Debian Package Tracker

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted graphicsmagick 1.4~hg15896-1 (source) into unstable
Date: Sat, 16 Feb 2019 16:34:39 +0000
Signed by: Laszlo Boszormenyi <gcs@gcs.org.hu>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 16 Feb 2019 15:19:56 +0000
Source: graphicsmagick
Architecture: source
Version: 1.4~hg15896-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changes:
 graphicsmagick (1.4~hg15896-1) unstable; urgency=high
 .
   * Mercurial snapshot, fixing the following security issues:
     - ReadMNGImage(): Quit processing and report error upon failure to insert
       MNG background layer preventing out of memory issues,
     - ReadMIFFImage(): Improve pixel buffer calculations to defend against
       overflow,
     - ReadTIFFImage(): Make sure that image is in DirectClass mode and ignore
       any claimed colormap when the image is read using various functions,
     - ReadWPGImage(): Assure that all colormap entries are initialized,
     - DecodeImage(): Avoid a one-byte over-read of pixels heap allocation,
     - ReadTIFFImage(): Assure that opacity channel is initialized in the
       RGBAStrippedMethod case,
     - ReadMNGImage(): Bound maximum loop iterations by subrange as a
       primitive means of limiting resource consumption preventing out of
       memory issues,
     - CVE-2019-7397: WritePDFImage(): Make sure to free 'xref' before
       returning preventing several memory leaks,
     - ReadTIFFImage(): For planar TIFF, make sure that pixels are initialized
       in case some planes are missing.
Checksums-Sha1:
 01790e27c4fce91982d0042bd0148e016b6b691e 2855 graphicsmagick_1.4~hg15896-1.dsc
 14921a9db8d44b5aa35c457257ce7cfe073a4924 8538776 graphicsmagick_1.4~hg15896.orig.tar.xz
 15a3e94945aa54a329438837914f262d9fcb2968 143200 graphicsmagick_1.4~hg15896-1.debian.tar.xz
 e79cae2a217f1490ea6b20c6bb8ae457eafa5657 11909 graphicsmagick_1.4~hg15896-1_amd64.buildinfo
Checksums-Sha256:
 442cafed9e49126a4fafa39e1e77d847ba86587781da8c1182dedadfc7c788e6 2855 graphicsmagick_1.4~hg15896-1.dsc
 3927f931e80d786374a049b7f571b5c9aa2cae7b39b09cc71513beb6dba91e3d 8538776 graphicsmagick_1.4~hg15896.orig.tar.xz
 2f9ecba61ddd2fd63dab18ec0593d7f101e6ec4ae4b83baa22b5c042bdfd34bd 143200 graphicsmagick_1.4~hg15896-1.debian.tar.xz
 08db747e57a4d036d2bb9d6887c90584db8256c6eaa35139e1ffd349271e8372 11909 graphicsmagick_1.4~hg15896-1_amd64.buildinfo
Files:
 1990037a463ffd40c0cdd93dd3e460b3 2855 graphics optional graphicsmagick_1.4~hg15896-1.dsc
 340873b54746800e714ca3e52332a1f0 8538776 graphics optional graphicsmagick_1.4~hg15896.orig.tar.xz
 d26879f82dd592b65858eef566999449 143200 graphics optional graphicsmagick_1.4~hg15896-1.debian.tar.xz
 e2740994a2e476486433115f00eac9a9 11909 graphics optional graphicsmagick_1.4~hg15896-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlxoNsMACgkQ3OMQ54ZM
yL+pxw//e0qfcSSQaoZK9c/BXJmL0nkDzwZHqFCirt0CI0oob/ccG9DRu+wDNh6E
WQ1zrNklx/TfnkPsIWwpUeLxbLO3Os+4VxBpXDiJkCWgms7NrREkQnMqOnQYZ3lY
gRF/VMGDRi9C6JHfB17pT70Je7SshpX8j868cW9ffC45J83zQNGz6zL0wqrcIqcT
aSOrUd5uZpTWNpPNzL5Lgx9WOslQUoe2AJdxYpbWtWtg/f8WCN3W0zQRMaVd8eiv
BZZZgsSXRcjRAD7oprHovdSbW4uSA+vXBloTUisp7DYGxOpqeruSlPk+rahwdLzi
thhRqSxFz7HR5ZzJO7rlVSqWYgXW3Ue2u63ky665xGcJ+0Q7fojULk/iy31urFqW
D6ebOZqqGGCwnJV+finNSa955Ovjk9Bvx03WL5UvYfOSE5YUfiBRYI8JSWmaR4Lp
UMgsjsquUqQj7+79edE98dmKkEca5lM1eEoXo8j5LQpXN4jLe2NB30cNAFd2fJI5
BE4Qj3qiNiR0hpVT6AGlWJFt4YQ3oNLTqwvin8ZsWTHvzqt3DA8O2WQNCIUceia3
1MEn5Rz5taM9WIQNavlRqKmtak9s5585Uy0gfZoCUM35T3JW6UBcKz0WV4rCwK7f
89k//IghBgouEb40lL6gIKBEgPzrJ7YhEwuU+ATforo4y6oVOxw=
=36qU
-----END PGP SIGNATURE-----
News for package graphicsmagick
