search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

graphicsmagick: security update to 1.3.30 #1257

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

http://www.graphicsmagick.org/NEWS.html#june-23-2018

Security Fixes:

  • GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 238 issues have been opened by oss-fuzz and 230 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
  • SVG/Rendering: Fix heap write overflow of PrimitiveInfo and PointInfo arrays. This is another manefestation of CVE-2016-2317, which should finally be fixed correctly due to active detection/correction of pending overflow rather than using estimation.
MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/1a5f6974fd22097c67f13940492accb8e6e98395. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0294.