Resolves: CVE-2019-19004 : integer overflow in input-bmp.c

Resolves: CVE-2019-19005 : fix bitmap double free in main.c

autotrace.spec

@@ -1,6 +1,6 @@
 Name:           autotrace
 Version:        0.31.1
-Release:        59%{?dist}
+Release:        60%{?dist}
 Summary:        Utility for converting bitmaps to vector graphics
 License:        GPLv2+ and LGPLv2+
 URL:            http://autotrace.sourceforge.net/
@@ -13,6 +13,8 @@ Patch4:         autotrace-0.31.1-CVE-2013-1953.patch
 Patch5:         autotrace-0.31.1-multilib-fix.patch
 Patch6:         autotrace-0.31.1-pstoedit-detection-fix.patch
 Patch7:         autotrace-0.31.1-CVE-2016-7392.patch
+Patch8:         autotrace-0.31.1-CVE-2019-19004.patch
+Patch9:         autotrace-0.31.1-CVE-2019-19005.patch
 BuildRequires:  gcc-c++
 %if ! 0%{?rhel}
 BuildRequires:  ImageMagick-devel
@@ -63,6 +65,8 @@ This package contains header files and development libraries for autotrace.
 %patch5 -p1 -b .multilib-fix
 %patch6 -p1 -b .pstoedit-detection-fix
 %patch7 -p1 -b .CVE-2016-7392
+%patch8 -p1 -b .CVE-2019-19004
+%patch9 -p1 -b .CVE-2019-19005
 autoreconf -ivf
 
 %build
@@ -104,6 +108,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
 
 
 %changelog
+* Fri Apr 30 2021 Parag Nemade <pnemade AT redhat DOT com> - 0.31.1-60
+- Resolves: CVE-2019-19004 : integer overflow in input-bmp.c
+- Resolves: CVE-2019-19005 : fix bitmap double free in main.c
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.31.1-59
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild