-
graphicsmagick (1.3.23-1ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer over-read in ReadNewsProfile()
- debian/patches/CVE-2017-17912.patch: ReadNewsProfile() was allowing
reading heap data beyond the allocated size.
- CVE-2017-17912
* SECURITY UPDATE: Stack-based buffer over-read in WriteWEBPImage()
- debian/patches/CVE-2017-17913-1.patch: Add some assertions to verify that
the image pointer provided by libwebp is valid.
- debian/patches/CVE-2017-17913-2.patch: Fix stack overflow with libwebp
0.5.0+ by disabling progress indication.
- CVE-2017-17913
* SECURITY UPDATE: Heap-based buffer over-read in ReadMNGImage()
- debian/patches/CVE-2017-17915.patch: Check range limit before accessing
byte to avoid minor heap read overflow.
- CVE-2017-17915
* SECURITY UPDATE: Allocation failure in ReadOnePNGImage()
- debian/patches/CVE-2017-18219.patch: check MemoryResource before
attempting to allocate ping_pixels array.
- CVE-2017-18219
* SECURITY UPDATE: Allocation failure in ReadTIFFImage()
- debian/patches/CVE-2017-18229.patch: Rationalize scanline, strip, and
tile memory allocation requests based on file size.
- CVE-2017-18229
* SECURITY UPDATE: Null pointer dereference in ReadCINEONImage()
- debian/patches/CVE-2017-18230.patch: Validate scandata allocation.
- CVE-2017-18230
* SECURITY UPDATE: Null pointer dereference in ReadEnhMetaFile()
- debian/patches/CVE-2017-18231.patch: Verify pBits memory allocation.
- CVE-2017-18231
-- Eduardo Barretto <email address hidden> Mon, 03 Feb 2020 16:47:01 -0300
-
graphicsmagick (1.3.23-1ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: DoS in ReadWPGImage()
- debian/patches/CVE-2017-16545.patch: Assure that colormapped image is a
PseudoClass type with valid colormapped indexes.
- CVE-2017-16545
* SECURITY UPDATE: DoS (negative strncpy) in DrawImage()
- debian/patches/CVE-2017-16547.patch: Fix pointer computation which leads
to large strncpy size request and bad array index.
- CVE-2017-16547
* SECURITY UPDATE: Heap-based buffer overflow in coders/wpg.c
- debian/patches/CVE-2017-16669-1.patch: Do not call SyncImagePixels() when
something fails.
- debian/patches/CVE-2017-16669-2.patch: Wrong row count checking.
- debian/patches/CVE-2017-16669-3.patch: Detect pending use of null indexes
pointer due to programming error and report it.
- debian/patches/CVE-2017-16669-4.patch: Fix crash which image fails to
produce expected PseudoClass indexes.
- debian/patches/CVE-2017-16669-5.patch: Check for InsertRow() return value.
- debian/patches/CVE-2017-16669-6.patch: Check InsertRow() return value for
all calls.
- CVE-2017-16669
* SECURITY UPDATE: Heap-based buffer overflow in WritePNMImage()
- debian/patches/CVE-2017-17498.patch: Fix buffer overflow when writing
gray+alpha 1-bit/sample.
- CVE-2017-17498
* SECURITY UPDATE: Heap-based buffer over-read in ReadRGBImage()
- debian/patches/CVE-2017-17500.patch: Fix heap-overflow due to tile
outside image bounds.
- CVE-2017-17500
* SECURITY UPDATE: Heap-based buffer over-read in WriteOnePNGImage()
- debian/patches/CVE-2017-17501.patch: Fix heap read overrun while
testing pixels for opacity.
- CVE-2017-17501
* SECURITY UPDATE: Heap-based buffer over-read in ReadCMYKImage()
- debian/patches/CVE-2017-17502.patch: Fix heap-overflow due to tile
outside image bounds.
