diff -Nru imagemagick-6.9.10.23+dfsg/debian/changelog imagemagick-6.9.10.23+dfsg/debian/changelog --- imagemagick-6.9.10.23+dfsg/debian/changelog 2023-03-15 18:22:06.000000000 +0000 +++ imagemagick-6.9.10.23+dfsg/debian/changelog 2023-03-30 14:21:43.000000000 +0000 @@ -1,3 +1,13 @@ +imagemagick (8:6.9.10.23+dfsg-2.1ubuntu11.7) focal-security; urgency=medium + + * SECURITY REGRESSION: Revert additional mitigation. + - debian/patches/CVE-2022-44267_44268-2.patch: Remove bad mitigation via + a policy file. + - debian/patches/CVE-2022-44267_44268.patch: Renamed from + debian/patches/CVE-2022-44267_44268-1.patch. + + -- Paulo Flabiano Smorigo Thu, 30 Mar 2023 11:21:43 -0300 + imagemagick (8:6.9.10.23+dfsg-2.1ubuntu11.6) focal-security; urgency=medium * SECURITY UPDATE: Additional fix from previous release diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268_1.patch imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268_1.patch --- imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268_1.patch 2023-03-15 18:22:06.000000000 +0000 +++ imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268_1.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ -From d77c01e560e973177feed4915ffd7dd1a45fd763 Mon Sep 17 00:00:00 2001 -From: Cristy -Date: Fri, 3 Feb 2023 09:33:01 -0500 -Subject: [PATCH] move `-set profile` handler to CLI - ---- - magick/property.c | 23 ----------------------- - wand/mogrify.c | 18 +++++++++++++++++- - 2 files changed, 17 insertions(+), 24 deletions(-) - ---- imagemagick-6.9.10.23+dfsg.orig/wand/mogrify.c -+++ imagemagick-6.9.10.23+dfsg/wand/mogrify.c -@@ -2835,7 +2835,20 @@ WandExport MagickBooleanType MogrifyImag - (void) SetImageArtifact(*image,argv[i+1]+7,value); - } - else -- (void) SetImageProperty(*image,argv[i+1],value); -+ if (LocaleCompare(argv[i+1],"profile") == 0) -+ { -+ StringInfo -+ *profile = (StringInfo *) NULL; -+ -+ (void) CopyMagickString(image_info->filename,value,MaxTextExtent); -+ (void) SetImageInfo(image_info,1,exception); -+ if (LocaleCompare(image_info->filename,"-") != 0) -+ profile=FileToStringInfo(image_info->filename,~0UL,exception); -+ if (profile != (StringInfo *) NULL) -+ status=SetImageProfile(image,image_info->magick,profile); -+ } -+ else -+ (void) SetImageProperty(*image,argv[i+1],value); - value=DestroyString(value); - break; - } ---- imagemagick-6.9.10.23+dfsg.orig/magick/property.c -+++ imagemagick-6.9.10.23+dfsg/magick/property.c -@@ -4358,23 +4358,6 @@ MagickExport MagickBooleanType SetImageP - geometry=DestroyString(geometry); - break; - } -- if (LocaleCompare("profile",property) == 0) -- { -- ImageInfo -- *image_info; -- -- StringInfo -- *profile; -- -- image_info=AcquireImageInfo(); -- (void) CopyMagickString(image_info->filename,value,MaxTextExtent); -- (void) SetImageInfo(image_info,1,exception); -- profile=FileToStringInfo(image_info->filename,~0UL,exception); -- if (profile != (StringInfo *) NULL) -- status=SetImageProfile(image,image_info->magick,profile); -- image_info=DestroyImageInfo(image_info); -- break; -- } - status=AddValueToSplayTree((SplayTreeInfo *) image->properties, - ConstantString(property),ConstantString(value)); - break; diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268-2.patch imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268-2.patch --- imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268-2.patch 2023-03-15 18:19:38.000000000 +0000 +++ imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268-2.