Format: 1.8 Date: Sat, 31 Mar 2018 11:05:51 +0000 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: amd64 all Version: 1.3.28-2 Distribution: bionic-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Laszlo Boszormenyi (GCS) Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick-q16-3 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Closes: 894396 Changes: graphicsmagick (1.3.28-2) unstable; urgency=high . * Backport security fixes: - don't use rescale map if it was not allocated, - validate number of colormap bits to avoid undefined shift behavior, - defend against partial scanf() expression matching, resulting in benign use of uninitialized data, - don't use rescale map if it was not allocated, - fix tile index overflow, - reject XPM if it contains non-whitespace control characters, - fix forged amount of frames 6755, - validate header length and offset properties, - fixed memory leak when tile overflows, - fix forged amount of frames 7076, - check for forged image that overflows file size, - validate size request prior to allocation, - validate that file size is sufficient for claimed image properties, - fix signed integer overflow when computing pixels size, - include number of FITS scenes in file size validations, - allocate space for null termination and null terminate string, - validate that samples per pixel is in valid range, - check whether datablock is really read, - verify that sufficient backing data exists before allocating memory to read it, - duplicate image check for data with fixed geometry, - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties changed while ticks_per_second is zero (closes: #894396), - add checks for EOF, - validate that PICT rectangles do not have zero dimensions, - check image pixel limits before allocating memory for tile. * Backport patch to redesign ReadBlobDwordLSB() to be more effective. * Backport patch to destroy tile_image in ThrowPICTReaderException() macro to simplify logic. * Backport patch to remove shadowed tile_image variable which defeats new ThrowPICTReaderException() implementation. Checksums-Sha1: b43ef060aa603481809eb863d07631ca31ed8a93 3313680 graphicsmagick-dbg_1.3.28-2_amd64.deb a28c40641415d0e1e561cb4f3e0d307f3d48bb9b 5900 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb 5ce4f6e2dcae0250308bd537499ebcb8fb3f9ad2 9292 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb 5ebb45597da1711fdadd845a643fe49679ae36ce 11493 graphicsmagick_1.3.28-2_amd64.buildinfo 87931535d4276422317b4cd52f138a7b0f6e5f48 634192 graphicsmagick_1.3.28-2_amd64.deb acbf79b2cec905d916a18e4ab3d2d46efeb7da9f 52632 libgraphics-magick-perl_1.3.28-2_amd64.deb 62004edc43c7527df3bbe0ef603eef18a5234296 101728 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb e5a585a75c76b8eb94954b8eed7cb45aca66d0b3 269152 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb 6c683c9d829099a82368613f0ed93b521f63a4d0 1111876 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb 0993b39f84a84c1fcf7b9596fe18861884d48c07 1335636 libgraphicsmagick1-dev_1.3.28-2_amd64.deb Checksums-Sha256: a8dcc446fccfec645c72ed1c830172e392c51ed1f84c75d5f99f95b1fe602ca6 3313680 graphicsmagick-dbg_1.3.28-2_amd64.deb cfcdf1de469b9a7d06bdbf022103d3b4fbfd73d253a38fc8564fdd5160e49096 5900 graphicsmagick-imagemagick-compat_1.3.28-2_all.deb e92a902610e85a1ebfc3c86a2c19c537c0e9cac5736397eff1f9a0dc0566d464 9292 graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb f767e746252877e7eda3af82cf2e171439602370d50b2b925501955280d7bce4 11493 graphicsmagick_1.3.28-2_amd64.buildinfo db7805a9efbf236c37d1e7009e665a0bcd078712e039bfb0fa7bc729588fa6ae 634192 graphicsmagick_1.3.28-2_amd64.deb dcfde3cb10afd463536a66c1f2e4cc97fd8da14c7806591ee7e33eabc3beedf4 52632 libgraphics-magick-perl_1.3.28-2_amd64.deb 4e0710fc0e419ed6b2a45c0d8587e8ed929b09637de3d6f2da05096764af8413 101728 libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb 945b4ac32da55e6f8b428ca16b60e35d0df0d6dde028b2894d9aa652d8a4b407 269152 libgraphicsmagick++1-dev_1.3.28-2_amd64.deb 9e9656171854920dce7b2d19005dccf0416906718d3a5133f08234ecc56e97a5 1111876 libgraphicsmagick-q16-3_1.3.28-2_amd64.deb 9bf16462aa340c69c26b35867ebb45165205619c3fd5664bab6e8be0e48d7633 1335636 libgraphicsmagick1-dev_1.3.28-2_amd64.deb Files: c13e3feaeebbfa842974271d74e782d9 3313680 debug optional graphicsmagick-dbg_1.3.28-2_amd64.deb c6ed6cb39936f735445ba2410b3c5ed7 5900 graphics optional graphicsmagick-imagemagick-compat_1.3.28-2_all.deb 5beea332969fec3a9188cf8a44fd2264 9292 graphics optional graphicsmagick-libmagick-dev-compat_1.3.28-2_all.deb 0d729f028f8b3a98c29eabb6f005b77d 11493 graphics optional graphicsmagick_1.3.28-2_amd64.buildinfo 4e7a1e7d6038b67f524242eb160ad74b 634192 graphics optional graphicsmagick_1.3.28-2_amd64.deb 51e710532eceb5b3c9d0af8fe167befb 52632 perl optional libgraphics-magick-perl_1.3.28-2_amd64.deb bae5952df95a6db85b2c1797e16b4ae9 101728 libs optional libgraphicsmagick++-q16-12_1.3.28-2_amd64.deb 75f07e0a4a6e4d0b75ad844b46311edb 269152 libdevel optional libgraphicsmagick++1-dev_1.3.28-2_amd64.deb 1936f13a831e34d132dac512240a16b4 1111876 libs optional libgraphicsmagick-q16-3_1.3.28-2_amd64.deb becc78e6c3353869d85727754dac6c43 1335636 libdevel optional libgraphicsmagick1-dev_1.3.28-2_amd64.deb