- CVE-2017-17502
* SECURITY UPDATE: Heap-based buffer over-read in ReadGRAYImage()
- debian/patches/CVE-2017-17503.patch: Fix heap-overflow due to tile
outside image bounds.
- CVE-2017-17503
* SECURITY UPDATE: Heap-based buffer over-read in ReadOneJNGImage()
- debian/patches/CVE-2017-17782.patch: Fix wrong offset into oFFs chunk
which caused heap read overflow.
- CVE-2017-17782
* SECURITY UPDATE: Buffer over-read in ReadPALMImage()
- debian/patches/CVE-2017-17783.patch: Fix heap buffer overflow in Q8 build
while initializing color palette.
- CVE-2017-17783
-- Eduardo Barretto <email address hidden> Tue, 21 Jan 2020 14:15:33 -0300
-
graphicsmagick (1.3.23-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (memory consumption) on ReadSUNImage()
- debian/patches/CVE-2017-14165.patch: Verify that file header data length,
and file length are sufficient for claimed image dimensions.
- CVE-2017-14165
* SECURITY UPDATE: Heap-based buffer over-read in DrawImage()
- debian/patches/CVE-2017-14314.patch: Fix heap out of bounds read in
DrawDashPolygon().
- CVE-2017-14314
* SECURITY UPDATE: Null pointer dereference in ReadPNMImage()
- debian/patches/CVE-2017-14504.patch: Require that XV 332 format have 256
colors.
- CVE-2017-14504
* SECURITY UPDATE: DoS (crash) assertion failure in magick/pixel_cache.c
- debian/patches/CVE-2017-14649.patch: Validate JNG data properly.
- CVE-2017-14649
* SECURITY UPDATE: Heap-based buffer over-read in ReadRLEImage()
- debian/patches/CVE-2017-14733.patch: Fully rationalize Ncolors when Alpha
flag is present.
- CVE-2017-14733
* SECURITY UPDATE: Null pointer dereference in ReadDCMImage()
- debian/patches/CVE-2017-14994.patch: DCM_ReadNonNativeImages() can produce
image list with no frames, resulting in null image pointer.
- CVE-2017-14994
* SECURITY UPDATE: Integer underflow in ReadPICTImage()
- debian/patches/CVE-2017-14997.patch: Avoid unsigned underflow leading to
astonishingly large allocation request.
- CVE-2017-14997
* SECURITY UPDATE: Resource leak in ReadGIFImage()
- debian/patches/CVE-2017-15277.patch: Assure that global colormap is fully
initialized.
- CVE-2017-15277
* SECURITY UPDATE: Null pointer dereference in ReadOneJNGImage()
- debian/patches/CVE-2017-15930-1.patch: Fix possible use of NULL pointer
when transferring JPEG scanlines.
- debian/patches/CVE-2017-15930-2.patch: Add more checks for use of null
PixelPacket pointer.
- debian/patches/CVE-2017-15930-3.patch: Reject JNG files with unreasonable
dimensions given the file size.
- debian/patches/CVE-2017-15930-4.patch: Ensure that reasonable exception
gets reported on read failure.
- CVE-2017-15930
* SECURITY UPDATE: Heap-based buffer overflow in DescribeImage()
- debian/patches/CVE-2017-16352.patch: Fix possible heap write overflow
while describing visual image directory.
- CVE-2017-16352
* SECURITY UPDATE: Memory information disclosure in DescribeImage()
- debian/patches/CVE-2017-16353.patch: Fix weaknesses while describing the
IPTC profile.
- CVE-2017-16353
-- Eduardo Barretto <email address hidden> Mon, 06 Jan 2020 15:39:05 -0300
-
graphicsmagick (1.3.23-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference in WriteMAPImage()
- debian/patches/CVE-2017-11638_CVE-2017-11642.patch: Fix null pointer
dereference or SEGV if input is not colormapped.
- CVE-2017-11638
- CVE-2017-11642
* SECURITY UPDATE: Memory leak in PersistCache()
- debian/patches/CVE-2017-11641.patch: Fix memory leak while writing Magick
Persistent Cache format.
