Debian Package Tracker - graphicsmagick

general

source: graphicsmagick (main)
version: 1.4+really1.3.32-1
maintainer: Laszlo Boszormenyi (GCS) [DMD]
arch: all any
std-ver: 4.3.0
VCS: unknown

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.3.20-3+deb8u2
o-o-sec: 1.3.20-3+deb8u7
oldstable: 1.3.30+hg15796-1~deb9u2
old-sec: 1.3.30+hg15796-1~deb9u2
stable: 1.4~hg15978-1
testing: 1.4+really1.3.32-1
unstable: 1.4+really1.3.32-1

versioned links

1.3.20-3+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.20-3+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.20-3+deb8u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.3.30+hg15796-1~deb9u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4~hg15978-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.4+really1.3.32-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

graphicsmagick (14 bugs: 0, 12, 2, 0)
graphicsmagick-dbg
graphicsmagick-imagemagick-compat (6 bugs: 0, 6, 0, 0)
graphicsmagick-libmagick-dev-compat (1 bugs: 0, 0, 1, 0)
libgraphics-magick-perl (1 bugs: 0, 1, 0, 0)
libgraphicsmagick++-q16-12
libgraphicsmagick++1-dev (3 bugs: 0, 3, 0, 0)
libgraphicsmagick-q16-3 (1 bugs: 0, 0, 1, 0)
libgraphicsmagick1-dev (4 bugs: 0, 3, 1, 0)

action needed

13 security issues in stretch high

There are 13 open security issues in stretch.

13 important issues:

CVE-2018-20185: In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.
CVE-2019-11006: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadMIFFImage of coders/miff.c, which allows attackers to cause a denial of service or information disclosure via an RLE packet.
CVE-2019-11007: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the ReadMNGImage function of coders/png.c, which allows attackers to cause a denial of service or information disclosure via an image colormap.
CVE-2019-11506: In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c.
CVE-2019-11474: coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (floating-point exception and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
CVE-2018-20184: In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file, because the number of rows or columns can exceed the pixel-dimension restrictions of the TGA specification.
CVE-2018-20189: In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and also colormapping (which is not available beyond 8-bits/sample), and therefore lacks indexes initialization.
CVE-2019-11008: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer overflow in the function WriteXWDImage of coders/xwd.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file.
CVE-2019-11473: coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause a denial of service (out-of-bounds read and application crash) by crafting an XWD image file, a different vulnerability than CVE-2019-11008 and CVE-2019-11009.
CVE-2019-11505: In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c.
CVE-2019-11009: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a heap-based buffer over-read in the function ReadXWDImage of coders/xwd.c, which allows attackers to cause a denial of service or information disclosure via a crafted image file.
CVE-2019-11005: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a stack-based buffer overflow in the function SVGStartElement of coders/svg.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a quoted font family value.
CVE-2019-11010: In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.

Please fix them.

Created: 2018-12-18 Last update: 2019-07-09 05:06

Depends on packages which need a new maintainer normal

The packages that graphicsmagick depends on which need a new maintainer are:

libwmf (#866817)
- Build-Depends: libwmf-dev
- Depends: libwmf0.2-7 libwmf0.2-7 libwmf-dev

Created: 2017-12-02 Last update: 2019-07-22 07:14

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-07-22 07:02

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

graphicsmagick-dbg could be marked Multi-Arch: same
libgraphics-magick-perl could be marked Multi-Arch: same

Created: 2018-11-22 Last update: 2019-07-22 04:30

lintian reports 6 warnings normal

Lintian reports 6 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-07-20 Last update: 2019-07-20 05:43

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2017-10800: When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it can lead to a denial of service (OOM) in ReadMATImage() if the size specified for a MAT Object is larger than the actual amount of data.
CVE-2017-17783: In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage in coders/palm.c when QuantumDepth is 8.

Please fix them.

Created: 2016-02-06 Last update: 2019-07-09 05:06

Build log checks report 3 warnings low

Build log checks report 3 warnings

Created: 2017-10-26 Last update: 2018-11-02 04:13

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.3.0).

Created: 2019-07-08 Last update: 2019-07-08 20:08

news

[rss feed]

[2019-07-09] graphicsmagick 1.4+really1.3.32-1 MIGRATED to testing (Debian testing watch)
[2019-06-16] Accepted graphicsmagick 1.4+really1.3.32-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-06-07] Accepted graphicsmagick 1.4~hg16039-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-05-20] Accepted graphicsmagick 1.3.20-3+deb8u7 (source amd64 all) into oldstable (Hugo Lefeuvre)
[2019-05-13] graphicsmagick 1.4~hg15978-1 MIGRATED to testing (Debian testing watch)
[2019-04-27] Accepted graphicsmagick 1.4~hg15978-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-04-25] graphicsmagick 1.4~hg15976-1 MIGRATED to testing (Debian testing watch)
[2019-04-22] Accepted graphicsmagick 1.4~hg15976-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-04-15] Accepted graphicsmagick 1.4~hg15968-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-04-13] Accepted graphicsmagick 1.3.20-3+deb8u6 (source amd64 all) into oldstable (Markus Koschany)
[2019-04-08] graphicsmagick 1.4~hg15916-2 MIGRATED to testing (Debian testing watch)
[2019-04-02] Accepted graphicsmagick 1.4~hg15916-2 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-03-11] graphicsmagick 1.4~hg15916-1 MIGRATED to testing (Debian testing watch)
[2019-02-28] Accepted graphicsmagick 1.4~hg15916-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-02-27] graphicsmagick 1.4~hg15896-1 MIGRATED to testing (Debian testing watch)
[2019-02-16] Accepted graphicsmagick 1.4~hg15896-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2019-02-09] graphicsmagick 1.4~hg15880-1 MIGRATED to testing (Debian testing watch)
[2019-02-06] Accepted graphicsmagick 1.4~hg15880-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-12-27] Accepted graphicsmagick 1.3.20-3+deb8u5 (source amd64 all) into oldstable (Hugo Lefeuvre)
[2018-12-23] graphicsmagick 1.4~hg15873-1 MIGRATED to testing (Debian testing watch)
[2018-12-21] Accepted graphicsmagick 1.4~hg15873-1 (source) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-11-24] graphicsmagick 1.3.31-1 MIGRATED to testing (Debian testing watch)
[2018-11-20] Accepted graphicsmagick 1.3.31-1 (source amd64 all) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-11-01] Accepted graphicsmagick 1.3.30+hg15796-1~deb9u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-10-28] Accepted graphicsmagick 1.3.30+hg15796-1~deb9u2 (source amd64 all) into stable->embargoed, stable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-10-20] Accepted graphicsmagick 1.3.30+hg15796-1~deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-10-16] Accepted graphicsmagick 1.3.30+hg15796-1~deb9u1 (source amd64 all) into stable->embargoed, stable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-09-27] graphicsmagick 1.3.30+hg15796-1 MIGRATED to testing (Debian testing watch)
[2018-09-25] Accepted graphicsmagick 1.3.30+hg15796-1 (source amd64 all) into unstable (Laszlo Boszormenyi (GCS)) (signed by: Laszlo Boszormenyi)
[2018-08-03] Accepted graphicsmagick 1.3.20-3+deb8u4 (source all) into oldstable (Roberto C. Sanchez)

bugs [bug history graph]

all: 30
RC: 0
I&N: 25
M&W: 5
F&P: 0
patch: 3

links

homepage
lintian (0, 6)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.4+really1.3.32-1
4 bugs