
Superseded in xenial-updates on 2019-12-16
Superseded in xenial-security on 2019-12-16
graphicsmagick (1.3.23-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Allocation failure vulnerability
    - debian/patches/CVE-2017-13147.patch: deal with too-large MNG chunks in
      coders/png.c
    - CVE-2017-13147
  * SECURITY UPDATE: Allocation failure vulnerability
    - debian/patches/CVE-2017-14042.patch: PNM for binary formats, verify
      sufficient backing file data before memory request.
    - CVE-2017-14042
  * SECURITY UPDATE: DoS (out-of-bounds read and crash) via a small samples
    per pixel value in a CMYKA TIFF file.
    - debian/patches/CVE-2017-6335.patch: Fix out of bounds access when reading
      CMYKA tiff which claims wrong samples/pixel.
    - CVE-2017-6335
  * SECURITY UPDATE: Buffer overflow while processing an RGB TIFF picture with
    metadata.
    - debian/patches/CVE-2017-10794.patch: Use a generalized method to enforce
      that buffer overflow can not happen while importing pixels.
    - CVE-2017-10794
  * SECURITY UPDATE: DoS (out-of-memory) when processing a DPX image with
    metadata.
    - debian/patches/CVE-2017-10799.patch: Estimate minimum required file sized
      based on header, and reject files with insufficient data.
    - CVE-2017-10799
  * SECURITY UPDATE: DoS (crash) while reading a JNG file via a zero-length
    color_image data structure.
    - debian/patches/CVE-2017-11102.patch: Stop crash due to zero-length color_image
      while reading a JNG.
    - CVE-2017-11102
  * SECURITY UPDATE: DoS (resource consumption) via a crafted JPEG file.
    - debian/patches/CVE-2017-11140.patch: Defer creating pixel cache until first
      scanline.
    - CVE-2017-11140
  * SECURITY UPDATE: Use-after-free via a crafted MNG file.
    - debian/patches/CVE-2017-11403-1.patch: Fix out-of-order CloseBlob() and
      DestroyImageList() that caused a use-after-free crash.
    - debian/patches/CVE-2017-11403-2.patch: Improve fix of use-after-free.
    - CVE-2017-11403
  * SECURITY UPDATE: Heap overflow when processing multiple frames that have
    non-identical widths.
    - debian/patches/CVE-2017-11636.patch: Fixed heap overflow with multiple
      frames with varying widths.
    - CVE-2017-11636
  * SECURITY UPDATE: NULL pointer deference in the WritePCLImage() function.
    - debian/patches/CVE-2017-11637.patch: Fix null pointer dereference in
      writing monochrome images.
    - CVE-2017-11637

 -- Eduardo Barretto <email address hidden>  Thu, 28 Nov 2019 11:36:23 -0300
Published in bionic-updates on 2019-12-02
Published in bionic-security on 2019-12-02
graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function.
    - debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than
      65535.
    - CVE-2018-20184
  * SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function.
    - debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if
      sample_bits <= 32.
    - debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due
      to arithmetic overflow.
    - debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations
      to guard against arithmetic overflow.
    - CVE-2018-20185
  * SECURITY UPDATE:  DoS (crash) in ReadDIBImage.
    - debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits
      per pixel are not colormapped.
    - CVE-2018-20189
  * SECURITY UPDATE: Stack-based buffer overflow in the function
    SVGStartElement.
    - debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while
      parsing quoted font family value.
    - CVE-2019-11005
  * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage.
    - debian/patches/CVE-2019-11006.patch: Detect end of file while reading
      RLE packets.
    - CVE-2019-11006
  * SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage.
    - debian/patches/CVE-2019-11007-1.patch: New function to reallocate an
      image colormap.
    - debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one
      PixelPacket) of image colormap.
    - CVE-2019-11007
  * SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage.
    - debian/patches/CVE-2019-11008.patch: Perform more header validations, a
      file size validation, and fix arithmetic overflows leading to heap
      overwrite.
    - CVE-2019-11008
  * SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage.
    - debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while
      reading DirectClass XWD file.
    - CVE-2019-11009
  * SECURITY UPDATE: Memory leak in the function ReadMPCImage.
    - debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero,
      or an irrationally large profile length.
    - CVE-2019-11010
  * SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and
    crash) by crafting an XWD image file.
    - debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to
      avoid crashes due to FPE and invalid reads.
    - debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed
      arbitrary memory allocation.
    - debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation
      violation and invalid memory read with more validations.
    - CVE-2019-11473
    - CVE-2019-11474
  * SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage.
    - debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than
      image->depth. Avoids potential buffer overflow.
    - CVE-2019-11505
  * SECURITY UPDATE: Heap-based buffer overflow in the function
    WriteMATLABImage.
    - debian/patches/CVE-2019-11506.patch: Add completely missing error
      handling.
    - CVE-2019-11506

 -- Eduardo Barretto <email address hidden>  Thu, 28 Nov 2019 11:12:37 -0300
Superseded in focal-release on 2019-11-02
Deleted in focal-proposed on 2019-11-04 (Reason: moved to Release)
graphicsmagick (1.4+really1.3.33+hg16115-1build1) focal; urgency=medium

  * No-change rebuild for the perl update.

 -- Matthias Klose <email address hidden>  Fri, 18 Oct 2019 19:27:39 +0000
Superseded in focal-release on 2019-12-25
Deleted in focal-proposed on 2019-12-26 (Reason: moved to Release)
graphicsmagick (1.4+really1.3.33+hg16117-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issue:
    - CVE-2019-16709: ReadDPSImage(): Fix memory leak when OpenBlob()
      reports failure.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 10 Oct 2019 22:57:35 +0000
Superseded in focal-release on 2019-10-24
Published in eoan-release on 2019-10-03
Deleted in eoan-proposed (Reason: moved to Release)
graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - ReadMNGImage(): skip coalescing layers if there is only one layer,
    - DrawStrokePolygon(): handle case where TraceStrokePolygon() returns
      NULL,
    - DrawDashPolygon(): handle case where DrawStrokePolygon() returns
      MagickFail,
    - TraceBezier(): detect arithmetic overflow and return errors via
      normal error path rather than exiting,
    - ExtractTokensBetweenPushPop(): fix non-terminal parsing loop,
    - GenerateEXIFAttribute(): check that we are not being directed to read
      an IFD that we are already parsing and quit in order to avoid a loop,
    - ReallocColormap(): avoid dereferencing a NULL pointer if
      image->colormap is NULL,
    - png_read_raw_profile(): fix validation of raw profile length,
    - TraceArcPath(): substitute a lineto command when tracing arc is
      impossible,
    - GenerateEXIFAttribute(): skip unsupported/invalid format 0.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 28 Sep 2019 10:57:12 +0000
Superseded in eoan-release on 2019-10-03
Deleted in eoan-proposed on 2019-10-04 (Reason: moved to release)
graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium

  * New upstream release, including many security fixes.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 25 Jul 2019 16:43:39 +0000
Superseded in eoan-release on 2019-08-23
Deleted in eoan-proposed on 2019-08-24 (Reason: moved to release)
graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high

  * New upstream release, fixing the following security issues among others:
    - DrawImage(): Terminate drawing if DrawCompositeMask() reports failure,
    - DrawImage(): Detect an error in TracePath() and quit rather than
      forging on.
  * Backport security fixes:
    - ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable,
    - WriteDIBImage(): Detect arithmetic overflow of image_size,
    - WriteBMPImage(): Detect arithmetic overflow of image_size,
    - WriteBMPImage(): Assure that chromaticity uses double-precision for
      multiply before casting to unsigned integer.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 16 Jun 2019 18:10:05 +0000

Available diffs

Superseded in eoan-release on 2019-06-17
Deleted in eoan-proposed on 2019-06-18 (Reason: moved to release)
graphicsmagick (1.4~hg16039-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also
      fix undefined behavior caused by large left shifts of an unsigned char,
    - ThrowException(), ThrowLoggedException(): Handle the case where some
      passed character strings refer to existing exception character strings,
    - PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage()
      stack,
    - WritePDFImage(): Allocate working buffer on stack and pass as argument
      to EscapeParenthesis() to eliminate a thread safety problem,
    - TranslateTextEx(): Remove support for reading from a file using
      '@filename' syntax,
    - DrawImage(): Only support '@filename' syntax to read drawing primitive
      from a file if we are not already drawing.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 06 Jun 2019 21:11:11 +0000

Available diffs

Superseded in eoan-release on 2019-06-11
Deleted in eoan-proposed on 2019-06-13 (Reason: moved to release)
graphicsmagick (1.4~hg15978-1) unstable; urgency=medium

  * Mercurial snapshot, fixing uninitialized integer value of log_configured.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 27 Apr 2019 07:06:40 +0000
Superseded in eoan-proposed on 2019-04-27
graphicsmagick (1.4~hg15976-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - ReadXWDImage(): Potential for heap overflow; Address header-directed
      arbitrary memory allocation,
    - ReadXWDImage(): Address segmentation violation and invalid memory
      reads with more validations,
    - Make built-in color tables fully const.
  * Break gnudatalanguage versions that doesn't initialize GraphicsMagick
    library (closes: #927688).
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 22 Apr 2019 14:41:32 +0000

Available diffs

Superseded in eoan-release on 2019-04-28
Deleted in eoan-proposed on 2019-04-29 (Reason: moved to release)
graphicsmagick (1.4~hg15968-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues
    (closes: #927029):
    - ReadMATImage(): Report a corrupt image exception if reader encounters
      end of file while reading scanlines (use of uninitialized value in
      IsGrayImag() ),
    - ReadTOPOLImage(): Report a corrupt image if reader encounters end of
      file while reading header rows (use of uninitialized value in
      InsertRow() ),
    - OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and
      length as well as for the total pixels calculation to prevent some more
      arithmetic overflows,
    - SetNexus(): Apply resource limits to pixel nexus allocations to prevent
      arithmetic and integer overflows,
    - SetNexus(): Report error for empty region rather than crashing due to
      divide by zero exception,
    - ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating
      point exception in SetNexus(),
    - ReadMATImage(): Quit if image scanlines are not fully populated due to
      exception to prevent use of uninitialized value in
      InsertComplexFloatRow(),
    - ReadMATImage(): Fix memory leak on unexpected end of file,
    - Throwing an exception is now thread-safe,
    - Fx module error handling/reporting improvements,
    - Fix various uses of allocated memory without checking if memory
      allocation has failed,
    - CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or
      an irrationally large profile length to prevent memory leak,
    - CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one
      PixelPacket) of image colormap,
    - CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading
      DirectClass XWD file,
    - CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE
      packets to prevent heap buffer overflow,
    - CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while
      parsing quoted font family value,
    - CVE-2019-11008: XWD: Perform more header validations, a file size
      validation, and fix arithmetic overflows leading to heap overwrite,
    - ReadWMFImage(): Reject WMF files with an empty bounding box to prevent
      division by zero problems,
    - WritePDBImage(): Use correct bits/sample rather than image->depth to
      prevent potential buffer overflow,
    - WriteMATLABImage(): Add completely missing error handling to prevent
      heap buffer overflow,
    - SetNexus(): Fix arithmetic overflow while testing x/y offset limits,
    - DrawPrimitive(): Check primitive point x/y values for NaN to prevent
      integer overflow,
    - DrawImage(): Fix integer overflow while validating gradient dimensions,
    - WritePDBImage(): Assure that input scanline is cleared in order to
      cover up some decoder bug to prevent use of uninitialized value,
    - ReadXWDImage(): Add more validation logic to avoid crashes due to FPE
      and invalid reads.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 15 Apr 2019 17:40:12 +0000

Available diffs

Superseded in eoan-release on 2019-04-21
Obsolete in disco-release on 2020-07-14
Deleted in disco-proposed on 2020-07-14 (Reason: moved to release)
graphicsmagick (1.4~hg15916-2) unstable; urgency=medium

  * Declare break on python{,3}-pgmagick versions compiled with GCC 7
    compiled versions of GraphicsMagick (closes: #915603, #915606).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 02 Apr 2019 18:49:40 +0000

