-
graphicsmagick (1.4+really1.3.33+hg16115-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadMNGImage(): skip coalescing layers if there is only one layer,
- DrawStrokePolygon(): handle case where TraceStrokePolygon() returns
NULL,
- DrawDashPolygon(): handle case where DrawStrokePolygon() returns
MagickFail,
- TraceBezier(): detect arithmetic overflow and return errors via
normal error path rather than exiting,
- ExtractTokensBetweenPushPop(): fix non-terminal parsing loop,
- GenerateEXIFAttribute(): check that we are not being directed to read
an IFD that we are already parsing and quit in order to avoid a loop,
- ReallocColormap(): avoid dereferencing a NULL pointer if
image->colormap is NULL,
- png_read_raw_profile(): fix validation of raw profile length,
- TraceArcPath(): substitute a lineto command when tracing arc is
impossible,
- GenerateEXIFAttribute(): skip unsupported/invalid format 0.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Sep 2019 10:57:12 +0000
-
graphicsmagick (1.4+really1.3.33-1) unstable; urgency=medium
* New upstream release, including many security fixes.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 25 Jul 2019 16:43:39 +0000
-
graphicsmagick (1.4+really1.3.32-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- DrawImage(): Terminate drawing if DrawCompositeMask() reports failure,
- DrawImage(): Detect an error in TracePath() and quit rather than
forging on.
* Backport security fixes:
- ReadTIFFImage(): Fix typo in initialization of 'tile' pointer variable,
- WriteDIBImage(): Detect arithmetic overflow of image_size,
- WriteBMPImage(): Detect arithmetic overflow of image_size,
- WriteBMPImage(): Assure that chromaticity uses double-precision for
multiply before casting to unsigned integer.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 16 Jun 2019 18:10:05 +0000
-
graphicsmagick (1.4~hg16039-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ImportRLEPixels(): Fix heap overflow caused by a typo in the code. Also
fix undefined behavior caused by large left shifts of an unsigned char,
- ThrowException(), ThrowLoggedException(): Handle the case where some
passed character strings refer to existing exception character strings,
- PICT: Allocate output buffer used by ExpandBuffer() on DecodeImage()
stack,
- WritePDFImage(): Allocate working buffer on stack and pass as argument
to EscapeParenthesis() to eliminate a thread safety problem,
- TranslateTextEx(): Remove support for reading from a file using
'@filename' syntax,
- DrawImage(): Only support '@filename' syntax to read drawing primitive
from a file if we are not already drawing.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 06 Jun 2019 21:11:11 +0000
-
graphicsmagick (1.4~hg15978-1) unstable; urgency=medium
* Mercurial snapshot, fixing uninitialized integer value of log_configured.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 27 Apr 2019 07:06:40 +0000
-
graphicsmagick (1.4~hg15976-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues:
- ReadXWDImage(): Potential for heap overflow; Address header-directed
arbitrary memory allocation,
- ReadXWDImage(): Address segmentation violation and invalid memory
reads with more validations,
- Make built-in color tables fully const.
* Break gnudatalanguage versions that doesn't initialize GraphicsMagick
library (closes: #927688).
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 22 Apr 2019 14:41:32 +0000
-
graphicsmagick (1.4~hg15968-1) unstable; urgency=high
* Mercurial snapshot, fixing the following security issues
(closes: #927029):
- ReadMATImage(): Report a corrupt image exception if reader encounters
end of file while reading scanlines (use of uninitialized value in
IsGrayImag() ),
- ReadTOPOLImage(): Report a corrupt image if reader encounters end of
file while reading header rows (use of uninitialized value in
InsertRow() ),
- OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and
length as well as for the total pixels calculation to prevent some more
arithmetic overflows,
- SetNexus(): Apply resource limits to pixel nexus allocations to prevent
arithmetic and integer overflows,
- SetNexus(): Report error for empty region rather than crashing due to
divide by zero exception,
- ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating
point exception in SetNexus(),
- ReadMATImage(): Quit if image scanlines are not fully populated due to
exception to prevent use of uninitialized value in
InsertComplexFloatRow(),
- ReadMATImage(): Fix memory leak on unexpected end of file,
- Throwing an exception is now thread-safe,
- Fx module error handling/reporting improvements,
- Fix various uses of allocated memory without checking if memory
allocation has failed,
- CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or
an irrationally large profile length to prevent memory leak,
- CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one
PixelPacket) of image colormap,
- CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading
DirectClass XWD file,
- CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE
packets to prevent heap buffer overflow,
- CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while
parsing quoted font family value,
- CVE-2019-11008: XWD: Perform more header validations, a file size
validation, and fix arithmetic overflows leading to heap overwrite,
- ReadWMFImage(): Reject WMF files with an empty bounding box to prevent
division by zero problems,
- WritePDBImage(): Use correct bits/sample rather than image->depth to
prevent potential buffer overflow,
- WriteMATLABImage(): Add completely missing error handling to prevent
heap buffer overflow,
- SetNexus(): Fix arithmetic overflow while testing x/y offset limits,
- DrawPrimitive(): Check primitive point x/y values for NaN to prevent
integer overflow,
- DrawImage(): Fix integer overflow while validating gradient dimensions,
- WritePDBImage(): Assure that input scanline is cleared in order to
cover up some decoder bug to prevent use of uninitialized value,
- ReadXWDImage(): Add more validation logic to avoid crashes due to FPE
and invalid reads.
* Update library symbols for this release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 15 Apr 2019 17:40:12 +0000
-
graphicsmagick (1.4~hg15916-2) unstable; urgency=medium
* Declare break on python{,3}-pgmagick versions compiled with GCC 7
compiled versions of GraphicsMagick (closes: #915603, #915606).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 02 Apr 2019 18:49:40 +0000
