-
graphicsmagick (1.1.7-14) unstable; urgency=high
* magick/image.c: Fix heap overflow in GrayscalePseudoClassImage() on
64bit architectures. (Turned up by Sami Liedes' segv2.viff test case.)
Closes: #418052, #416096
* magick/utility.h: Avoid double free() when calling MagickReallocMemory()
with zero size argument. (Triggered by Sami Liedes' segv2.viff test case.)
Closes: #418053
* coders/tiff.c: Fix segfault with certain TIFF images on amd64 due to
va_list reusal in bogus duplicate vsprintf() call. Thanks to Kurt
Roeckx for the fix. Closes: #415467
* coders/viff.c: Add sanity check to prevent heap overflow reading corrupt
viff images. (Triggered by Sami Liedes' segv.viff test case.)
Closes: #418054
* coders/xwd.c: Fix integer overflow in XWD coders. (Triggered by Sami
Liedes' broken.xwd test case.) Original patch thanks to Larry
Doolittle. Closes: #417862
-- Michael Bienia <email address hidden> Tue, 10 Apr 2007 18:18:16 +0100
-
graphicsmagick (1.1.7-13) unstable; urgency=high
* The following problems were found thanks to numerous testcases provided
by Sami Liedes:
+ coders/pcx.c: Fix heap overflow vulnerability of scanline array
with user-supplied input. Closes: #413034
Also adds error checks and caps maximum number of colours to prevent
segfaults with further testcases. Closes: #414058
+ coders/pict.c: Fix integer overflow to prevent overflowing a
heap buffer with user-supplied input. Closes: #413036
Validate header information to prevent segfaults with further
testcases. Closes: #414059
+ coders/xwd.c: Check image data more strictly before passing it on to
XGetPixel() to circumvent buffer overflow in libX11. Closes: #413040
+ Fix various segfaults with corrupt image data due to insufficient
validation of return values from SeekBlob(). None of these are
currently known to allow code injection.
- coders/bmp.c: Add error checks to SeekBlob() calls. Closes: #413031
- coders/cineon.c: Likewise. Closes: #413038
- coders/icon.c: Likewise. Closes: #413032
Extend validation checks to prevent segfaults with
further testcases. Closes: #414057
- magick/blob.c: Increase robustness of function ReadBlobStream() to
mitigate the impact of missing error checks on SeekBlob() calls.
+ coders/png.c: Fix NULL pointer dereference due to insufficient
validation of image data. Closes: #413035
+ coders/pnm.c: Fix segfault on out-of-bounds read access due to
insufficient validation of image data. Closes: #413037
+ coders/sun.c: Fix segfaults on out-of-bounds read access due to
insufficient validation of image data. Closes: #413039
* utilities/miff.4: Trim name section of man page, and move overlong
line to description. Closes: #390501
* debian/graphicsmagick.menu: Show logo on startup from menu, rather
than quitting immediately. Thanks Justin B. Rye. Closes: #407464
-- Michael Bienia <email address hidden> Wed, 14 Mar 2007 09:55:42 +0000
-
graphicsmagick (1.1.7-12) unstable; urgency=high
* coders/palm.c: Fix regression introduced in patch for CVE-2006-5456.
Avoid bogus second read in macro call. Patch thanks to Vladimir
Nadvornik. (CVE-2007-0770)
graphicsmagick (1.1.7-11) unstable; urgency=medium
* config/delegates.mgk.in: Lose obsolete option -2 when calling dcraw
delegate. Fixes support for raw image data from digital cameras.
Closes: #405960
-- Kees Cook <email address hidden> Thu, 15 Feb 2007 09:53:46 +0000
-
graphicsmagick (1.1.7-10) unstable; urgency=high
* coders/png.c: Fix syntax errors in asm controlling code of PNG
coder.
* debian/changelog: Add recently assigned CVE references to security
fixes in previous changelog entry.
* debian/control: Recommend package gsfonts that provides the fonts
referenced in the default type map.
* debian/control: Adjust (build-)dependencies as x-dev package was
superseded by x11proto-core-dev. Closes: #397770
* debian/Magick.pm: Fix typo in POD section.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 14 Dec 2006 12:01:09 +0000
-
graphicsmagick (1.1.7-9) unstable; urgency=high
* coders/dcm.c: Fix buffer overflow, thanks to M Joonas Pihlaja.
* coders/palm.c: Fix multiple heap overflows, again thanks to M Joonas
Pihlaja.
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 07 Nov 2006 01:52:24 +0000
-
graphicsmagick (1.1.7-8build1) feisty; urgency=low
* Rebuild for ldbl128 change on powerpc and sparc.
-- Matthias Klose <email address hidden> Thu, 2 Nov 2006 10:21:58 +0000
-
graphicsmagick (1.1.7-8) unstable; urgency=high
* coders/xcf.c: Fix buffer overflow in XCF coder (CVE-2006-3743).
* It seems I've fixed the vulnerabilities described in CVE-2006-3744
(coders/sgi.c) independently in the previous upload already while
the original report had been embargoed.
graphicsmagick (1.1.7-7) unstable; urgency=high
* coders/sgi.c: Fix multiple heap overflow vulnerabilities in SGI coder
due to
+ missing boundary checks in SGIDecode();
+ missing validation of pixel depth field;
+ integer overflow via large columns and rows fields (CVE-2006-4144)
Closes: #383333
+ missing validation of chunk size fields (variable 'runlength') in
run-length encoded images.
* coders/sgi.c: Check for bogus values of 'bytes_per_pixel' and 'depth'.
* coders/sgi.c: Fix calculation of internal depth value.
graphicsmagick (1.1.7-6) unstable; urgency=low
* debian/compat: Bump debhelper compatibility level to 5.
* debian/control: Build-depend on debhelper version 5 and up.
* debian/control: Remove redundant Build-Depends-Indep.
* debian/control: Add new package graphicsmagick-dbg containing debugging
symbols for all language bindings and the main executable.
* debian/control: Suggest debugging package where appropriate.
* debian/control: Build-depend on sharutils for uudecode.
* debian/control: Version build-dependency on libwmf-dev. Earlier versions
will fail the testsuite.
* debian/libgraphicsmagick++1.install: There is no libGraphicsMagickWand++,
so don't try to install it.
* debian/libgraphicsmagick{,++}1-dev.install: Remove .la files as long as
nobody's using them.
* debian/rules: Give in and disable strict aliasing for the moment until
we get fixes for all instances that currently break the rules.
* debian/rules: Place all debugging symbols into graphicsmagick-dbg.
* debian/rules: New libwmf yields better image quality than old reference
image in regression test. We cannot patch the binary image directly in
the Debian diff, so add uudecode magic to check and clean targets.
* debian/ski.miff.uu: Updated version of reference image in WMF regression
test. Uuencoded to fit into the Debian diff.
* magick/cache.c: Include definition of HAVE_PREAD before checking its
value. Now really pulls in proper declarations of pread() and pwrite().
-- Martin Pitt <email address hidden> Wed, 13 Sep 2006 20:21:39 +0100
