On Tue, 20 Sep 2016, László Böszörményi wrote:
Do you think 1.3.25-2 might be the used for a stable update?
Upgrade to a newer version in stable is not easy and I can remember
one, maybe two cases when it was allowed.
In this case I'm not sure it should be the path.
1.3.25 is the "fix" for security issues in previous versions. 1.3.20
is the last release in the calm before GraphicsMagick entered Coverity
testing (resulting in hundreds of changes) and the availability of
ASAN and the subsequent flood of problem files from security
researchers using fuzzers like American Fuzzy-Lop, which I fixed as
quickly as I could.
There are hundreds of known files (many publically available) which
might cause 1.3.20 to crash or consume immense resources.
Unfortunately there was a small ABI break in Magick++ (in 1.3.21) and
I did bump its library major version number and reset age.
Bob
--
Bob Friesenhahn
bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
