1
graphicsmagick (1.1.7-13) unstable; urgency=high
3
* The following problems were found thanks to numerous testcases provided
5
+ coders/pcx.c: Fix heap overflow vulnerability of scanline array
6
with user-supplied input. Closes: #413034
7
Also adds error checks and caps maximum number of colours to prevent
8
segfaults with further testcases. Closes: #414058
9
+ coders/pict.c: Fix integer overflow to prevent overflowing a
10
heap buffer with user-supplied input. Closes: #413036
11
Validate header information to prevent segfaults with further
12
testcases. Closes: #414059
13
+ coders/xwd.c: Check image data more strictly before passing it on to
14
XGetPixel() to circumvent buffer overflow in libX11. Closes: #413040
15
+ Fix various segfaults with corrupt image data due to insufficient
16
validation of return values from SeekBlob(). None of these are
17
currently known to allow code injection.
18
- coders/bmp.c: Add error checks to SeekBlob() calls. Closes: #413031
19
- coders/cineon.c: Likewise. Closes: #413038
20
- coders/icon.c: Likewise. Closes: #413032
21
Extend validation checks to prevent segfaults with
22
further testcases. Closes: #414057
23
- magick/blob.c: Increase robustness of function ReadBlobStream() to
24
mitigate the impact of missing error checks on SeekBlob() calls.
25
+ coders/png.c: Fix NULL pointer dereference due to insufficient
26
validation of image data. Closes: #413035
27
+ coders/pnm.c: Fix segfault on out-of-bounds read access due to
28
insufficient validation of image data. Closes: #413037
29
+ coders/sun.c: Fix segfaults on out-of-bounds read access due to
30
insufficient validation of image data. Closes: #413039
31
* utilities/miff.4: Trim name section of man page, and move overlong
32
line to description. Closes: #390501
33
* debian/graphicsmagick.menu: Show logo on startup from menu, rather
34
than quitting immediately. Thanks Justin B. Rye. Closes: #407464
36
-- Daniel Kobras <kobras@debian.org> Sat, 10 Mar 2007 23:52:50 +0100
38
graphicsmagick (1.1.7-12) unstable; urgency=high
40
* coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
41
Avoid bogus second read in macro call. Patch thanks to Vladimir
42
Nadvornik. (CVE-2007-0770)
44
-- Daniel Kobras <kobras@debian.org> Sat, 10 Feb 2007 15:50:53 +0100
46
graphicsmagick (1.1.7-11) unstable; urgency=medium
48
* config/delegates.mgk.in: Lose obsolete option -2 when calling dcraw
49
delegate. Fixes support for raw image data from digital cameras.
52
-- Daniel Kobras <kobras@debian.org> Sun, 7 Jan 2007 17:59:16 +0100
54
graphicsmagick (1.1.7-10) unstable; urgency=high
56
* coders/png.c: Fix syntax errors in asm controlling code of PNG
58
* debian/changelog: Add recently assigned CVE references to security
59
fixes in previous changelog entry.
60
* debian/control: Recommend package gsfonts that provides the fonts
61
referenced in the default type map.
62
* debian/control: Adjust (build-)dependencies as x-dev package was
63
superseded by x11proto-core-dev. Closes: #397770
64
* debian/Magick.pm: Fix typo in POD section.
66
-- Daniel Kobras <kobras@debian.org> Wed, 13 Dec 2006 19:38:31 +0100
68
graphicsmagick (1.1.7-9) unstable; urgency=high
70
* coders/dcm.c: Fix buffer overflow, thanks to M Joonas Pihlaja.
72
* coders/palm.c: Fix multiple heap overflows, again thanks to M Joonas
73
Pihlaja. (CVE-2006-5456)
75
-- Daniel Kobras <kobras@debian.org> Fri, 29 Sep 2006 15:52:41 +0200
1
77
graphicsmagick (1.1.7-8) unstable; urgency=high
3
79
* coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).