[ubuntu/bionic-proposed] graphicsmagick 1.3.28-2 (Accepted)

Jeremy Bicha jeremy at bicha.net
Sat Mar 31 22:45:25 UTC 2018 

graphicsmagick (1.3.28-2) unstable; urgency=high

  * Backport security fixes:
    - don't use rescale map if it was not allocated,
    - validate number of colormap bits to avoid undefined shift behavior,
    - defend against partial scanf() expression matching, resulting in benign
      use of uninitialized data,
    - don't use rescale map if it was not allocated,
    - fix tile index overflow,
    - reject XPM if it contains non-whitespace control characters,
    - fix forged amount of frames 6755,
    - validate header length and offset properties,
    - fixed memory leak when tile overflows,
    - fix forged amount of frames 7076,
    - check for forged image that overflows file size,
    - validate size request prior to allocation,
    - validate that file size is sufficient for claimed image properties,
    - fix signed integer overflow when computing pixels size,
    - include number of FITS scenes in file size validations,
    - allocate space for null termination and null terminate string,
    - validate that samples per pixel is in valid range,
    - check whether datablock is really read,
    - verify that sufficient backing data exists before allocating memory to
      read it,
    - duplicate image check for data with fixed geometry,
    - CVE-2018-9018: avoid divide-by-zero if delay or timeout properties
      changed while ticks_per_second is zero (closes: #894396),
    - add checks for EOF,
    - validate that PICT rectangles do not have zero dimensions,
    - check image pixel limits before allocating memory for tile.
  * Backport patch to redesign ReadBlobDwordLSB() to be more effective.
  * Backport patch to destroy tile_image in ThrowPICTReaderException() macro
    to simplify logic.
  * Backport patch to remove shadowed tile_image variable which defeats new
    ThrowPICTReaderException() implementation.

Date: 2018-03-31 22:26:19.204905+00:00
Changed-By: Laszlo Boszormenyi <gcs at debian.org>
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/graphicsmagick/1.3.28-2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list