- CVE-2017-11641
* SECURITY UPDATE: Heap overflow in WriteCMYKImage()
- debian/patches/CVE-2017-11643.patch: Fixed heap overflow with multiple
frames with varying widths.
- CVE-2017-11643
* SECURITY UPDATE: Invalid memory read in SetImageColorCallBack()
- debian/patches/CVE-2017-12935.patch: Reject MNG with too-large dimensions
(over 65535).
- CVE-2017-12935
* SECURITY UPDATE: Use-after-free in ReadWMFImage()
- debian/patches/CVE-2017-12936.patch: Eliminate use of already freed heap
data in error reporting path.
- CVE-2017-12936
* SECURITY UPDATE: Heap-based buffer over-read in ReadSUNImage()
- debian/patches/CVE-2017-12937.patch: Fix heap read overflow while indexing
colormap in bilevel decoder.
- CVE-2017-12937
* SECURITY UPDATE: Heap-based buffer overflow vulnerability
- debian/patches/CVE-2017-13063_CVE-2017-13064_CVE-2017-13065.patch: Fix
buffer-overflow and inconsistent behavior in GetStyleTokens().
- CVE-2017-13063
- CVE-2017-13064
- CVE-2017-13065
* SECURITY UPDATE: Heap-based buffer over-read in SFWScan
- debian/patches/CVE-2017-13134.patch: Fix heap buffer overflow in
SFWScan().
- CVE-2017-13134
* SECURITY UPDATE: Invalid free in MagickFree()
- debian/patches/CVE-2017-13737.patch: NumberOfObjectsInArray() must round
down, rather than up.
- CVE-2017-13737
* SECURITY UPDATE: DoS in ReadJNXImage()
- debian/patches/CVE-2017-13775.patch: Fix DOS issues.
- CVE-2017-13775
* SECURITY UPDATE: DoS in ReadXBMImage()
- debian/patches/CVE-2017-13776_CVE-2017-13777.patch: Fix DOS issues.
- CVE-2017-13776
- CVE-2017-13777
-- Eduardo Barretto <email address hidden> Thu, 12 Dec 2019 11:31:23 -0300
-
graphicsmagick (1.3.23-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Allocation failure vulnerability
- debian/patches/CVE-2017-13147.patch: deal with too-large MNG chunks in
coders/png.c
- CVE-2017-13147
* SECURITY UPDATE: Allocation failure vulnerability
- debian/patches/CVE-2017-14042.patch: PNM for binary formats, verify
sufficient backing file data before memory request.
- CVE-2017-14042
* SECURITY UPDATE: DoS (out-of-bounds read and crash) via a small samples
per pixel value in a CMYKA TIFF file.
- debian/patches/CVE-2017-6335.patch: Fix out of bounds access when reading
CMYKA tiff which claims wrong samples/pixel.
- CVE-2017-6335
* SECURITY UPDATE: Buffer overflow while processing an RGB TIFF picture with
metadata.
- debian/patches/CVE-2017-10794.patch: Use a generalized method to enforce
that buffer overflow can not happen while importing pixels.
- CVE-2017-10794
* SECURITY UPDATE: DoS (out-of-memory) when processing a DPX image with
metadata.
- debian/patches/CVE-2017-10799.patch: Estimate minimum required file sized
based on header, and reject files with insufficient data.
- CVE-2017-10799
* SECURITY UPDATE: DoS (crash) while reading a JNG file via a zero-length
color_image data structure.
- debian/patches/CVE-2017-11102.patch: Stop crash due to zero-length color_image
while reading a JNG.
- CVE-2017-11102
* SECURITY UPDATE: DoS (resource consumption) via a crafted JPEG file.
- debian/patches/CVE-2017-11140.patch: Defer creating pixel cache until first
scanline.
- CVE-2017-11140
* SECURITY UPDATE: Use-after-free via a crafted MNG file.
