graphicsmagick 1.4~hg15968-1 source package in Ubuntu

Changelog

graphicsmagick (1.4~hg15968-1) unstable; urgency=high

  * Mercurial snapshot, fixing the following security issues
    (closes: #927029):
    - ReadMATImage(): Report a corrupt image exception if reader encounters
      end of file while reading scanlines (use of uninitialized value in
      IsGrayImag() ),
    - ReadTOPOLImage(): Report a corrupt image if reader encounters end of
      file while reading header rows (use of uninitialized value in
      InsertRow() ),
    - OpenCache(): Use unsigned 64-bit value to store CacheInfo offset and
      length as well as for the total pixels calculation to prevent some more
      arithmetic overflows,
    - SetNexus(): Apply resource limits to pixel nexus allocations to prevent
      arithmetic and integer overflows,
    - SetNexus(): Report error for empty region rather than crashing due to
      divide by zero exception,
    - ReadTXTImage(): Don't start new line if x_max < x_min to avoid floating
      point exception in SetNexus(),
    - ReadMATImage(): Quit if image scanlines are not fully populated due to
      exception to prevent use of uninitialized value in
      InsertComplexFloatRow(),
    - ReadMATImage(): Fix memory leak on unexpected end of file,
    - Throwing an exception is now thread-safe,
    - Fx module error handling/reporting improvements,
    - Fix various uses of allocated memory without checking if memory
      allocation has failed,
    - CVE-2019-11010: ReadMPCImage(): Deal with a profile length of zero, or
      an irrationally large profile length to prevent memory leak,
    - CVE-2019-11007: ReadMNGImage(): Fix small buffer overflow (one
      PixelPacket) of image colormap,
    - CVE-2019-11009: ReadXWDImage(): Fix heap buffer overflow while reading
      DirectClass XWD file,
    - CVE-2019-11006: ReadMIFFImage(): Detect end of file while reading RLE
      packets to prevent heap buffer overflow,
    - CVE-2019-11005: SVGStartElement(): Fix stack buffer overflow while
      parsing quoted font family value,
    - CVE-2019-11008: XWD: Perform more header validations, a file size
      validation, and fix arithmetic overflows leading to heap overwrite,
    - ReadWMFImage(): Reject WMF files with an empty bounding box to prevent
      division by zero problems,
    - WritePDBImage(): Use correct bits/sample rather than image->depth to
      prevent potential buffer overflow,
    - WriteMATLABImage(): Add completely missing error handling to prevent
      heap buffer overflow,
    - SetNexus(): Fix arithmetic overflow while testing x/y offset limits,
    - DrawPrimitive(): Check primitive point x/y values for NaN to prevent
      integer overflow,
    - DrawImage(): Fix integer overflow while validating gradient dimensions,
    - WritePDBImage(): Assure that input scanline is cleared in order to
      cover up some decoder bug to prevent use of uninitialized value,
    - ReadXWDImage(): Add more validation logic to avoid crashes due to FPE
      and invalid reads.
  * Update library symbols for this release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 15 Apr 2019 17:40:12 +0000