Ubuntu
graphicsmagick package

graphicsmagick 1.1.7-8 source package in Ubuntu

Changelog

graphicsmagick (1.1.7-8) unstable; urgency=high

  * coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
  * It seems I've fixed the vulnerabilities described in CVE-2006-3744
    (coders/sgi.c) independently in the previous upload already while
    the original report had been embargoed.

graphicsmagick (1.1.7-7) unstable; urgency=high

  * coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder
    due to
    + missing boundary checks in SGIDecode();
    + missing validation of pixel depth field;
    + integer overflow via large columns and rows fields (CVE-2006-4144)
      Closes: #383333
    + missing validation of chunk size fields (variable 'runlength') in
      run-length encoded images.
  * coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
  * coders/sgi.c: Fix calculation of internal depth value.

graphicsmagick (1.1.7-6) unstable; urgency=low

  * debian/compat: Bump debhelper compatibility level to 5.
  * debian/control: Build-depend on debhelper version 5 and up.
  * debian/control: Remove redundant Build-Depends-Indep.
  * debian/control: Add new package graphicsmagick-dbg containing debugging
    symbols for all language bindings and the main executable.
  * debian/control: Suggest debugging package where appropriate.
  * debian/control: Build-depend on sharutils for uudecode.
  * debian/control: Version build-dependency on libwmf-dev. Earlier versions
    will fail the testsuite.
  * debian/libgraphicsmagick++1.install: There is no libGraphicsMagickWand++,
    so don't try to install it.
  * debian/libgraphicsmagick{,++}1-dev.install: Remove .la files as long as
    nobody's using them.
  * debian/rules: Give in and disable strict aliasing for the moment until
    we get fixes for all instances that currently break the rules.
  * debian/rules: Place all debugging symbols into graphicsmagick-dbg.
  * debian/rules: New libwmf yields better image quality than old reference
    image in regression test. We cannot patch the binary image directly in
    the Debian diff, so add uudecode magic to check and clean targets.
  * debian/ski.miff.uu: Updated version of reference image in WMF regression
    test. Uuencoded to fit into the Debian diff.
  * magick/cache.c: Include definition of HAVE_PREAD before checking its
    value. Now really pulls in proper declarations of pread() and pwrite().

 -- Martin Pitt <email address hidden>   Wed,  13 Sep 2006 20:21:39 +0100

Upload details

Uploaded by:
Martin Pitt
Uploaded to:
Edgy
Original maintainer:
Daniel Kobras
Architectures:
any
Section:
graphics
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
graphicsmagick_1.1.7.orig.tar.gz 5.7 MiB c8978ed36646f52183ab39bf951d2c14a75ae0eb7207dff2f24685cc0a58a0f4
graphicsmagick_1.1.7-8.diff.gz 41.1 KiB 384b000e3d736802d48bec0c82d28e58a1eba83ff4ad31cdf6f9d1420dc9a925
graphicsmagick_1.1.7-8.dsc 1.0 KiB 601ad7a39a6bba472f7d3770aeaf1ea315ee3e70c58877844fb4203b0f89cdeb

View changes file

Binary packages built by this source