"Security Fixes: * GraphicsMagick is participating in Google's oss-fuzz project since February 4 2018 due to the contributions and assistance of Alex Gaynor and Paul Kehrer. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details. Security Fixes: * oss-fuzz: Several security fixes originating from oss-fuzz testing. * ALL: Replace strcpy() with strlcpy(), replace strcat() with strlcat(), replace sprintf() with snprintf(). Prefer using bounded string functions. This change is made for the purpose of increasing safety than to address any existing demonstrated concern." Please bump to 1.3.39.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=07bcc7e82426848db147d8d2fd67ef40e722ce93 commit 07bcc7e82426848db147d8d2fd67ef40e722ce93 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-27 10:07:16 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-27 10:07:16 +0000 media-gfx/graphicsmagick: add 1.3.39 Bug: https://bugs.gentoo.org/888545 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/graphicsmagick/Manifest | 2 + .../graphicsmagick/graphicsmagick-1.3.39.ebuild | 160 +++++++++++++++++++++ .../graphicsmagick/graphicsmagick-9999.ebuild | 2 +- 3 files changed, 163 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a80a21a605475095d050ea14833d354338fc9e86 commit a80a21a605475095d050ea14833d354338fc9e86 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-03-09 06:41:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-09 06:41:18 +0000 media-gfx/graphicsmagick: drop 1.3.38-r5, 1.3.39 Bug: https://bugs.gentoo.org/888545 Bug: https://bugs.gentoo.org/890851 Signed-off-by: Sam James <sam@gentoo.org> media-gfx/graphicsmagick/Manifest | 4 - .../graphicsmagick-1.3.38-configure-bashism.patch | 34 ----- .../graphicsmagick/graphicsmagick-1.3.38-r5.ebuild | 161 --------------------- .../graphicsmagick/graphicsmagick-1.3.39.ebuild | 160 -------------------- 4 files changed, 359 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f9109763ff7ea477d040422ceaa7f39f20a26058 commit f9109763ff7ea477d040422ceaa7f39f20a26058 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-05 08:23:55 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-05 08:24:31 +0000 [ GLSA 202407-15 ] GraphicsMagick: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/888545 Bug: https://bugs.gentoo.org/890851 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-15.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
