-
graphicsmagick (1.3.28-2ubuntu0.2) bionic-security; urgency=medium
* No-change rebuild for jbigkit security update.
-- Camila Camargo de Matos <email address hidden> Fri, 17 Mar 2023 08:39:01 -0300
-
graphicsmagick (1.3.28-2ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow in the WriteTGAImage function.
- debian/patches/CVE-2018-20184.patch: reject image rows/columns larger than
65535.
- CVE-2018-20184
* SECURITY UPDATE: Heap based buffer over-read in the ReadBMPImage function.
- debian/patches/CVE-2018-20185-1.patch: Only compute unsigned_maxvalue if
sample_bits <= 32.
- debian/patches/CVE-2018-20185-2.patch: Fix heap overflow in 32-bit due
to arithmetic overflow.
- debian/patches/CVE-2018-20185-3.patch: Improve buffer size calculations
to guard against arithmetic overflow.
- CVE-2018-20185
* SECURITY UPDATE: DoS (crash) in ReadDIBImage.
- debian/patches/CVE-2018-20189.patch: DIB images claiming more than 8-bits
per pixel are not colormapped.
- CVE-2018-20189
* SECURITY UPDATE: Stack-based buffer overflow in the function
SVGStartElement.
- debian/patches/CVE-2019-11005.patch: Fix stack buffer overflow while
parsing quoted font family value.
- CVE-2019-11005
* SECURITY UPDATE: Heap-based buffer over-read in the function ReadMIFFImage.
- debian/patches/CVE-2019-11006.patch: Detect end of file while reading
RLE packets.
- CVE-2019-11006
* SECURITY UPDATE: Heap-based buffer over-read in the function ReadMNGImage.
- debian/patches/CVE-2019-11007-1.patch: New function to reallocate an
image colormap.
- debian/patches/CVE-2019-11007-2.patch: Fix small buffer overflow (one
PixelPacket) of image colormap.
- CVE-2019-11007
* SECURITY UPDATE: Heap-based buffer overflow in the function WriteXWDImage.
- debian/patches/CVE-2019-11008.patch: Perform more header validations, a
file size validation, and fix arithmetic overflows leading to heap
overwrite.
- CVE-2019-11008
* SECURITY UPDATE: Heap-based buffer over-read in the function ReadXWDImage.
- debian/patches/CVE-2019-11009.patch: Fix heap buffer overflow while
reading DirectClass XWD file.
- CVE-2019-11009
* SECURITY UPDATE: Memory leak in the function ReadMPCImage.
- debian/patches/CVE-2019-11010.patch: Deal with a profile length of zero,
or an irrationally large profile length.
- CVE-2019-11010
* SECURITY UPDATE: DoS (out-of-bounds read, floating-point exception and
crash) by crafting an XWD image file.
- debian/patches/CVE-2019-11473_11474-1.patch: Add more validation logic to
avoid crashes due to FPE and invalid reads.
- debian/patches/CVE-2019-11473_11474-2.patch: Address header-directed
arbitrary memory allocation.
- debian/patches/CVE-2019-11473_11474-3.patch: Address segmentation
violation and invalid memory read with more validations.
- CVE-2019-11473
- CVE-2019-11474
* SECURITY UPDATE: Heap-based buffer overflow in the function WritePDBImage.
- debian/patches/CVE-2019-11505.patch: Use correct bits/sample rather than
image->depth. Avoids potential buffer overflow.
- CVE-2019-11505
* SECURITY UPDATE: Heap-based buffer overflow in the function
WriteMATLABImage.
- debian/patches/CVE-2019-11506.patch: Add completely missing error
handling.
- CVE-2019-11506
-- Eduardo Barretto <email address hidden> Thu, 28 Nov 2019 11:12:37 -0300
-
graphicsmagick (1.3.28-2) unstable; urgency=high
* Backport security fixes:
- don't use rescale map if it was not allocated,
- validate number of colormap bits to avoid undefined shift behavior,
- defend against partial scanf() expression matching, resulting in benign
use of uninitialized data,
- don't use rescale map if it was not allocated,
- fix tile index overflow,
- reject XPM if it contains non-whitespace control characters,
- fix forged amount of frames 6755,
- validate header length and offset properties,
- fixed memory leak when tile overflows,
- fix forged amount of frames 7076,
- check for forged image that overflows file size,
- validate size request prior to allocation,
- validate that file size is sufficient for claimed image properties,
- fix signed integer overflow when computing pixels size,
- include number of FITS scenes in file size validations,
- allocate space for null termination and null terminate string,
- validate that samples per pixel is in valid range,
- check whether datablock is really read,
- verify that sufficient backing data exists before allocating memory to
read it,
- duplicate image check for data with fixed geometry,
- CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
changed while ticks_per_second is zero (closes: #894396),
- add checks for EOF,
- validate that PICT rectangles do not have zero dimensions,
- check image pixel limits before allocating memory for tile.