Available diffs

Superseded in disco-release on 2019-04-11
Deleted in disco-proposed on 2019-04-12 (Reason: moved to release)
graphicsmagick (1.4~hg15916-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - ReadTIFFImage(): Only disassociate alpha channel for images where
      photometic is PHOTOMETRIC_RGB,
    - DrawDashPolygon(): Heap buffer overflow when parsing SVG images,
    - DrawPrimitive(): Add arithmetic overflow checks when converting
      computed coordinates from 'double' to 'long',
    - DrawImage(): Don't destroy draw_info in graphic_context when draw_info
      has not been allocated yet,
    - RenderFreetype(): Eliminate memory leak of GlyphInfo.image,
    - DrawDashPolygon(): Heap-buffer-overflow via read beyond end of dash
      pattern array,
    - ReadMIFFImage(): Tally directory length to avoid death by strlen(),
    - ReadMPCImage(): Tally directory length to avoid death by strlen(),
    - ReallocColormap(): Make sure that there is not a heap overwrite if the
      number of colors has been reduced.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 28 Feb 2019 17:50:19 +0000

Available diffs

Superseded in disco-release on 2019-03-05
Deleted in disco-proposed on 2019-03-07 (Reason: moved to release)
graphicsmagick (1.4~hg15896-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - ReadMNGImage(): Quit processing and report error upon failure to insert
      MNG background layer preventing out of memory issues,
    - ReadMIFFImage(): Improve pixel buffer calculations to defend against
      overflow,
    - ReadTIFFImage(): Make sure that image is in DirectClass mode and ignore
      any claimed colormap when the image is read using various functions,
    - ReadWPGImage(): Assure that all colormap entries are initialized,
    - DecodeImage(): Avoid a one-byte over-read of pixels heap allocation,
    - ReadTIFFImage(): Assure that opacity channel is initialized in the
      RGBAStrippedMethod case,
    - ReadMNGImage(): Bound maximum loop iterations by subrange as a
      primitive means of limiting resource consumption preventing out of
      memory issues,
    - CVE-2019-7397: WritePDFImage(): Make sure to free 'xref' before
      returning preventing several memory leaks,
    - ReadTIFFImage(): For planar TIFF, make sure that pixels are initialized
      in case some planes are missing.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 16 Feb 2019 15:19:56 +0000

Available diffs

Superseded in disco-release on 2019-02-17
Deleted in disco-proposed on 2019-02-18 (Reason: moved to release)
graphicsmagick (1.4~hg15880-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - SetNexus(): Merge IsNexusInCore() implementation code into SetNexus()
      and add check for if cache_info->pixels is null,
    - CVE-2018-20185: BMP and DIB: Improve buffer size calculations to guard
      against arithmetic overflow.
  * Update Standards-Version to 4.3.0 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 05 Feb 2019 20:44:14 +0000

Available diffs

Superseded in disco-release on 2019-02-07
Deleted in disco-proposed on 2019-02-08 (Reason: moved to release)
graphicsmagick (1.4~hg15873-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - WriteImage(): Eliminate use of just-freed memory in clone_info->magick,
    - ReadMIFFImage(): Fix memory leak of profiles 'name' when claimed length
      is zero,
    - WriteXPMImage(): Assure that added colormap entry for transparent XPM
      is initialized,
    - ReadMNGImage(): Fix non-terminal MNG looping,
    - ReadMIFFImage(): Sanitize claimed profile size before allocating memory
      for it,
    - CVE-2018-20185: ReadBMPImage(): Fix heap overflow in 32-bit build due
      to arithmetic overflow (closes: #916719),
    - CVE-2018-20184: WriteTGAImage(): Image rows/columns must not be larger
      than 65535 (closes: #916721),
    - ReadTIFFImage(): More validations and stricter error reporting,
    - ReadMIFFImage(): Detect and reject zero-length deflate-encoded row in
      MIFF version 0,
    - CVE-2018-20189: ReadDIBImage(): DIB images claiming more than 8-bits
      per pixel are not colormapped (closes: #916752).
  * Add pkg-config to build dependency for FreeType 2.9.1+ detection.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 20 Dec 2018 19:04:33 +0000

Available diffs

Superseded in disco-release on 2018-12-21
Deleted in disco-proposed on 2018-12-22 (Reason: moved to release)
graphicsmagick (1.3.31-1) unstable; urgency=high

  * New upstream release.
  * Fix CVE-2018-18544: memory leak of msl_image if OpenBlob() fails in
    ProcessMSLScript() .
  * Can detect FreeType via pkg-config (closes: #887720).
  * Enable Zstandard, the fast lossless compression algorithm support.
  * Update library symbols for this release.
  * Update Standards-Version to 4.2.1 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 20 Nov 2018 17:16:37 +0000
Superseded in disco-release on 2018-11-21
Deleted in disco-proposed on 2018-11-23 (Reason: moved to release)
graphicsmagick (1.3.30+hg15796-1build1) disco; urgency=medium

  * No-change rebuild for the perl 5.28 transition.

 -- Adam Conrad <email address hidden>  Fri, 02 Nov 2018 18:08:20 -0600
Superseded in xenial-updates on 2019-12-02
Superseded in xenial-security on 2019-12-02
graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS (crash) via a crafted SVG file.
    - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
    - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
    - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
    - CVE-2016-2317
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
    file.
    - debian/patches/CVE-2016-2318.patch: Make SVG path and other
      primitive parsing more robust
    - CVE-2016-2318
  * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
    a crafted image file.
    - debian/patches/CVE-2016-3714.patch: Remove delegates support for
      reading gnuplot files.
    - CVE-2016-3714
  * SECURITY UPDATE: Remote attackers are able to delete arbitrary files
    via a crafted image.
    - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
      prefix.
    - CVE-2016-3715
  * SECURITY UPDATE: Remote attackers can move arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
      on MSL files.
    - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
      format based on file extension.
    - CVE-2016-3716
  * SECURITY UPDATE: Remote attackers can read arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
    - CVE-2016-3717
  * SECURITY UPDATE: Remote attackers can conduct server-side request
    forgery (SSRF) attacks via a crafted image.
    - debian/patches/CVE-2016-3718.patch: fix in render.c
    - CVE-2016-3718
  * SECURITY UPDATE: Remote attackers can execute arbitrary files via a
    pipe character at the start of a filename.
    - debian/patches/CVE-2016-5118.patch: remove support for reading
      input from a shell command or writing output to a shell command
    - CVE-2016-5118
  * SECURITY UPDATE: Remote attackers can execute arbitrary commands via
    unspecified vectors.
    - debian/patches/CVE-2016-5239.patch: remove delegates support for
      Gnuplot and varios other file types.
    - CVE-2016-5239
  * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
    converting a circularly defined SVG file.
    - debian/patches/CVE-2016-5240.patch: endless loop problem caused by
      negative stroke-dasharray arguments
    - CVE-2016-5240
  * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
    and application crash) via a crafted svg file.
    - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
      fill or stroke pattern image has zero columns or rows
    - CVE-2016-5241
  * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
    - debian/patches/CVE-2016-7446.patch: fix in svg.c
    - CVE-2016-7446
  * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
    - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
      EscapeParenthesis() in annotate.c
    - CVE-2016-7447
  * SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
    via vectors involving the header information and the file size.
    - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
    - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
    - CVE-2016-7448
  * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
    an "unterminated" string.
    - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun
      if buffer not null terminated
    - CVE-2016-7449
  * SECURITY UPDATE: Integer underflow in the parse8BIM function.
    - debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
    - CVE-2016-7800
  * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
    reader.
    - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
    - CVE-2016-7996
    - CVE-2016-7997
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
    - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
      while reading SCT file header.
    - CVE-2016-8682
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted PCX image.
    - debian/patches/CVE-2016-8683.patch: check that filesize is
      reasonable given header.
    - CVE-2016-8683
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted SGI image.
    - debian/patches/CVE-2016-8684.patch: Check that filesize is
      reasonable given header.
    - CVE-2016-8684
  * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
    - debian/patches/CVE-2016-9830.patch: enforce spec requirement that
      the dimensions of the JPEG embedded in a JDAT chunk must match the
      JHDR dimensions.
    - CVE-2016-9830