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -From: =?utf-8?q?Bastien_Roucari=C3=A8s?= -Date: Sat, 11 Mar 2023 12:20:41 +0000 -Subject: Mitigate CVE-2022-44267 and CVE-2022-44268 - -Do not allow to read file from /etc -Forbid something like convert logo: -set profile /etc/passwd logo.png - -origin: https://github.com/ImageMagick/ImageMagick/discussions/6027#discussioncomment-4867147 -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2022-44267 -bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2022-44268 -bug: https://bugs.debian.org/1030767 ---- - config/policy.xml | 2 ++ - 1 file changed, 2 insertions(+) - ---- imagemagick-6.9.10.23+dfsg.orig/config/policy.xml -+++ imagemagick-6.9.10.23+dfsg/config/policy.xml -@@ -86,6 +86,8 @@ - - - -+ -+ - - - diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268.patch imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268.patch --- imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.10.23+dfsg/debian/patches/CVE-2022-44267_44268.patch 2023-03-30 14:21:16.000000000 +0000 @@ -0,0 +1,60 @@ +From d77c01e560e973177feed4915ffd7dd1a45fd763 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Fri, 3 Feb 2023 09:33:01 -0500 +Subject: [PATCH] move `-set profile` handler to CLI + +--- + magick/property.c | 23 ----------------------- + wand/mogrify.c | 18 +++++++++++++++++- + 2 files changed, 17 insertions(+), 24 deletions(-) + +--- imagemagick-6.9.10.23+dfsg.orig/wand/mogrify.c ++++ imagemagick-6.9.10.23+dfsg/wand/mogrify.c +@@ -2835,7 +2835,20 @@ WandExport MagickBooleanType MogrifyImag + (void) SetImageArtifact(*image,argv[i+1]+7,value); + } + else +- (void) SetImageProperty(*image,argv[i+1],value); ++ if (LocaleCompare(argv[i+1],"profile") == 0) ++ { ++ StringInfo ++ *profile = (StringInfo *) NULL; ++ ++ (void) CopyMagickString(image_info->filename,value,MaxTextExtent); ++ (void) SetImageInfo(image_info,1,exception); ++ if (LocaleCompare(image_info->filename,"-") != 0) ++ profile=FileToStringInfo(image_info->filename,~0UL,exception); ++ if (profile != (StringInfo *) NULL) ++ status=SetImageProfile(image,image_info->magick,profile); ++ } ++ else ++ (void) SetImageProperty(*image,argv[i+1],value); + value=DestroyString(value); + break; + } +--- imagemagick-6.9.10.23+dfsg.orig/magick/property.c ++++ imagemagick-6.9.10.23+dfsg/magick/property.c +@@ -4358,23 +4358,6 @@ MagickExport MagickBooleanType SetImageP + geometry=DestroyString(geometry); + break; + } +- if (LocaleCompare("profile",property) == 0) +- { +- ImageInfo +- *image_info; +- +- StringInfo +- *profile; +- +- image_info=AcquireImageInfo(); +- (void) CopyMagickString(image_info->filename,value,MaxTextExtent); +- (void) SetImageInfo(image_info,1,exception); +- profile=FileToStringInfo(image_info->filename,~0UL,exception); +- if (profile != (StringInfo *) NULL) +- status=SetImageProfile(image,image_info->magick,profile); +- image_info=DestroyImageInfo(image_info); +- break; +- } + status=AddValueToSplayTree((SplayTreeInfo *) image->properties, + ConstantString(property),ConstantString(value)); + break; diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/series imagemagick-6.9.10.23+dfsg/debian/patches/series --- imagemagick-6.9.10.23+dfsg/debian/patches/series 2023-03-15 18:21:50.000000000 +0000 +++ imagemagick-6.9.10.23+dfsg/debian/patches/series 2023-03-30 14:21:43.000000000 +0000 @@ -106,5 +106,4 @@ CVE-2020-27773.patch CVE-2020-27775.patch CVE-2021-20176.patch -CVE-2022-44267_44268_1.patch -CVE-2022-44267_44268-2.patch +CVE-2022-44267_44268.patch