Debian Package Tracker

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted graphicsmagick 1.4~hg15873-1 (source) into unstable
Date: Fri, 21 Dec 2018 01:49:12 +0000
Signed by: Laszlo Boszormenyi <gcs@gcs.org.hu>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 20 Dec 2018 19:04:33 +0000
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick-q16-3 libgraphicsmagick1-dev libgraphicsmagick++-q16-12 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source
Version: 1.4~hg15873-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++-q16-12 - format-independent image processing - C++ shared library
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick-q16-3 - format-independent image processing - C shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
Closes: 916719 916721 916752
Changes:
 graphicsmagick (1.4~hg15873-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues:
     - WriteImage(): Eliminate use of just-freed memory in clone_info->magick,
     - ReadMIFFImage(): Fix memory leak of profiles 'name' when claimed length
       is zero,
     - WriteXPMImage(): Assure that added colormap entry for transparent XPM
       is initialized,
     - ReadMNGImage(): Fix non-terminal MNG looping,
     - ReadMIFFImage(): Sanitize claimed profile size before allocating memory
       for it,
     - CVE-2018-20185: ReadBMPImage(): Fix heap overflow in 32-bit build due
       to arithmetic overflow (closes: #916719),
     - CVE-2018-20184: WriteTGAImage(): Image rows/columns must not be larger
       than 65535 (closes: #916721),
     - ReadTIFFImage(): More validations and stricter error reporting,
     - ReadMIFFImage(): Detect and reject zero-length deflate-encoded row in
       MIFF version 0,
     - CVE-2018-20189: ReadDIBImage(): DIB images claiming more than 8-bits
       per pixel are not colormapped (closes: #916752).
   * Add pkg-config to build dependency for FreeType 2.9.1+ detection.
   * Update library symbols for this release.
Checksums-Sha1:
 570a64fc1c84f10e250fe16658ec184ad5feda11 2855 graphicsmagick_1.4~hg15873-1.dsc
 b8b928725b9dc11ae384492fa9a3fff72ea5249e 8601140 graphicsmagick_1.4~hg15873.orig.tar.xz
 01104bf756373ea16b215370920e7dc82076ed18 142760 graphicsmagick_1.4~hg15873-1.debian.tar.xz
 cd484cf006c65e55aa2a4fc67d4bbdffffc147f8 11902 graphicsmagick_1.4~hg15873-1_amd64.buildinfo
Checksums-Sha256:
 9693950df9b7ada072bd3a01e63ef777f632fd2ea29e41ffc721120ad38fa9d3 2855 graphicsmagick_1.4~hg15873-1.dsc
 7fd10c6f70273af33d40671195682f1b3a8bb478523388e49eee98b0fceda930 8601140 graphicsmagick_1.4~hg15873.orig.tar.xz
 e7ee0d298f63f06906d01b95bf9adc05c0c4e06ca3f9f4108a249088d1aca57e 142760 graphicsmagick_1.4~hg15873-1.debian.tar.xz
 b418fd324f3be55c2b8827c39f063c3b5c864f3e6f9f8d752e530ba236937f57 11902 graphicsmagick_1.4~hg15873-1_amd64.buildinfo
Files:
 6d743b2f0ce9591b00615b495d1eba94 2855 graphics optional graphicsmagick_1.4~hg15873-1.dsc
 436d86adba099cf081c25fda5203d4b0 8601140 graphics optional graphicsmagick_1.4~hg15873.orig.tar.xz
 4997053a300319d4e660d0f70e595e27 142760 graphics optional graphicsmagick_1.4~hg15873-1.debian.tar.xz
 ed36e05e528f8b06a7637e17e9b13f7b 11902 graphics optional graphicsmagick_1.4~hg15873-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlwcQq4ACgkQ3OMQ54ZM
yL8ZLg/+O7y8a5z7x0kvywOfrEfcox5siIv/0OY4U5WuVorc/SlKTptcmc/U5t8u
bGGgRvP9U1RhFTXM9KvOxsDU9jo48ZbuS6K9HjxvUDM3zxgNqCtcuQI7A7dVIrml
qKAdaY6cjKDqjVcRw0HjXmuXf9cy8b8RzPWaA3VRRZ3Hd+RDmu6YICVE8cGEvMrq
2dM0dC4Ih1LAt7DfvHt4l0Hvha1B8dxo0KSbP74F6dmtimXFDb2C9Okxl5JVi0sJ
rk/9ZvAHN0pmrBjCegJuYtmI6u6vvZtNmkSPO+hyhidhqKT/8uEMoHJA2Wbg9RwN
KGHjhXH7OWooeKvH7d3BP8DWGmunx4tbevQ43ncRTEhys4GHlq2EajiRITJiMwdb
bc6+oqv50j3tIWms7NmX3g58irnOE8/acsAOlHmsVVRYdJBtfjBlyDrBwUH2mfp/
Y/ClSNQQsaaBCqAJcnocqjfpcvgDXD+xmeWutSjk+zivNRQKIDxyo0jiUDT9s9QT
B3GZS5rx1qsQG+6RrEsT11jnTL4esLRiMLavqJO5htKkNt5x/yKyp7vsmR9qR7xE
lr+as848W7UWsZWajvFXvv17Qh3HGSWulPW+atBFkNzsPZzt/3+kCF5ZkA6ipMxT
U+EwY49ljer/dRYsxp2W5t9xCAo7PW4ezw0PAFWABa5BPPcW8Kc=
=0f0w
-----END PGP SIGNATURE-----
News for package graphicsmagick
