Debian Package Tracker

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted graphicsmagick 1.4+really1.3.34-1 (source) into unstable
Date: Tue, 24 Dec 2019 22:19:32 +0000
Signed by: Laszlo Boszormenyi <gcs@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 24 Dec 2019 20:23:10 +0000
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.34-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 947311
Changes:
 graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high
 .
   * New upstream release, fixing the following security issues among others:
     - PNMInteger(): Place a generous arbitrary limit on the amount of PNM
       comment text to avoid DoS opportunity,
     - MagickClearException(): Destroy any existing exception info before
       re-initializing the exception info or else there will be a memory leak,
     - HuffmanDecodeImage(): Fix signed overflow on range check which leads
       to heap overflow,
     - ReadMNGImage(): Only magnify the image if the requested magnification
       methods are supported,
     - GenerateEXIFAttribute(): Add validations to prevent heap buffer
       overflow,
     - DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern
       of cloned draw_info are not null,
     - CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit
       is exceeded (closes: #947311).
   * Build with Google Thread-Caching Malloc library.
   * Update Standards-Version to 4.4.1 .
Checksums-Sha1:
 73fc1f17fbc94baea4e5111019b8546b4cc4f181 2921 graphicsmagick_1.4+really1.3.34-1.dsc
 cc1b77b7f2e4b0b345f97f7963704dbb4d0d3e3b 5518784 graphicsmagick_1.4+really1.3.34.orig.tar.xz
 c793d05ccefe672547c80eedac4d5d28ad2ebcec 145408 graphicsmagick_1.4+really1.3.34-1.debian.tar.xz
Checksums-Sha256:
 6118d442f7b281f7c1d3f6c2c35ef568b284b542b604a21b1de29ec32651f46e 2921 graphicsmagick_1.4+really1.3.34-1.dsc
 df009d5173ed0d6a0c6457234256c5a8aeaace782afa1cbab015d5a12bd4f7a4 5518784 graphicsmagick_1.4+really1.3.34.orig.tar.xz
 c7ef185a4f6754d31c24daa86aa7050929ae56fe1b3b19ada28dd0689d4498de 145408 graphicsmagick_1.4+really1.3.34-1.debian.tar.xz
Files:
 14ecfec8534d09dd48d78014bbd8e933 2921 graphics optional graphicsmagick_1.4+really1.3.34-1.dsc
 045d5355aeb70cbb67d898120405a6d0 5518784 graphics optional graphicsmagick_1.4+really1.3.34.orig.tar.xz
 b52b4c192b7842da70592285f18d0a90 145408 graphics optional graphicsmagick_1.4+really1.3.34-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl4CiZQACgkQ3OMQ54ZM
yL9A8xAAjlVS1wptNk0MsYAlcyHHh2bTCUIvhXCrjtvVOjO4Mew2+yTw30/lBbPR
uE/9oaE2kT/2z5AcF06Q/Ljx93up5e/0jJkSxVw5lVex0zx373RXX6IwWA6kk03P
bMYL4JbGdaNMYr7aVu/4ZzZbZjEQ87RrKK84R8PTvMuObLU7WN9TSVrjPtGrVnD3
2XB0/ekMXHqNzTs8mwU7p+UsuzDoNxGVp4t5h4U3KFkj2VXUuoBFJGDE9XN8p19U
rJV67GfWTJeXldpRFAKgNQynyUDRTAjbBnu5Ocn8Vsi1/Rjc1xdZsPgXCfRkMyId
p4/Op3yKC+AQ79GxWGjegp+jEE8HKy69eARJZAw60YPZcBUQdOraQ4wlpN2o7wTp
NUVhfw1y9ifNRIqPooBIE9xbG5ItFGN2OmXetdcsoDsplBj2xfpRBH43Rh6RrZXj
Vt7r5UxfWAMrP2ny4+lPOpSZetr9d3PuoIw2nhHu00hYP2OGbqNHH+QbVBvoYfqo
07qNi79hRc2MsqYWU2oqzdMOFz/2Dd8HMS5/FJkWs0st6yIs7OGJSkL9LkMRdiI7
9ItqC86kPFDduf/3c2bwi79sEy2dcymSvV4oB/haDesH8YOn0n2Vr1pSRxx6HRCf
/IMXhJ9CvgV5QufdaCvZ02dJ4ry7A5KUa61vDhgiCh6unqWCXcQ=
=t+mR
-----END PGP SIGNATURE-----
News for package graphicsmagick