 -- Eduardo Barretto <email address hidden>  Thu, 01 Nov 2018 15:03:05 -0300
Published in trusty-updates on 2018-10-31
Published in trusty-security on 2018-10-31
graphicsmagick (1.3.18-1ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS (out-of-bounds read) in PCX parser code
    - debian/patches/CVE-2014-8355.patch: fix in coders/pcx.c
    - CVE-2014-8355
  * SECURITY UPDATE: DoS (uninitialized memory access) via a crafted GIF
    file.
    - debian/patches/CVE-2015-8808.patch: Assure that GIF decoder does
      not use unitialized data.
    - CVE-2015-8808
  * SECURITY UPDATE: DoS (crash) via a crafted SVG file.
    - debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
    - debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
    - debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
    - CVE-2016-2317
  * SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
    file.
    - debian/patches/CVE-2016-2318.patch: Make SVG path and other
      primitive parsing more robust
    - CVE-2016-2318
  * SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
    a crafted image file.
    - debian/patches/CVE-2016-3714.patch: Remove delegates support for
      reading gnuplot files.
    - CVE-2016-3714
  * SECURITY UPDATE: Remote attackers are able to delete arbitrary files
    via a crafted image.
    - debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
      prefix.
    - CVE-2016-3715
  * SECURITY UPDATE: Remote attackers can move arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
      on MSL files.
    - debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
      format based on file extension.
    - CVE-2016-3716
  * SECURITY UPDATE: Remote attackers can read arbitrary files via a
    crafted image.
    - debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
    - CVE-2016-3717
  * SECURITY UPDATE: Remote attackers can conduct server-side request
    forgery (SSRF) attacks via a crafted image.
    - debian/patches/CVE-2016-3718.patch: fix in render.c
    - CVE-2016-3718
  * SECURITY UPDATE: Remote attackers can execute arbitrary files via a
    pipe character at the start of a filename.
    - debian/patches/CVE-2016-5118.patch: remove support for reading
      input from a shell command or writing output to a shell command
    - CVE-2016-5118
  * SECURITY UPDATE: Remote attackers can execute arbitrary commands via
    unspecified vectors.
    - debian/patches/CVE-2016-5239.patch: remove delegates support for
      Gnuplot and varios other file types.
    - CVE-2016-5239
  * SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
    converting a circularly defined SVG file.
    - debian/patches/CVE-2016-5240.patch: endless loop problem caused by
      negative stroke-dasharray arguments
    - CVE-2016-5240
  * SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
    and application crash) via a crafted svg file.
    - debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
      fill or stroke pattern image has zero columns or rows
    - CVE-2016-5241
  * SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
    - debian/patches/CVE-2016-7446.patch: fix in svg.c
    - CVE-2016-7446
  * SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
    - debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
      EscapeParenthesis() in annotate.c
    - CVE-2016-7447
  * SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
    via vectors involving the header information and the file size.
    - debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
    - debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
    - CVE-2016-7448
  * SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
    an "unterminated" string.
    - debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun
      if buffer not null terminated
    - CVE-2016-7449
  * SECURITY UPDATE: Integer underflow in the parse8BIM function.
    - debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
    - CVE-2016-7800
  * SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
    reader.
    - debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
    - CVE-2016-7996
    - CVE-2016-7997
  * SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
    - debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
      while reading SCT file header.
    - CVE-2016-8682
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted PCX image.
    - debian/patches/CVE-2016-8683.patch: check that filesize is
      reasonable given header.
    - CVE-2016-8683
  * SECURITY UPDATE: Memory allocation failure and a "file truncation
    error for corrupt file" via a crafted SGI image.
    - debian/patches/CVE-2016-8684.patch: Check that filesize is
      reasonable given header.
    - CVE-2016-8684
  * SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
    - debian/patches/CVE-2016-9830.patch: enforce spec requirement that
      the dimensions of the JPEG embedded in a JDAT chunk must match the
      JHDR dimensions.
    - CVE-2016-9830

