-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Dec 2020 21:22:54 +0100 Source: graphicsmagick Architecture: source Version: 1.4+really1.3.35+hg16390-1 Distribution: unstable Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changes: graphicsmagick (1.4+really1.3.35+hg16390-1) unstable; urgency=medium . * Mercurial snapshot, fixing the following security issues: - DrawImage(): Reject pattern image with a dimension of zero, - add private interfaces for allocating memory while respecting resource limits and use them in MVG rendering and MIFF reader code, - WriteMIFFImage(): Update to use resource-limit respecting memory allocators, - adjust test suite memory limit to 128/256/512MB for Q8/Q16/Q32 builds, - ConvertPathToPolygon(): Fix memory leak upon memory reallocation failure, - ReadSVGImage(): Fix memory leak due to CDATA block, and some other possible small leaks, - WritePSImage(): Fix problem when writing PseudoClass mage with a colormap larger than two entries as bilevel, - DrawPolygonPrimitive(): Try to minimize the impact of too many threads due to replicated data, - ConvertPathToPolygon(): Make sure not to leak points from added Edge, - DrawDashPolygon(): Place an aribrary limit on stroke dash polygon unit maximum length, - ConvertPathToPolygon(): Attempt to fix leak of 'points' on memory allocation failure, - BMP: Use resource-limited memory allocator, - DIB: Use resource-limited memory allocator, - FITS: Use resource-limited memory allocator, - WriteJBIGImage(): Use resource-limited memory allocator, - WEBP: Use resource-limited memory allocator, - ReadGIFImage(): Use resource-limited memory allocator when reading the comment extension, - ReadOneJNGImage(): Fix issues related to invoking sub-decoders (which may lead to unexpected behavior), - MAT: Use resource-limited memory allocator. * Update library symbols for this release. Checksums-Sha1: 699fc1b04c41edc366465c0b33629fdb0445db89 2952 graphicsmagick_1.4+really1.3.35+hg16390-1.dsc 621d438acd106def6b9f0210be2f5f5fb6afeb63 5590716 graphicsmagick_1.4+really1.3.35+hg16390.orig.tar.xz 7bf847729f978472c24c7265c240fb3dcc4ed6ae 146844 graphicsmagick_1.4+really1.3.35+hg16390-1.debian.tar.xz Checksums-Sha256: 6c2086c3d2383c22145fc15cd7e741fc49c9536f9116a46ea751c561241a8ca0 2952 graphicsmagick_1.4+really1.3.35+hg16390-1.dsc 573980a285376132abc9ad2635d1d15af17ede0434d1f2dfc9737c8ca5966f92 5590716 graphicsmagick_1.4+really1.3.35+hg16390.orig.tar.xz 9dbecf73242c4bbb90179fdd5d7adcaa497ba61b49608a1bfb94775d32771454 146844 graphicsmagick_1.4+really1.3.35+hg16390-1.debian.tar.xz Files: eaa15e46107aebf04555a90c16ca5103 2952 graphics optional graphicsmagick_1.4+really1.3.35+hg16390-1.dsc 937fa497722daff72c85c01836790711 5590716 graphics optional graphicsmagick_1.4+really1.3.35+hg16390.orig.tar.xz b7811dccd36887ac627dd697f07c787a 146844 graphics optional graphicsmagick_1.4+really1.3.35+hg16390-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl/JVdkACgkQ3OMQ54ZM yL+cYw//X9SjlvpCLrQ8nTJVdIL4umsF66vwY6Xcn1SwbSZ2okth94ra1iANC6zs Ob9a6nFUPq3IucbNoY2yYKLSMxgzToJmTIprLc42OURTgcwJT5G1QM9gIPwhWe4D XxWXJrER1hLZ8HiEBgV97l24Ahx3R1ug2YQxF4wCN2meZ7Sdx4s1XsXvjE9GHlCx 7Yz62RRrFK311mBpQUJUALlqXKcewCUexx0g3Ift4Q4AmIWN9eVUP4WvyV4SY6PB 38Fw+ewkZxv6jSnrFKkiSlvnLtwo0KH1LGXmSQskoW10tI4EfZn+/kPD7w9/Auwt Jys4DQfJYMUtOjYgys+5V2TlMAJVxdUo0L7gkewWQQe0Kt2MgGyYuJB+E0C3QjAN FEjmMHVMpuaIQEhyF5hMDItV0s4UnoJmEJWlYHuW77LUkZVGjKAlPWfxMj+D0BKG 6etxQ9k5YGl7wRKEuVFE8i9s1nKxlRtDuXX3qY1gaEA1BJXnJdxB90hMBxucq+pl Qk+kcYsfENv6ResuxLEx8+AY796BXpX6O2/nV1Bd63i6WCYi3aM1o00mAhl8w0xr N7wmB1zIJPgjSlCGacthn+S8QRi7VKJVIgCp/uesrc0MCKxUuPEC1OHCEp60rKKf YCKIM4b97gZ4M22Tw0gkOeNaRqiWPaTiencuTlU/m9acjZGSlQg= =cCFh -----END PGP SIGNATURE-----