-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 10 Mar 2007 23:52:50 +0100 Source: graphicsmagick Binary: libgraphicsmagick++1 libgraphics-magick-perl libgraphicsmagick1-dev libgraphicsmagick1 graphicsmagick-libmagick-dev-compat libgraphicsmagick++1-dev graphicsmagick-dbg graphicsmagick graphicsmagick-imagemagick-compat Architecture: source all i386 Version: 1.1.7-13 Distribution: unstable Urgency: high Maintainer: Daniel Kobras <kobras@debian.org> Changed-By: Daniel Kobras <kobras@debian.org> Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1 - format-independent image processing - C++ shared library libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick1 - format-independent image processing - C shared library libgraphicsmagick1-dev - format-independent image processing - C development files Closes: 390501 407464 413031 413032 413034 413035 413036 413037 413038 413039 413040 414057 414058 414059 Changes: graphicsmagick (1.1.7-13) unstable; urgency=high . * The following problems were found thanks to numerous testcases provided by Sami Liedes: + coders/pcx.c: Fix heap overflow vulnerability of scanline array with user-supplied input. Closes: #413034 Also adds error checks and caps maximum number of colours to prevent segfaults with further testcases. Closes: #414058 + coders/pict.c: Fix integer overflow to prevent overflowing a heap buffer with user-supplied input. Closes: #413036 Validate header information to prevent segfaults with further testcases. Closes: #414059 + coders/xwd.c: Check image data more strictly before passing it on to XGetPixel() to circumvent buffer overflow in libX11. Closes: #413040 + Fix various segfaults with corrupt image data due to insufficient validation of return values from SeekBlob(). None of these are currently known to allow code injection. - coders/bmp.c: Add error checks to SeekBlob() calls. Closes: #413031 - coders/cineon.c: Likewise. Closes: #413038 - coders/icon.c: Likewise. Closes: #413032 Extend validation checks to prevent segfaults with further testcases. Closes: #414057 - magick/blob.c: Increase robustness of function ReadBlobStream() to mitigate the impact of missing error checks on SeekBlob() calls. + coders/png.c: Fix NULL pointer dereference due to insufficient validation of image data. Closes: #413035 + coders/pnm.c: Fix segfault on out-of-bounds read access due to insufficient validation of image data. Closes: #413037 + coders/sun.c: Fix segfaults on out-of-bounds read access due to insufficient validation of image data. Closes: #413039 * utilities/miff.4: Trim name section of man page, and move overlong line to description. Closes: #390501 * debian/graphicsmagick.menu: Show logo on startup from menu, rather than quitting immediately. Thanks Justin B. Rye. Closes: #407464 Files: 62c16dd1a966cc3703d939e5e631e578 1089 graphics optional graphicsmagick_1.1.7-13.dsc 34b11738f6ec597cefd284aa17e56728 47181 graphics optional graphicsmagick_1.1.7-13.diff.gz 401775cfa57f13d07607eda630f31ec5 925592 graphics optional graphicsmagick_1.1.7-13_i386.deb eb8fd00dc0cc13c9385dc4a2011bd477 1172710 libs optional libgraphicsmagick1_1.1.7-13_i386.deb 7be558e465c1ac10c1308a9789c7bdfb 1532382 libdevel optional libgraphicsmagick1-dev_1.1.7-13_i386.deb eac39808678d2c3235966c186110aac0 245250 libs optional libgraphicsmagick++1_1.1.7-13_i386.deb 1b9518c49e9fe768a85efe61bcbc7c00 514120 libdevel optional libgraphicsmagick++1-dev_1.1.7-13_i386.deb 2b9cc5fb3390e0997a8503bfc1c11d41 154704 perl optional libgraphics-magick-perl_1.1.7-13_i386.deb f3597da10f4e72a5ddf57fcc1bda0d7d 1315930 graphics extra graphicsmagick-dbg_1.1.7-13_i386.deb 0e3e1367fae72388c11061ac513b5a60 10580 graphics extra graphicsmagick-imagemagick-compat_1.1.7-13_all.deb ec7ba8c445472f56d6989116dac7c613 14132 graphics extra graphicsmagick-libmagick-dev-compat_1.1.7-13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFF80pgpOKIA4m/fisRAgw8AJ9Xs5X7SksUzzqrqtib/dyfw2BIDwCfXCkW UIKZmkuXW1ywyiBFs8iSWgc= =lyVN -----END PGP SIGNATURE----- Accepted: graphicsmagick-dbg_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/graphicsmagick-dbg_1.1.7-13_i386.deb graphicsmagick-imagemagick-compat_1.1.7-13_all.deb to pool/main/g/graphicsmagick/graphicsmagick-imagemagick-compat_1.1.7-13_all.deb graphicsmagick-libmagick-dev-compat_1.1.7-13_all.deb to pool/main/g/graphicsmagick/graphicsmagick-libmagick-dev-compat_1.1.7-13_all.deb graphicsmagick_1.1.7-13.diff.gz to pool/main/g/graphicsmagick/graphicsmagick_1.1.7-13.diff.gz graphicsmagick_1.1.7-13.dsc to pool/main/g/graphicsmagick/graphicsmagick_1.1.7-13.dsc graphicsmagick_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/graphicsmagick_1.1.7-13_i386.deb libgraphics-magick-perl_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/libgraphics-magick-perl_1.1.7-13_i386.deb libgraphicsmagick++1-dev_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/libgraphicsmagick++1-dev_1.1.7-13_i386.deb libgraphicsmagick++1_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/libgraphicsmagick++1_1.1.7-13_i386.deb libgraphicsmagick1-dev_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/libgraphicsmagick1-dev_1.1.7-13_i386.deb libgraphicsmagick1_1.1.7-13_i386.deb to pool/main/g/graphicsmagick/libgraphicsmagick1_1.1.7-13_i386.deb