 -- Eduardo Barretto <email address hidden>  Thu, 25 Oct 2018 15:23:55 -0300
Superseded in disco-release on 2018-11-08
Obsolete in cosmic-release on 2020-07-13
Deleted in cosmic-proposed on 2020-07-13 (Reason: moved to release)
graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - WEBP: Fix compiler warnings regarding uninitialized structure members,
    - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
    - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
      case libjpeg fails to completely initialize it,
    - WriteOnePNGImage(): Free png_pixels as soon as possible,
    - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
      subsequent heap read overflow,
    - ReadMVGImage(): Don't assume that in-memory MVG blob is a
      null-terminated C string,
    - ReadMVGImage(): Don't allow MVG files to side-load a file as the
      drawing primitive using '@' syntax,
    - FileToBlob(): Use confirm access APIs to verify that read access is
      allowed, and verify that file is a regular file,
    - ExtractTokensBetweenPushPop() needs to always return a valid pointer
      into the primitive string,
    - DrawPolygonPrimitive(): Fix leak of polygon set when object is
      completely outside image,
    - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
      pixels in-core rather than using a staging area for the case where the
      nexus rows extend beyond the image raster boundary,
    - ReadCINEONImage(): Quit immediately on EOF and detect short files,
    - ReadMVGImage(): Fix memory leak,
    - Add mechanism to approve embedded subformats in WPG,
    - ReadXBMImage(): Add validations for row and column dimensions,
    - MAT InsertComplexFloatRow(): Avoid signed overflow,
    - InsertComplexFloatRow(): Try not to lose the previous intention while
      avoiding signed overflow,
    - XBMInteger(): Limit the number of hex digits parsed to avoid signed
      integer overflow,
    - MAT: More aggresive data corruption checking,
    - MAT: Correctly check GetBlobSize(image) even for zipstreams inside
      blob,
    - MAT: Explicitly reject non-seekable streams,
    - DrawImage(): Add missing error-reporting logic to return immediately
      upon memory reallocation failure. Apply memory resource limits to
      PrimitiveInfo array allocation,
    - MagickAtoFChk(): Add additional validation checks for floating point
      values. NAN and +/- INFINITY values also map to 0.0 ,
    - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
      prior to any comment, and that there is only one comment,
    - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
      possible heap write overflow,
    - WPG: Fix intentional 64 bit file offset overflow,
    - DrawImage(): Be more precise about error detection and reporting,
    - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
      one-byte stack write overflow,
    - DrawImage(): Fix excessive memory consumption due to
      SetImageAttribute() appending values,
    - QuantumTransferMode(): CIE Log images with an alpha channel are not
      supported,
    - ConvertPrimitiveToPath(): Second attempt to prevent heap write
      overflow of PathInfo array,
    - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
    - MIFF and MPC, need to avoid leaking value allocation (day-old bug),
    - ReadSFWImage(): Enforce that file is read using the JPEG reader,
    - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
      signed to unsigned and check for unsigned overflow,
    - GenerateEXIFAttribute(): Eliminate undefined shift,
    - TraceEllipse(): Detect arithmetic overflow when computing the number of
      points to allocate for an ellipse,
    - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
    - ReadJPEGImage(): Apply a default limit of 100 progressive scans before
      the reader quits with an error.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 24 Sep 2018 21:54:36 +0000

Available diffs

Superseded in cosmic-release on 2018-10-01
Deleted in cosmic-proposed on 2018-10-02 (Reason: moved to release)
graphicsmagick (1.3.30-1) unstable; urgency=high

  * New upstream release, including many security fixes.
  * Build with all hardening enabled.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 24 Jun 2018 08:20:31 +0000
Superseded in cosmic-proposed on 2018-06-24
graphicsmagick (1.3.29+hg15665-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - use of uninitialized value in IsMonochromeImage() ,
    - divide by zero in GetPixelOpacity() ,
    - write beyond array bounds in TraceStrokePolygon() ,
    - use of uninitialized value in format8BIM() ,
    - assertion failure in WriteBlob() ,
    - out of bounds write in TraceEllipse() ,
    - memory leak and use of uninitialized memory when handling eXIf chunk
      in png_malloc() ,
    - floating point exception in WriteTIFFImage() ,
    - leak of Image when TIFFReadRGBAImage() reports failure,
    - potentional leak when compressed object is corrupted,
    - floating point exception in WriteTIFFImage() ,
    - heap double free in Magick::BlobRef::~BlobRef() ,
    - direct leak in TIFFClientOpen() ,
    - indirect leak in CloneImage() ,
    - direct leak in ReadOneJNGImage() ,
    - heap buffer overflow in put1bitbwtile() ,
    - use of uninitialized value in SyncImageCallBack() ,
    - validate tile memory requests for TIFFReadRGBATile() .
  * Remove profiles/sRGB Color Space Profile.ICM and
    jp2/data/colorprofiles/srgb.icm for being non-free.
  * Remove zlib/contrib/dotzlib/DotZLib.chm for no source available.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 25 May 2018 19:21:07 +0000

Available diffs

Superseded in cosmic-proposed on 2018-05-27
graphicsmagick (1.3.29-1) unstable; urgency=high

  * New upstream release, including many security fixes.
  * Remove previously backported security patches.
  * Update library symbols for this release.
  * Update debhelper level to 11 .
  * Update Standards-Version to 4.1.4 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 08 May 2018 20:33:46 +0000
Superseded in cosmic-release on 2018-07-06
Published in bionic-release on 2018-04-01
Deleted in bionic-proposed (Reason: moved to release)
graphicsmagick (1.3.28-2) unstable; urgency=high

  * Backport security fixes:
    - don't use rescale map if it was not allocated,
    - validate number of colormap bits to avoid undefined shift behavior,
    - defend against partial scanf() expression matching, resulting in benign
      use of uninitialized data,
    - don't use rescale map if it was not allocated,
    - fix tile index overflow,
    - reject XPM if it contains non-whitespace control characters,
    - fix forged amount of frames 6755,
    - validate header length and offset properties,
    - fixed memory leak when tile overflows,
    - fix forged amount of frames 7076,
    - check for forged image that overflows file size,
    - validate size request prior to allocation,
    - validate that file size is sufficient for claimed image properties,
    - fix signed integer overflow when computing pixels size,
    - include number of FITS scenes in file size validations,
    - allocate space for null termination and null terminate string,
    - validate that samples per pixel is in valid range,
    - check whether datablock is really read,
    - verify that sufficient backing data exists before allocating memory to
      read it,
    - duplicate image check for data with fixed geometry,
    - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
      changed while ticks_per_second is zero (closes: #894396),
    - add checks for EOF,
    - validate that PICT rectangles do not have zero dimensions,
    - check image pixel limits before allocating memory for tile.
  * Backport patch to redesign ReadBlobDwordLSB() to be more effective.
  * Backport patch to destroy tile_image in ThrowPICTReaderException() macro
    to simplify logic.
  * Backport patch to remove shadowed tile_image variable which defeats new
    ThrowPICTReaderException() implementation.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 31 Mar 2018 11:05:51 +0000

Available diffs

Superseded in bionic-release on 2018-04-01
Deleted in bionic-proposed on 2018-04-02 (Reason: moved to release)
graphicsmagick (1.3.28-1) unstable; urgency=high

