From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 12 Mar 2021 04:26:47 +0000 (+0000)
Subject: Merge version 1.4+really1.3.36+hg16462-1+rpi1 and 1.4+really1.3.36+hg16481-1 to produ... 
X-Git-Tag: archive/raspbian/1.4+really1.3.36+hg16481-1+rpi1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c3ae4db8bd51e87f7a6886943c2f0cbaad283ea6;p=graphicsmagick.git

Merge version 1.4+really1.3.36+hg16462-1+rpi1 and 1.4+really1.3.36+hg16481-1 to produce 1.4+really1.3.36+hg16481-1+rpi1
---

071341b4231d24c9edd42e89794a70198ef7a976
diff --cc debian/changelog
index 1ffb9a5,32f4b75..c7f26cc
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,38 +1,45 @@@
- graphicsmagick (1.4+really1.3.36+hg16462-1+rpi1) bullseye-staging; urgency=medium
++graphicsmagick (1.4+really1.3.36+hg16481-1+rpi1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1.4+really1.3.36-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 30 Dec 2020 03:11:26 +0000]
 +  * Ignore test failures, the tests fail on 64-bit kernels.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 19 Feb 2021 08:47:32 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 12 Mar 2021 04:26:47 +0000
++
+ graphicsmagick (1.4+really1.3.36+hg16481-1) unstable; urgency=high
+ 
+   * Mercurial snapshot, fixing the following security issues:
+     - ProcessStyleClassDefs(): fix non-terminal loop caused by a
+       self-referential list which results in huge memory usage,
+     - MSLCDataBlock(): fix leak of value from xmlNewCDataBlock(),
+     - ProcessStyleClassDefs(): fix memory leak upon malformed class name list,
+     - ProcessStyleClassDefs(): fix non-terminal loop and huge memory
+       allocation caused by self-referential list,
+     - SVGReference(): fix memory leak when parser node is null,
+     - MSLStartElement(): fix assertion in TranslateText() when there are no
+       attributes available.
+ 
+  -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 28 Feb 2021 23:26:56 +0100
+ 
+ graphicsmagick (1.4+really1.3.36+hg16472-1) unstable; urgency=high
+ 
+   * Mercurial snapshot, fixing the following security issues:
+     - ReadJP2Image(): validate that file header is a format we expect Jasper
+       to decode,
+     - MSLPushImage(): only clone attributes if not null,
+     - SVGStartElement(): reject impossibly small bounds and view_box width
+       or height.
+ 
+  -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 22 Feb 2021 06:54:42 +0100
+ 
+ graphicsmagick (1.4+really1.3.36+hg16469-1) unstable; urgency=medium
+ 
+   * Mercurial snapshot:
+     - MagickDoubleToLong(): Guard against LONG_MAX not directly representable
+       as a double,
+     - handle Ghostscript point versions added after 9.52 .
+   * Make libgraphicsmagick1-dev depend on pkg-config (closes: #977699).
+ 
+  -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 21 Feb 2021 08:24:57 +0100
  
  graphicsmagick (1.4+really1.3.36+hg16462-1) unstable; urgency=medium