- debian/patches/CVE-2017-11403-1.patch: Fix out-of-order CloseBlob() and
DestroyImageList() that caused a use-after-free crash.
- debian/patches/CVE-2017-11403-2.patch: Improve fix of use-after-free.
- CVE-2017-11403
* SECURITY UPDATE: Heap overflow when processing multiple frames that have
non-identical widths.
- debian/patches/CVE-2017-11636.patch: Fixed heap overflow with multiple
frames with varying widths.
- CVE-2017-11636
* SECURITY UPDATE: NULL pointer deference in the WritePCLImage() function.
- debian/patches/CVE-2017-11637.patch: Fix null pointer dereference in
writing monochrome images.
- CVE-2017-11637
-- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:36:23 -0300
-
graphicsmagick (1.3.23-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS (crash) via a crafted SVG file.
- debian/patches/CVE-2016-2317_part1.patch: Fix heap buffer overflow
- debian/patches/CVE-2016-2317_part2.patch: Fix stack buffer overflow
- debian/patches/CVE-2016-2317_part3.patch: Fix segmentation violation
- CVE-2016-2317
* SECURITY UPDATE: DoS (NULL pointer dereference) via a crafted SVG
file.
- debian/patches/CVE-2016-2318.patch: Make SVG path and other
primitive parsing more robust
- CVE-2016-2318
* SECURITY UPDATE: Arbitrary code execution via shell metacharacters in
a crafted image file.
- debian/patches/CVE-2016-3714.patch: Remove delegates support for
reading gnuplot files.
- CVE-2016-3714
* SECURITY UPDATE: Remote attackers are able to delete arbitrary files
via a crafted image.
- debian/patches/CVE-2016-3715.patch: remove undocumented "TMP" magic
prefix.
- CVE-2016-3715
* SECURITY UPDATE: Remote attackers can move arbitrary files via a
crafted image.
- debian/patches/CVE-2016-3716_part1.patch: Ignore the file extension
on MSL files.
- debian/patches/CVE-2016-3716_part2.patch: Do not auto-detect MVG
format based on file extension.
- CVE-2016-3716
* SECURITY UPDATE: Remote attackers can read arbitrary files via a
crafted image.
- debian/patches/CVE-2016-3717.patch: fix in delegates.mgk.in
- CVE-2016-3717
* SECURITY UPDATE: Remote attackers can conduct server-side request
forgery (SSRF) attacks via a crafted image.
- debian/patches/CVE-2016-3718.patch: fix in render.c
- CVE-2016-3718
* SECURITY UPDATE: Remote attackers can execute arbitrary files via a
pipe character at the start of a filename.
- debian/patches/CVE-2016-5118.patch: remove support for reading
input from a shell command or writing output to a shell command
- CVE-2016-5118
* SECURITY UPDATE: Remote attackers can execute arbitrary commands via
unspecified vectors.
- debian/patches/CVE-2016-5239.patch: remove delegates support for
Gnuplot and varios other file types.
- CVE-2016-5239
* SECURITY UPDATE: Remote attackers to cause a DoS (infinite loop) by
converting a circularly defined SVG file.
- debian/patches/CVE-2016-5240.patch: endless loop problem caused by
negative stroke-dasharray arguments
- CVE-2016-5240
* SECURITY UPDATE: Remote attackers to cause DoS (arithmetic exception
and application crash) via a crafted svg file.
- debian/patches/CVE-2016-5241.patch: Fix divide-by-zero problem if
fill or stroke pattern image has zero columns or rows
- CVE-2016-5241
* SECURITY UPDATE: Buffer overflow in MVG and SVG rendering code.
- debian/patches/CVE-2016-7446.patch: fix in svg.c
- CVE-2016-7446
* SECURITY UPDATE: Heap buffer overflow in the EscapeParenthesis.
- debian/patches/CVE-2016-7447.patch: re-wrote the implementation of
EscapeParenthesis() in annotate.c
- CVE-2016-7447
* SECURITY UPDATE: DoS (CPU consumption or large memory allocations)
via vectors involving the header information and the file size.