  * New upstream release, fixing the following security issues among others:
    - BMP: Fix non-terminal loop due to unexpected bit-field mask value
      (DOS opportunity),
    - PALM: Fix heap buffer underflow in builds with QuantumDepth=8,
    - SetNexus() Fix heap overwrite under certain conditions due to using a
      wrong destination buffer,
    - TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
      NEWS profile.
  * Remove previously backported security patches.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 20 Jan 2018 20:19:29 +0000

Available diffs

Superseded in bionic-proposed on 2018-01-21
graphicsmagick (1.3.27-4) unstable; urgency=high

  * Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158).
  * Fix memory leak of global colormap.
  * Fix memory leak of chunk and mng_info in error path.
  * Update Standards-Version to 4.1.3 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 15 Jan 2018 19:06:43 +0000

Available diffs

Superseded in bionic-release on 2018-02-02
Deleted in bionic-proposed on 2018-02-03 (Reason: moved to release)
graphicsmagick (1.3.27-3) unstable; urgency=high

  * Fix heap-buffer-overflow on LocaleNCompare() .
  * Add some assertions to verify that the image pointer provided by libwebp
    is valid.
  * Fix NULL pointer dereference in ReadMNGImage() .
  * Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() .
  * Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 27 Dec 2017 22:12:30 +0000

Available diffs

Superseded in bionic-release on 2017-12-28
Deleted in bionic-proposed on 2017-12-30 (Reason: moved to release)
graphicsmagick (1.3.27-2) unstable; urgency=high

  * Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage()
    (closes: #884905).
  * Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 25 Dec 2017 17:18:01 +0000

Available diffs

Superseded in bionic-release on 2017-12-28
Deleted in bionic-proposed on 2017-12-29 (Reason: moved to release)
graphicsmagick (1.3.27-1) unstable; urgency=medium

  * New upstream release.
  * Remove previously backported security patches.
  * Update library symbols for this release.
  * Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564).
  * Update Standards-Version to 4.1.2 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 10 Dec 2017 17:12:28 +0000

Available diffs

Superseded in bionic-release on 2017-12-11
Deleted in bionic-proposed on 2017-12-12 (Reason: moved to release)
graphicsmagick (1.3.26-19) unstable; urgency=high

  * Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus()
    (closes: #881391).
  * Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 11 Nov 2017 09:12:53 +0000
Superseded in bionic-proposed on 2017-11-12
graphicsmagick (1.3.26-18) unstable; urgency=high

  * Fix CVE-2017-16547: remote denial of service (negative strncpy and
    application crash).
  * Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG
    image.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 06 Nov 2017 17:02:07 +0000

Available diffs

Superseded in bionic-proposed on 2017-11-07
graphicsmagick (1.3.26-17) unstable; urgency=high

  * Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() .
  * Fix CVE-2017-16352: heap-based buffer overflow vulnerability in
    DescribeImage() .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 02 Nov 2017 05:57:25 +0000
Superseded in bionic-proposed on 2017-11-02
graphicsmagick (1.3.26-16build1) bionic; urgency=medium

  * No-change rebuild against perlapi-5.26.1

 -- Steve Langasek <email address hidden>  Thu, 02 Nov 2017 05:34:24 +0000
Superseded in bionic-release on 2017-11-22
Deleted in bionic-proposed on 2017-11-23 (Reason: moved to release)
graphicsmagick (1.3.26-16) unstable; urgency=high

  * Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
    scanlines (closes: #879999).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 28 Oct 2017 17:54:09 +0000

Available diffs

Superseded in bionic-release on 2017-10-29
Obsolete in artful-release on 2020-07-10
Deleted in artful-proposed on 2020-07-10 (Reason: moved to release)
graphicsmagick (1.3.26-15) unstable; urgency=high

  * Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 15 Oct 2017 20:03:26 +0000

Available diffs

Superseded in artful-release on 2017-10-17
Deleted in artful-proposed on 2017-10-18 (Reason: moved to release)
graphicsmagick (1.3.26-14) unstable; urgency=high

  * Fix CVE-2017-15277: assure that global colormap is fully initialized in
    ReadGIFImage() .
  * Fix memory leak in WriteGIFImage() .
  * Fix CVE-2017-15238: use after free in ReadJNGImage() .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 12 Oct 2017 18:50:19 +0000

Available diffs

Superseded in artful-release on 2017-10-14
Deleted in artful-proposed on 2017-10-15 (Reason: moved to release)
graphicsmagick (1.3.26-13) unstable; urgency=high

  * Fix CVE-2017-14733: heap out of bounds read in ReadRLEImage() .
  * Fix CVE-2017-14994: NULL pointer dereference in DICOM Decoder.
  * Fix CVE-2017-14997: memory allocation error due to malformed image file.
  * Update Standards-Version to 4.1.1 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 04 Oct 2017 20:42:21 +0000

Available diffs

Superseded in artful-release on 2017-10-10
Deleted in artful-proposed on 2017-10-11 (Reason: moved to release)
graphicsmagick (1.3.26-12) unstable; urgency=high

  * Update upstream changelog for CVE-2017-14103 .
  * Fix CVE-2017-14649: denial of service due to assertion failure in
    AcquireImagePixels() (closes: #876460).
  * Update Standards-Version to 4.1.0:
    - change graphicsmagick-dbg priority to optional.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 24 Sep 2017 08:14:32 +0000

Available diffs

Superseded in artful-release on 2017-09-24
Deleted in artful-proposed on 2017-09-26 (Reason: moved to release)
graphicsmagick (1.3.26-11) unstable; urgency=high

  * Fix CVE-2017-14504: NULL pointer dereference triggered by malformed file.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 21 Sep 2017 16:22:42 +0000

Available diffs

Superseded in artful-release on 2017-09-22
Deleted in artful-proposed on 2017-09-23 (Reason: moved to release)
graphicsmagick (1.3.26-9) unstable; urgency=high

  * Fix CVE-2017-14165: remote denial of service due to memory allocation
    failure in magickmalloc (closes: #874724).
  * Fix CVE-2017-14042: memory allocation failure in MagickRealloc()
    (closes: #873538).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 09 Sep 2017 12:45:00 +0000

Available diffs

Superseded in artful-release on 2017-09-15
Deleted in artful-proposed on 2017-09-17 (Reason: moved to release)
graphicsmagick (1.3.26-7) unstable; urgency=high

