On Tue, 20 Sep 2016, László Böszörményi wrote:


Do you think 1.3.25-2 might be the used for a stable update?
Upgrade to a newer version in stable is not easy and I can remember
one, maybe two cases when it was allowed.
In this case I'm not sure it should be the path.

1.3.25 is the "fix" for security issues in previous versions. 1.3.20 is the last release in the calm before GraphicsMagick entered Coverity testing (resulting in hundreds of changes) and the availability of ASAN and the subsequent flood of problem files from security researchers using fuzzers like American Fuzzy-Lop, which I fixed as quickly as I could.

There are hundreds of known files (many publically available) which might cause 1.3.20 to crash or consume immense resources.

Unfortunately there was a small ABI break in Magick++ (in 1.3.21) and I did bump its library major version number and reset age.

Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Reply via email to