- debian/patches/CVE-2016-7448_part1.patch: fix in rle.c
- debian/patches/CVE-2016-7448_part2.patch: fix in rle.c
- CVE-2016-7448
* SECURITY UPDATE: DoS (out-of-bounds heap read) via a file containing
an "unterminated" string.
- debian/patches/CVE-2016-7449.patch: fix a heap buffer read overrun
if buffer not null terminated
- CVE-2016-7449
* SECURITY UPDATE: Integer underflow in the parse8BIM function.
- debian/patches/CVE-2016-7800.patch: fix unsigned underflow.
- CVE-2016-7800
* SECURITY UPDATE: Heap buffer overflow and DoS in the WPG format
reader.
- debian/patches/CVE-2016-7996_CVE-2016-7997.patch: fix in wpg.c
- CVE-2016-7996
- CVE-2016-7997
* SECURITY UPDATE: DoS (out-of-bounds read) via a crafted SCT header.
- debian/patches/CVE-2016-8682.patch: Fix stack-buffer read overflow
while reading SCT file header.
- CVE-2016-8682
* SECURITY UPDATE: Memory allocation failure and a "file truncation
error for corrupt file" via a crafted PCX image.
- debian/patches/CVE-2016-8683.patch: check that filesize is
reasonable given header.
- CVE-2016-8683
* SECURITY UPDATE: Memory allocation failure and a "file truncation
error for corrupt file" via a crafted SGI image.
- debian/patches/CVE-2016-8684.patch: Check that filesize is
reasonable given header.
- CVE-2016-8684
* SECURITY UPDATE: DoS (crash) via a large dimensions in a jpeg image.
- debian/patches/CVE-2016-9830.patch: enforce spec requirement that
the dimensions of the JPEG embedded in a JDAT chunk must match the
JHDR dimensions.
- CVE-2016-9830
-- Eduardo Barretto <email address hidden> Thu, 01 Nov 2018 15:03:05 -0300
-
graphicsmagick (1.3.23-1build1) xenial; urgency=medium
* Rebuild for Perl 5.22.1.
-- Colin Watson <email address hidden> Fri, 18 Dec 2015 01:08:33 +0000
-
graphicsmagick (1.3.23-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 08 Nov 2015 07:35:33 +0100
-
graphicsmagick (1.3.22-2) unstable; urgency=low
* Transition libgraphicsmagick++-q16-11 to libgraphicsmagick++-q16-12
(closes: #803958).
* Conflict and replace version 1.3.22-1 of libgraphicsmagick++-q16-11 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 03 Nov 2015 23:39:25 +0100
-
graphicsmagick (1.3.22-1) unstable; urgency=low
* New upstream release.
* Update libgraphicsmagick-q16-3 symbols file.
* Update watch file.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 23 Oct 2015 21:01:39 +0200
-
graphicsmagick (1.3.21-4) unstable; urgency=low
* Change C library name to ending with -q16 for QuantumDepth=16 ABI change
and compile shared library to include the QuantumDepth value
(closes: #796310).
* Remove breaks on pdf2djvu.
* Make rebuildable (closes: #796307).
[ Jakub Wilk <email address hidden> ]
* Remove obsolete conflicts/replaces on libgraphicsmagick.
* Version conflicts/replaces on libgraphicsmagick3.
* No longer need to pass -l and -L switches to dh_shlibdeps.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 21 Sep 2015 18:10:49 +0200
-
graphicsmagick (1.3.21-3) unstable; urgency=medium
* libgraphicsmagick++3 and libgraphicsmagick++11 are co-installable
(closes: #795099).
* libgraphicsmagick1-dev needs recent libgraphicsmagick++1-dev
(closes: #795102).
* Fix images symlink for development packages (closes: #795172).
* libgraphicsmagick3 breaks old versions of pdf2djvu .
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 11 Aug 2015 18:40:11 +0200