  * Fix CVE-2017-13063: heap-based buffer overflow vulnerability in the
    GetStyleTokens() function (closes: #873130).
  * Fix CVE-2017-13064: another heap-based buffer overflow vulnerability in
    the GetStyleTokens() function (closes: #873129).
  * Fix CVE-2017-13065: NULL pointer dereference vulnerability in the
    SVGStartElement() function (closes: #873119).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 24 Aug 2017 19:53:07 +0000

Available diffs

Superseded in artful-release on 2017-08-27
Deleted in artful-proposed on 2017-08-28 (Reason: moved to release)
graphicsmagick (1.3.26-6) unstable; urgency=high

  * Fix CVE-2017-12935: invalid memory read in the SetImageColorCallBack()
    with large MNG images (closes: #872576).
  * Fix CVE-2017-12936: use-after-free issue for data associated with
    exception reporting in the ReadWMFImage() function (closes: #872575).
  * Fix CVE-2017-12937: colormap heap-based buffer over-read in the
    ReadSUNImage() function (closes: #872574).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 20 Aug 2017 12:46:53 +0000

Available diffs

Superseded in artful-release on 2017-08-21
Deleted in artful-proposed on 2017-08-22 (Reason: moved to release)
graphicsmagick (1.3.26-5) unstable; urgency=medium

  * Handle mangling change for conversion operators in GCC 7 (closes: #871306).

  [ John Paul Adrian Glaubitz <email address hidden> ]
  * Honor 'nocheck' in DEB_BUILD_OPTIONS (closes: #842787).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 07 Aug 2017 19:25:42 +0000
Superseded in artful-proposed on 2017-08-08
graphicsmagick (1.3.26-4build1) artful; urgency=medium

  * No-change rebuild for GCC 7 abi mangling change.

 -- Matthias Klose <email address hidden>  Mon, 07 Aug 2017 15:20:42 +0000
Superseded in artful-proposed on 2017-08-07
graphicsmagick (1.3.26-4) unstable; urgency=high

  * Fix CVE-2017-11643: heap overflow in the WriteCMYKImage() function
    (closes: #870157).
  * Fix CVE-2017-11636: heap overflow in the WriteRGBImage() function
    (closes: #870149).
  * Fix CVE-2017-11638 and CVE-2017-11642: null pointer dereference or SEGV if
    input is not colormapped (closes: #870154, #870156).
  * Fix CVE-2017-11641: memory leak while writing Magick Persistent Cache
    format (closes: #870155).
  * Fix CVE-2017-11637: NULL pointer dereference in the WritePCLImage()
    function (closes: #870153).
  * Fix CVE-2017-11722:  denial of service via a crafted file
    (closes: #870158).
  * Remove autotools-dev and dh-autoreconf build dependencies.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 30 Jul 2017 18:47:55 +0000
Superseded in artful-proposed on 2017-07-31
graphicsmagick (1.3.26-3build1) artful; urgency=medium

  * No-change rebuild for perl 5.26.0.

 -- Matthias Klose <email address hidden>  Wed, 26 Jul 2017 20:02:37 +0000
Superseded in artful-release on 2017-08-10
Deleted in artful-proposed on 2017-08-11 (Reason: moved to release)
graphicsmagick (1.3.26-3) unstable; urgency=high

  * Fix CVE-2017-11140: denial of service (resource consumption) via crafted
    JPEG files.
  * Fix apparent off-by-one error in MNG FRAM change_clipping processing.
  * Fix out-of-order CloseBlob() and DestroyImageList() .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 12 Jul 2017 16:27:23 +0000

Available diffs

Superseded in artful-proposed on 2017-07-13
graphicsmagick (1.3.26-2) unstable; urgency=high

  * Fix CVE-2017-11102: remote denial of service during JNG reading via a
    zero-length color_image data structrure in ReadOneJNGImage (png.c)
    (closes: #867746).
  * Add new DestroyJNGInfo@Base and remove DestroyJNG@Base obsolete symbols.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 08 Jul 2017 07:33:10 +0000

Available diffs

Superseded in artful-proposed on 2017-07-10
graphicsmagick (1.3.26-1) unstable; urgency=high

  * New upstream release, fixing the following security issues among others:
    - META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800).
    - WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash
      (CVE-2016-7997).
    - PNG: Enforce spec requirement that the dimensions of the JPEG embedded
      in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830).
    - TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to
      have only 2 samples per pixel (CVE-2017-6335).
    - JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350).
    - TIFF: Fix out of bounds read when reading RGB TIFF which claims to have
      only 1 sample per pixel (CVE-2017-10794) (closes: #867085).
    - DPX: Fix excessive use of memory (DOS issue) due to file header claiming
      large image dimensions but insufficient backing data. (CVE-2017-10799)
      (closes: #867077).
    - MAT: Fix excessive use of memory (DOS issue) due to continuing
      processing with insufficient data and claimed large image size. Verify
      each file extent to make sure that it is within range of file size.
      (CVE-2017-10800) (closes: #867060).
  * Remove previously backported security patches.
  * Self-tests build hack no longer needed.
  * Update library symbols for this release.
  * Update Standards-Version to 4.0.0 and debhelper level to 10 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 05 Jul 2017 16:14:40 +0000
Superseded in artful-release on 2017-07-15
Obsolete in zesty-release on 2018-06-22
Deleted in zesty-proposed on 2018-06-22 (Reason: moved to release)
graphicsmagick (1.3.25-8) unstable; urgency=high

  * Backport security fix for out of bounds access when reading CMYKA tiff.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 24 Feb 2017 19:17:41 +0000

Available diffs

Superseded in zesty-release on 2017-02-25
Deleted in zesty-proposed on 2017-02-26 (Reason: moved to release)
graphicsmagick (1.3.25-7) unstable; urgency=medium

  * Add hack to build self-tests on mips* architectures.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 25 Dec 2016 14:42:18 +0000

Available diffs

Superseded in zesty-release on 2016-12-26
Deleted in zesty-proposed on 2016-12-27 (Reason: moved to release)
graphicsmagick (1.3.25-6) unstable; urgency=high

  * Fix CVE-2016-9830: memory allocation failure in MagickRealloc
    (closes: #847072).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 06 Dec 2016 17:45:52 +0000

Available diffs

Superseded in zesty-release on 2016-12-12
Deleted in zesty-proposed on 2016-12-13 (Reason: moved to release)
graphicsmagick (1.3.25-5) unstable; urgency=high

