-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 28 Feb 2019 17:50:19 +0000 Source: graphicsmagick Architecture: source Version: 1.4~hg15916-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <[email protected]> Changed-By: Laszlo Boszormenyi (GCS) <[email protected]> Changes: graphicsmagick (1.4~hg15916-1) unstable; urgency=high . * Mercurial snapshot, fixing the following security issues: - ReadTIFFImage(): Only disassociate alpha channel for images where photometic is PHOTOMETRIC_RGB, - DrawDashPolygon(): Heap buffer overflow when parsing SVG images, - DrawPrimitive(): Add arithmetic overflow checks when converting computed coordinates from 'double' to 'long', - DrawImage(): Don't destroy draw_info in graphic_context when draw_info has not been allocated yet, - RenderFreetype(): Eliminate memory leak of GlyphInfo.image, - DrawDashPolygon(): Heap-buffer-overflow via read beyond end of dash pattern array, - ReadMIFFImage(): Tally directory length to avoid death by strlen(), - ReadMPCImage(): Tally directory length to avoid death by strlen(), - ReallocColormap(): Make sure that there is not a heap overwrite if the number of colors has been reduced. * Update library symbols for this release. Checksums-Sha1: 95db1c8a6863afc032d70a8848f80dcd4488c247 2855 graphicsmagick_1.4~hg15916-1.dsc 7cbdcd057d146efa0830bc50a2e829e1f8fc31f8 8658092 graphicsmagick_1.4~hg15916.orig.tar.xz da2df1fd79ba2856a7cbbd04aa74e5f8e4cd7f3b 143424 graphicsmagick_1.4~hg15916-1.debian.tar.xz 6d1c2b48a3f7dbff27276aa7cd1031f8ad296d02 11900 graphicsmagick_1.4~hg15916-1_amd64.buildinfo Checksums-Sha256: d53819f9ca5758fd4ba8420175d4ab20a62cdc0725a3ba2eef0462b3b5063ead 2855 graphicsmagick_1.4~hg15916-1.dsc 4fe0a4e6ec2598300f0ca4ebb8b63733ae56f58dbff13e2c634173370fceda37 8658092 graphicsmagick_1.4~hg15916.orig.tar.xz 6aa8ca659042542b380ff791c1474bfe7d3563a592d39f07421444e365735266 143424 graphicsmagick_1.4~hg15916-1.debian.tar.xz 9119595c84e98a177ed2f0c5d289c4b678ae056ea8bca289232fd9e0a2ff9899 11900 graphicsmagick_1.4~hg15916-1_amd64.buildinfo Files: 56baa7eba70bab3cfd88a77187ed06b7 2855 graphics optional graphicsmagick_1.4~hg15916-1.dsc 4e9e2aff2435ef18d8ae7e768dd13250 8658092 graphics optional graphicsmagick_1.4~hg15916.orig.tar.xz ff480ccaff96c5a5297fa16e1dcd24f3 143424 graphics optional graphicsmagick_1.4~hg15916-1.debian.tar.xz 87178be8c8ad9de8bad4e05443625d22 11900 graphics optional graphicsmagick_1.4~hg15916-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlx4Qw4ACgkQ3OMQ54ZM yL8vBw//Shez8pVQrW4as/yjgjXUId+PnBg7iAkU1fQlq2jKNxGTwNH3niREpoXo Qp65QwXkHD13AeAVSSu7CWSJjdC18w2IcWrWJo8+4CHVO2M0Wc1sm7o9Q5unnT4c 3iofD9kRaG+IoMys4VsYdkUFE61IbPlmV648yidOu6UX18Bs6WrlWvM8lJevQUVX WGOMa1Kt099h+jRcPWdSanGC25HX7BLNV6HAbVy7F9Qvs4L35qtPx6v03h9Kv3uj sNE+zIK/jBbVR3h9fhWAGfySAWvgA4Y2GpvL4Ok4FX20k8qEaCm8RCYFJnriPKI0 2D5xWZuLXi7YQBKeKW8D/tuVugfA65Vm7LEs7xc5VSpBxWfKL2lxPnly1zZtDtBg maXn7dbPF/+xScVsga7molhDWZVA7WmBrWC209fKxGoCgXr3fbt7tccjBglQz1yi xJDqIn6PFdoQ32x9zDiuaE8gwTqGGmR7hbPdVdjukn2U291Sq0Gkb/YIcY/PCoR6 Vr5EIN5JB6+TGyNfrzi0zGX9WxbWjcxT/6dYPW0tDmI2baDM/iFjuomxnSxzyPNr GTrfuDC9wlBanWV8yTThB34MS3gEIoF5FftIvqdkMx79G0Pf8ONHZKUoiez96hCr X22pNyaJo9+Nmz2s/0oPj9MkBUn0dPX16+BOeiIq2q4sYl+4iug= =NkXo -----END PGP SIGNATURE-----
