graphicsmagick 1.1.7-13 source package in Ubuntu
Changelog
graphicsmagick (1.1.7-13) unstable; urgency=high
* The following problems were found thanks to numerous testcases provided
by Sami Liedes:
+ coders/pcx.c: Fix heap overflow vulnerability of scanline array
with user-supplied input. Closes: #413034
Also adds error checks and caps maximum number of colours to prevent
segfaults with further testcases. Closes: #414058
+ coders/pict.c: Fix integer overflow to prevent overflowing a
heap buffer with user-supplied input. Closes: #413036
Validate header information to prevent segfaults with further
testcases. Closes: #414059
+ coders/xwd.c: Check image data more strictly before passing it on to
XGetPixel() to circumvent buffer overflow in libX11. Closes: #413040
+ Fix various segfaults with corrupt image data due to insufficient
validation of return values from SeekBlob(). None of these are
currently known to allow code injection.
- coders/bmp.c: Add error checks to SeekBlob() calls. Closes: #413031
- coders/cineon.c: Likewise. Closes: #413038
- coders/icon.c: Likewise. Closes: #413032
Extend validation checks to prevent segfaults with
further testcases. Closes: #414057
- magick/blob.c: Increase robustness of function ReadBlobStream() to
mitigate the impact of missing error checks on SeekBlob() calls.
+ coders/png.c: Fix NULL pointer dereference due to insufficient
validation of image data. Closes: #413035
+ coders/pnm.c: Fix segfault on out-of-bounds read access due to
insufficient validation of image data. Closes: #413037
+ coders/sun.c: Fix segfaults on out-of-bounds read access due to
insufficient validation of image data. Closes: #413039
* utilities/miff.4: Trim name section of man page, and move overlong
line to description. Closes: #390501
* debian/graphicsmagick.menu: Show logo on startup from menu, rather
than quitting immediately. Thanks Justin B. Rye. Closes: #407464
-- Michael Bienia <email address hidden> Wed, 14 Mar 2007 09:55:42 +0000
Upload details
- Uploaded by:
- Michael Bienia
- Uploaded to:
- Feisty
- Original maintainer:
- Daniel Kobras
- Architectures:
- any
- Section:
- graphics
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| graphicsmagick_1.1.7.orig.tar.gz | 5.7 MiB | c8978ed36646f52183ab39bf951d2c14a75ae0eb7207dff2f24685cc0a58a0f4 |
| graphicsmagick_1.1.7-13.diff.gz | 46.1 KiB | a54380d6bbd100f0848aee32b547f7abd51f4e7543553ee5f4134261dfb69723 |
| graphicsmagick_1.1.7-13.dsc | 1.1 KiB | fa625afb5d238b05f599af834a38b562f185994627ac57a7c141b74f96a0d7ad |
Binary packages built by this source
- graphicsmagick: No summary available for graphicsmagick in ubuntu feisty.
No description available for graphicsmagick in ubuntu feisty.
- graphicsmagick-dbg: No summary available for graphicsmagick-dbg in ubuntu feisty.
No description available for graphicsmagick-dbg in ubuntu feisty.
- graphicsmagick-imagemagick-compat: No summary available for graphicsmagick-imagemagick-compat in ubuntu feisty.
No description available for graphicsmagick-
imagemagick- compat in ubuntu feisty.
- graphicsmagick-libmagick-dev-compat: No summary available for graphicsmagick-libmagick-dev-compat in ubuntu feisty.
No description available for graphicsmagick-
libmagick- dev-compat in ubuntu feisty.
- libgraphics-magick-perl: No summary available for libgraphics-magick-perl in ubuntu feisty.
No description available for libgraphics-
magick- perl in ubuntu feisty.
- libgraphicsmagick++1: No summary available for libgraphicsmagick++1 in ubuntu feisty.
No description available for libgraphicsmagi
ck++1 in ubuntu feisty.
- libgraphicsmagick++1-dev: No summary available for libgraphicsmagick++1-dev in ubuntu feisty.
No description available for libgraphicsmagi
ck++1-dev in ubuntu feisty.
- libgraphicsmagick1: No summary available for libgraphicsmagick1 in ubuntu feisty.
No description available for libgraphicsmagick1 in ubuntu feisty.
- libgraphicsmagick1-dev: No summary available for libgraphicsmagick1-dev in ubuntu feisty.
No description available for libgraphicsmagi
ck1-dev in ubuntu feisty.