  * Fix CVE-2016-8682: stack-based buffer overflow in ReadSCTImage (sct.c).
  * Fix CVE-2016-8683: memory allocation failure in ReadPCXImage (pcx.c).
  * Fix CVE-2016-8684: memory allocation failure in MagickMalloc (memory.c).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 18 Oct 2016 18:52:13 +0000

Available diffs

Superseded in zesty-release on 2016-11-01
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-01-23 (Reason: moved to release)
graphicsmagick (1.3.25-1) unstable; urgency=high

  * New upstream release, with the following security updates:
    - fix heap overflow in EscapeParenthesis() used in the text annotation
      code,
    - Utah RLE: Reject truncated/absurd files which caused huge memory
      allocations and/or consumed huge CPU,
    - SVG/MVG: Fix another case of CVE-2016-2317 (heap buffer overflow) in
      the MVG rendering code (also impacts SVG),
    - TIFF: Fix heap buffer read overflow while copying sized TIFF attributes.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 06 Sep 2016 17:38:39 +0000

Available diffs

Superseded in yakkety-release on 2016-09-13
Deleted in yakkety-proposed on 2016-09-14 (Reason: moved to release)
graphicsmagick (1.3.24+hg20160808-1) unstable; urgency=low

  * New upstream, Mercurial snapshot release.
  * Fixes DrawPrimitive() issue (closes: #829063).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 14 Aug 2016 14:24:32 +0000
Superseded in yakkety-proposed on 2016-08-14
graphicsmagick (1.3.24-2build1) yakkety; urgency=medium

  * No-change rebuild against latest libwebp

 -- Jeremy Bicha <email address hidden>  Thu, 04 Aug 2016 17:34:48 -0400
Superseded in yakkety-release on 2016-08-19
Deleted in yakkety-proposed on 2016-08-20 (Reason: moved to release)
graphicsmagick (1.3.24-2) unstable; urgency=low

  * Backport upstream fix for DrawPrimitive() (closes: #829063).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 28 Jul 2016 16:28:45 +0000

Available diffs

Superseded in yakkety-release on 2016-07-31
Deleted in yakkety-proposed on 2016-08-01 (Reason: moved to release)
graphicsmagick (1.3.24-1) unstable; urgency=high

  * New upstream release, focusing on security fixes for the following image
    formats:
    - DIB: fix out of bound reads and add more header validations,
    - JNG: file size limits are enforced,
    - MATLAB: fix DoS and hang on corrupt deflate stream,
    - META (Embedded Image Profiles): fix out of bounds reads and writes,
    - MIFF (Magick): fix thrown assertion,
    - CVE-2016-3716: Magick Scripting Language file processing is not done by
      default but need to be prefixed with 'msl:',
    - Magick Vector Graphics file processing is not done by default but need
      to be prefixed with 'mvg:' and prevent head overflow problems,
    - PCX: fix unreasonable memory allocation due to intentionally corrupt
      file,
    - PDB: fix heap buffer overflow and out of bounds read,
    - PICT: fix out of bounds write,
    - CVE-2016-3717: for PostScript files always run Ghostscript with -dSAFER
      for safer execution,
    - PSD: fix segmentation violations, heap buffer overflows and out of
      bound writes,
    - RLE: fix out of bounds reads and writes,
    - ReadImages(): fix possible infinite recursion due to a crafted input
      file,
    - RotateImage(): fix thrown assertion,
    - SGI: fix out of bounds writes,
    - SUN: fix out of bounds reads and writes,
    - SVG: fix CVE-2016-2317 and CVE-2016-2318, heap and stack buffer
      overflows, as well as segmentation violations (closes: #814732);
      also fix endless loop, unexpectedly large memory allocation, divide by
      zero and recursion issues,
    - TIFF: fix assertion while reading and fix benign heap overflow,
    - VIFF: fix excessive memory allocation with intentonally corrupted
      input file,
    - XCF: fix heap buffer overflow,
    - XPM: fix several heap buffer overflows and out of bound reads/writes;
      also fix a case of excessive memory allocation,
    - CVE-2016-5118: popen() shell vulnerability via filename that contains
      '|', remove pipe support entirely (closes: #825800);
      file names starting with a '|' character are no longer interpreted as
      shell commands to be executed as input or output,
    - default.mgk file has been pared down in order to reduce security
      exposure,
    - CVE-2016-3714: Gnuplot ('gplt' delegate) support for rendering these
      files is removed since the format is inherently insecure,
    - CVE-2016-3715: adding a 'tmp:' prefix to a filename no longer removes
      the file since this seems dangerous,
    - CVE-2016-3718: sanity check the image file path or URL before passing
      it to ReadImage(),
    - fix several Coverity issues like dereference after null check, multiple
      resource leaks and logically dead code.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 30 May 2016 20:02:31 +0000

Available diffs

Superseded in yakkety-release on 2016-05-31
Deleted in yakkety-proposed on 2016-06-01 (Reason: moved to release)
graphicsmagick (1.3.23-3) unstable; urgency=low

  * Remove JasPer JPEG-2000 codec support build dependency and remove its
    symbols from the libgraphicsmagick-q16-3 library (closes: #818199).
  * Update Standards-Version to 3.9.8 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 24 May 2016 19:26:58 +0000

Available diffs

Superseded in yakkety-release on 2016-04-29
Deleted in yakkety-proposed on 2016-04-30 (Reason: moved to release)
graphicsmagick (1.3.23-1build2) yakkety; urgency=medium

  * No-change rebuild for libpng soname change.

 -- Matthias Klose <email address hidden>  Sat, 23 Apr 2016 00:46:36 +0000

Available diffs

Superseded in yakkety-release on 2016-05-26
Deleted in yakkety-proposed on 2016-05-27 (Reason: moved to release)
graphicsmagick (1.3.23-2) unstable; urgency=low

  * Add previously transient gsfonts build dependency (closes: #815736).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 24 Feb 2016 18:36:00 +0100
Superseded in yakkety-release on 2016-04-24
Published in xenial-release on 2016-01-06
Deleted in xenial-proposed (Reason: moved to release)
graphicsmagick (1.3.23-1build1) xenial; urgency=medium

  * Rebuild for Perl 5.22.1.

 -- Colin Watson <email address hidden>  Fri, 18 Dec 2015 01:08:33 +0000
175 of 117 results