graphicsmagick 1.3.24-1 source package in Ubuntu
Changelog
graphicsmagick (1.3.24-1) unstable; urgency=high * New upstream release, focusing on security fixes for the following image formats: - DIB: fix out of bound reads and add more header validations, - JNG: file size limits are enforced, - MATLAB: fix DoS and hang on corrupt deflate stream, - META (Embedded Image Profiles): fix out of bounds reads and writes, - MIFF (Magick): fix thrown assertion, - CVE-2016-3716: Magick Scripting Language file processing is not done by default but need to be prefixed with 'msl:', - Magick Vector Graphics file processing is not done by default but need to be prefixed with 'mvg:' and prevent head overflow problems, - PCX: fix unreasonable memory allocation due to intentionally corrupt file, - PDB: fix heap buffer overflow and out of bounds read, - PICT: fix out of bounds write, - CVE-2016-3717: for PostScript files always run Ghostscript with -dSAFER for safer execution, - PSD: fix segmentation violations, heap buffer overflows and out of bound writes, - RLE: fix out of bounds reads and writes, - ReadImages(): fix possible infinite recursion due to a crafted input file, - RotateImage(): fix thrown assertion, - SGI: fix out of bounds writes, - SUN: fix out of bounds reads and writes, - SVG: fix CVE-2016-2317 and CVE-2016-2318, heap and stack buffer overflows, as well as segmentation violations (closes: #814732); also fix endless loop, unexpectedly large memory allocation, divide by zero and recursion issues, - TIFF: fix assertion while reading and fix benign heap overflow, - VIFF: fix excessive memory allocation with intentonally corrupted input file, - XCF: fix heap buffer overflow, - XPM: fix several heap buffer overflows and out of bound reads/writes; also fix a case of excessive memory allocation, - CVE-2016-5118: popen() shell vulnerability via filename that contains '|', remove pipe support entirely (closes: #825800); file names starting with a '|' character are no longer interpreted as shell commands to be executed as input or output, - default.mgk file has been pared down in order to reduce security exposure, - CVE-2016-3714: Gnuplot ('gplt' delegate) support for rendering these files is removed since the format is inherently insecure, - CVE-2016-3715: adding a 'tmp:' prefix to a filename no longer removes the file since this seems dangerous, - CVE-2016-3718: sanity check the image file path or URL before passing it to ReadImage(), - fix several Coverity issues like dereference after null check, multiple resource leaks and logically dead code. * Update library symbols for this release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 30 May 2016 20:02:31 +0000
Upload details
- Uploaded by:
- Laszlo Boszormenyi
- Uploaded to:
- Sid
- Original maintainer:
- Laszlo Boszormenyi
- Architectures:
- any all
- Section:
- graphics
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
graphicsmagick_1.3.24-1.dsc | 2.7 KiB | 536288f4304702480a6e89e2265606bcea8118af2527c9eb1cb27d5ad01b1621 |
graphicsmagick_1.3.24.orig.tar.bz2 | 7.3 MiB | b060a4076308f93c25d52c903ad9a07e71b402dcb2a5c62356384865c129dff2 |
graphicsmagick_1.3.24-1.debian.tar.xz | 134.2 KiB | 4c7642a8f148d09fd8c2f079c0c245d3e167a5465c2694afc204e11723ffe745 |
Available diffs
- diff from 1.3.23-3 to 1.3.24-1 (258.8 KiB)
No changes file available.
Binary packages built by this source
- graphicsmagick: No summary available for graphicsmagick in ubuntu yakkety.
No description available for graphicsmagick in ubuntu yakkety.
- graphicsmagick-dbg: No summary available for graphicsmagick-dbg in ubuntu yakkety.
No description available for graphicsmagick-dbg in ubuntu yakkety.
- graphicsmagick-dbgsym: No summary available for graphicsmagick-dbgsym in ubuntu yakkety.
No description available for graphicsmagick-
dbgsym in ubuntu yakkety.
- graphicsmagick-imagemagick-compat: No summary available for graphicsmagick-imagemagick-compat in ubuntu yakkety.
No description available for graphicsmagick-
imagemagick- compat in ubuntu yakkety.
- graphicsmagick-libmagick-dev-compat: No summary available for graphicsmagick-libmagick-dev-compat in ubuntu yakkety.
No description available for graphicsmagick-
libmagick- dev-compat in ubuntu yakkety.
- libgraphics-magick-perl: No summary available for libgraphics-magick-perl in ubuntu yakkety.
No description available for libgraphics-
magick- perl in ubuntu yakkety.
- libgraphics-magick-perl-dbgsym: No summary available for libgraphics-magick-perl-dbgsym in ubuntu yakkety.
No description available for libgraphics-
magick- perl-dbgsym in ubuntu yakkety.
- libgraphicsmagick++-q16-12: No summary available for libgraphicsmagick++-q16-12 in ubuntu yakkety.
No description available for libgraphicsmagi
ck++-q16- 12 in ubuntu yakkety.
- libgraphicsmagick++-q16-12-dbgsym: No summary available for libgraphicsmagick++-q16-12-dbgsym in ubuntu yakkety.
No description available for libgraphicsmagi
ck++-q16- 12-dbgsym in ubuntu yakkety.
- libgraphicsmagick++1-dev: No summary available for libgraphicsmagick++1-dev in ubuntu yakkety.
No description available for libgraphicsmagi
ck++1-dev in ubuntu yakkety.
- libgraphicsmagick++1-dev-dbgsym: No summary available for libgraphicsmagick++1-dev-dbgsym in ubuntu yakkety.
No description available for libgraphicsmagi
ck++1-dev- dbgsym in ubuntu yakkety.
- libgraphicsmagick-q16-3: No summary available for libgraphicsmagick-q16-3 in ubuntu yakkety.
No description available for libgraphicsmagi
ck-q16- 3 in ubuntu yakkety.
- libgraphicsmagick-q16-3-dbgsym: No summary available for libgraphicsmagick-q16-3-dbgsym in ubuntu yakkety.
No description available for libgraphicsmagi
ck-q16- 3-dbgsym in ubuntu yakkety.
- libgraphicsmagick1-dev: No summary available for libgraphicsmagick1-dev in ubuntu yakkety.
No description available for libgraphicsmagi
ck1-dev in ubuntu yakkety.
- libgraphicsmagick1-dev-dbgsym: No summary available for libgraphicsmagick1-dev-dbgsym in ubuntu yakkety.
No description available for libgraphicsmagi
ck1-dev- dbgsym in ubuntu yakkety.