* Backport patch to redesign ReadBlobDwordLSB() to be more effective.
* Backport patch to destroy tile_image in ThrowPICTReaderException() macro
to simplify logic.
* Backport patch to remove shadowed tile_image variable which defeats new
ThrowPICTReaderException() implementation.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 31 Mar 2018 11:05:51 +0000
-
graphicsmagick (1.3.28-1) unstable; urgency=high
* New upstream release, fixing the following security issues among others:
- BMP: Fix non-terminal loop due to unexpected bit-field mask value
(DOS opportunity),
- PALM: Fix heap buffer underflow in builds with QuantumDepth=8,
- SetNexus() Fix heap overwrite under certain conditions due to using a
wrong destination buffer,
- TIFF: Fix heap buffer read overflow in LocaleNCompare() when parsing
NEWS profile.
* Remove previously backported security patches.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 20 Jan 2018 20:19:29 +0000
-
graphicsmagick (1.3.27-4) unstable; urgency=high
* Fix CVE-2018-5685: infinite loop in ReadBMPImage() (closes: #887158).
* Fix memory leak of global colormap.
* Fix memory leak of chunk and mng_info in error path.
* Update Standards-Version to 4.1.3 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 15 Jan 2018 19:06:43 +0000
-
graphicsmagick (1.3.27-3) unstable; urgency=high
* Fix heap-buffer-overflow on LocaleNCompare() .
* Add some assertions to verify that the image pointer provided by libwebp
is valid.
* Fix NULL pointer dereference in ReadMNGImage() .
* Fix CVE-2017-17913: stack-buffer-overflow in WriteWEBPImage() .
* Fix CVE-2017-17915: heap-buffer-overflow in ReadMNGImage() .
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 27 Dec 2017 22:12:30 +0000
-
graphicsmagick (1.3.27-2) unstable; urgency=high
* Fix CVE-2017-17782: heap-based buffer over-read in ReadOneJNGImage()
(closes: #884905).
* Fix CVE-2017-17783: buffer over-read in ReadPALMImage() (closes: #884904).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 25 Dec 2017 17:18:01 +0000
-
graphicsmagick (1.3.27-1) unstable; urgency=medium
* New upstream release.
* Remove previously backported security patches.
* Update library symbols for this release.
* Add libwebp-dev dependency to libgraphicsmagick1-dev (closes: #863564).
* Update Standards-Version to 4.1.2 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 10 Dec 2017 17:12:28 +0000
-
graphicsmagick (1.3.26-19) unstable; urgency=high
* Fix CVE-2017-16669: heap buffer overflow in AcquireCacheNexus()
(closes: #881391).
* Fix CVE-2017-13134: heap buffer overflow in SFWScan() (closes: #881524).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 11 Nov 2017 09:12:53 +0000
-
graphicsmagick (1.3.26-18) unstable; urgency=high
* Fix CVE-2017-16547: remote denial of service (negative strncpy and
application crash).
* Fix CVE-2017-16545: NULL pointer dereference (write) with malformed WPG
image.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 06 Nov 2017 17:02:07 +0000
-
graphicsmagick (1.3.26-17) unstable; urgency=high
* Fix CVE-2017-16353: heap read overflow vulnerability in DescribeImage() .
* Fix CVE-2017-16352: heap-based buffer overflow vulnerability in
DescribeImage() .
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 02 Nov 2017 05:57:25 +0000
-
graphicsmagick (1.3.26-16build1) bionic; urgency=medium
* No-change rebuild against perlapi-5.26.1
-- Steve Langasek <email address hidden> Thu, 02 Nov 2017 05:34:24 +0000
-
graphicsmagick (1.3.26-16) unstable; urgency=high
* Fix CVE-2017-15930: NULL pointer dereference while transferring JPEG
scanlines (closes: #879999).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 28 Oct 2017 17:54:09 +0000
-
graphicsmagick (1.3.26-15) unstable; urgency=high
* Fix CVE-2017-13737: invalid free in MagickFree() (closes: #878511).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 15 Oct 2017 20:03:26 +0000