2 security issues in stretch

package:
graphicsmagick
severity:
high
created:
2020-03-21
last updated:
2020-03-26

There are 2 open security issues in stretch.
2 important issues:
  • CVE-2019-12921: In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG.
  • CVE-2020-10938: GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
Please fix them.