-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 24 Dec 2019 20:23:10 +0000
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.34-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org>
Closes: 947311
Changes:
graphicsmagick (1.4+really1.3.34-1) unstable; urgency=high
.
* New upstream release, fixing the following security issues among others:
- PNMInteger(): Place a generous arbitrary limit on the amount of PNM
comment text to avoid DoS opportunity,
- MagickClearException(): Destroy any existing exception info before
re-initializing the exception info or else there will be a memory leak,
- HuffmanDecodeImage(): Fix signed overflow on range check which leads
to heap overflow,
- ReadMNGImage(): Only magnify the image if the requested magnification
methods are supported,
- GenerateEXIFAttribute(): Add validations to prevent heap buffer
overflow,
- DrawPatternPath(): Don't leak memory if fill_pattern or stroke_pattern
of cloned draw_info are not null,
- CVE-2019-19953: PICT: Throw a writer exception if the PICT width limit
is exceeded (closes: #947311).
* Build with Google Thread-Caching Malloc library.
* Update Standards-Version to 4.4.1 .
Checksums-Sha1:
73fc1f17fbc94baea4e5111019b8546b4cc4f181 2921
graphicsmagick_1.4+really1.3.34-1.dsc
cc1b77b7f2e4b0b345f97f7963704dbb4d0d3e3b 5518784
graphicsmagick_1.4+really1.3.34.orig.tar.xz
c793d05ccefe672547c80eedac4d5d28ad2ebcec 145408
graphicsmagick_1.4+really1.3.34-1.debian.tar.xz
Checksums-Sha256:
6118d442f7b281f7c1d3f6c2c35ef568b284b542b604a21b1de29ec32651f46e 2921
graphicsmagick_1.4+really1.3.34-1.dsc
df009d5173ed0d6a0c6457234256c5a8aeaace782afa1cbab015d5a12bd4f7a4 5518784
graphicsmagick_1.4+really1.3.34.orig.tar.xz
c7ef185a4f6754d31c24daa86aa7050929ae56fe1b3b19ada28dd0689d4498de 145408
graphicsmagick_1.4+really1.3.34-1.debian.tar.xz
Files:
14ecfec8534d09dd48d78014bbd8e933 2921 graphics optional
graphicsmagick_1.4+really1.3.34-1.dsc
045d5355aeb70cbb67d898120405a6d0 5518784 graphics optional
graphicsmagick_1.4+really1.3.34.orig.tar.xz
b52b4c192b7842da70592285f18d0a90 145408 graphics optional
graphicsmagick_1.4+really1.3.34-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl4CiZQACgkQ3OMQ54ZM
yL9A8xAAjlVS1wptNk0MsYAlcyHHh2bTCUIvhXCrjtvVOjO4Mew2+yTw30/lBbPR
uE/9oaE2kT/2z5AcF06Q/Ljx93up5e/0jJkSxVw5lVex0zx373RXX6IwWA6kk03P
bMYL4JbGdaNMYr7aVu/4ZzZbZjEQ87RrKK84R8PTvMuObLU7WN9TSVrjPtGrVnD3
2XB0/ekMXHqNzTs8mwU7p+UsuzDoNxGVp4t5h4U3KFkj2VXUuoBFJGDE9XN8p19U
rJV67GfWTJeXldpRFAKgNQynyUDRTAjbBnu5Ocn8Vsi1/Rjc1xdZsPgXCfRkMyId
p4/Op3yKC+AQ79GxWGjegp+jEE8HKy69eARJZAw60YPZcBUQdOraQ4wlpN2o7wTp
NUVhfw1y9ifNRIqPooBIE9xbG5ItFGN2OmXetdcsoDsplBj2xfpRBH43Rh6RrZXj
Vt7r5UxfWAMrP2ny4+lPOpSZetr9d3PuoIw2nhHu00hYP2OGbqNHH+QbVBvoYfqo
07qNi79hRc2MsqYWU2oqzdMOFz/2Dd8HMS5/FJkWs0st6yIs7OGJSkL9LkMRdiI7
9ItqC86kPFDduf/3c2bwi79sEy2dcymSvV4oB/haDesH8YOn0n2Vr1pSRxx6HRCf
/IMXhJ9CvgV5QufdaCvZ02dJ4ry7A5KUa61vDhgiCh6unqWCXcQ=
=t+mR
-----END PGP SIGNATURE-----
