graphicsmagick 1.3.30+hg15796-1 source package in Ubuntu

Changelog

graphicsmagick (1.3.30+hg15796-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues:
    - WEBP: Fix compiler warnings regarding uninitialized structure members,
    - ReadJPEGImage(): Allow libjpeg to use 1/5th of the total memory limit,
    - ReadJPEGImage(): Make sure that JPEG pixels array is initialized in
      case libjpeg fails to completely initialize it,
    - WriteOnePNGImage(): Free png_pixels as soon as possible,
    - ReadMIFFImage(): Detect EOF when reading using ReadBlobZC() and avoid
      subsequent heap read overflow,
    - ReadMVGImage(): Don't assume that in-memory MVG blob is a
      null-terminated C string,
    - ReadMVGImage(): Don't allow MVG files to side-load a file as the
      drawing primitive using '@' syntax,
    - FileToBlob(): Use confirm access APIs to verify that read access is
      allowed, and verify that file is a regular file,
    - ExtractTokensBetweenPushPop() needs to always return a valid pointer
      into the primitive string,
    - DrawPolygonPrimitive(): Fix leak of polygon set when object is
      completely outside image,
    - SetNexus(): For requests one pixel tall, SetNexus() was wrongly using
      pixels in-core rather than using a staging area for the case where the
      nexus rows extend beyond the image raster boundary,
    - ReadCINEONImage(): Quit immediately on EOF and detect short files,
    - ReadMVGImage(): Fix memory leak,
    - Add mechanism to approve embedded subformats in WPG,
    - ReadXBMImage(): Add validations for row and column dimensions,
    - MAT InsertComplexFloatRow(): Avoid signed overflow,
    - InsertComplexFloatRow(): Try not to lose the previous intention while
      avoiding signed overflow,
    - XBMInteger(): Limit the number of hex digits parsed to avoid signed
      integer overflow,
    - MAT: More aggresive data corruption checking,
    - MAT: Correctly check GetBlobSize(image) even for zipstreams inside
      blob,
    - MAT: Explicitly reject non-seekable streams,
    - DrawImage(): Add missing error-reporting logic to return immediately
      upon memory reallocation failure. Apply memory resource limits to
      PrimitiveInfo array allocation,
    - MagickAtoFChk(): Add additional validation checks for floating point
      values. NAN and +/- INFINITY values also map to 0.0 ,
    - ReadMPCImage()/(ReadMIFFImage(): Insist that the format be identified
      prior to any comment, and that there is only one comment,
    - ConvertPrimitiveToPath(): Enlarge PathInfo array allocation to avoid
      possible heap write overflow,
    - WPG: Fix intentional 64 bit file offset overflow,
    - DrawImage(): Be more precise about error detection and reporting,
    - TranslateTextEx(): Fix off-by-one in loop bounds check which allowed a
      one-byte stack write overflow,
    - DrawImage(): Fix excessive memory consumption due to
      SetImageAttribute() appending values,
    - QuantumTransferMode(): CIE Log images with an alpha channel are not
      supported,
    - ConvertPrimitiveToPath(): Second attempt to prevent heap write
      overflow of PathInfo array,
    - ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder,
    - MIFF and MPC, need to avoid leaking value allocation (day-old bug),
    - ReadSFWImage(): Enforce that file is read using the JPEG reader,
    - FindEXIFAttribute()/GenerateEXIFAttribute(): Change size types from
      signed to unsigned and check for unsigned overflow,
    - GenerateEXIFAttribute(): Eliminate undefined shift,
    - TraceEllipse(): Detect arithmetic overflow when computing the number of
      points to allocate for an ellipse,
    - ReadMNGImage(): mng_LOOP chunk must be at least 5 bytes long,
    - ReadJPEGImage(): Apply a default limit of 100 progressive scans before
      the reader quits with an error.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 24 Sep 2018 21:54:36 +0000

Upload details

Uploaded by:
Laszlo Boszormenyi
Uploaded to:
Sid
Original maintainer:
Laszlo Boszormenyi
Architectures:
any all
Section:
graphics
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
graphicsmagick_1.3.30+hg15796-1.dsc 2.8 KiB f3a23feb7d6b177115f97af4f4b22ddde077e5afaa09375b03a44b5af10fb654
graphicsmagick_1.3.30+hg15796.orig.tar.xz 26.1 MiB b6748d7368f686c346c90b9077699568d1b60a25e820b7fe2d68168bad4c80b7
graphicsmagick_1.3.30+hg15796-1.debian.tar.xz 139.1 KiB 4174b0d655d497447fbd43dd1a60f5b9936d6052ffa934d59d3a5d7e8b0afb15

Available diffs

No changes file available.

Binary packages built by this source

graphicsmagick: No summary available for graphicsmagick in ubuntu disco.

No description available for graphicsmagick in ubuntu disco.

graphicsmagick-dbg: No summary available for graphicsmagick-dbg in ubuntu disco.

No description available for graphicsmagick-dbg in ubuntu disco.

graphicsmagick-imagemagick-compat: No summary available for graphicsmagick-imagemagick-compat in ubuntu cosmic.

No description available for graphicsmagick-imagemagick-compat in ubuntu cosmic.

graphicsmagick-libmagick-dev-compat: No summary available for graphicsmagick-libmagick-dev-compat in ubuntu disco.

No description available for graphicsmagick-libmagick-dev-compat in ubuntu disco.

libgraphics-magick-perl: No summary available for libgraphics-magick-perl in ubuntu disco.

No description available for libgraphics-magick-perl in ubuntu disco.

libgraphicsmagick++-q16-12: No summary available for libgraphicsmagick++-q16-12 in ubuntu cosmic.

No description available for libgraphicsmagick++-q16-12 in ubuntu cosmic.

libgraphicsmagick++1-dev: No summary available for libgraphicsmagick++1-dev in ubuntu disco.

No description available for libgraphicsmagick++1-dev in ubuntu disco.

libgraphicsmagick-q16-3: No summary available for libgraphicsmagick-q16-3 in ubuntu cosmic.

No description available for libgraphicsmagick-q16-3 in ubuntu cosmic.

libgraphicsmagick1-dev: No summary available for libgraphicsmagick1-dev in ubuntu cosmic.

No description available for libgraphicsmagick1-dev in ubuntu cosmic.