Publishing details

Changelog

imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high

  * Non-maintainer upload

  [ Nishit Majithia ]
  * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
    remote attacker to cause a denial of service via a crafted image file
    - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
      to fix division by zeros in coders/jp2.c
    - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
      to fix division by zeros in magick/resize.c
    - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
      magick/fx.c
    - debian/patches/CVE-2021-20245.patch: Avoid division by zero in
      oders/webp.c
    - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
      magick/resample.c
    - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
      magick/fx.c
    - CVE-2021-20241
    - CVE-2021-20243
    - CVE-2021-20244
    - CVE-2021-20245
    - CVE-2021-20246
    - CVE-2021-20309
  * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
    imagemagick allow a remote attacker to cause a denial of service or
    possible leak of cryptographic information via a crafted image file
    - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
      coders/thumbnail.c, division by zero in magick/colorspace.c and
      a potential cipher leak in magick/memory.c
    - CVE-2021-20312
    - CVE-2021-20313
  * SECURITY UPDATE: memory leaks when executing convert command
    - debian/patches/CVE-2021-3574.patch: fix memory leaks
    - CVE-2021-3574
  * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
    Security Policy
    - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
      RegisterStaticModules
    - CVE-2021-39212 (Closes: #996588)
  * SECURITY UPDATE: DoS while processing crafted SVG files
    - debian/patches/CVE-2021-4219.patch: fix denial of service
    - CVE-2021-4219
  * SECURITY UPDATE: use-after-free in magick
    - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
      dcm.c
    - CVE-2022-1114
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-28463.patch: fix buffer overflow
    - CVE-2022-28463 (Closes: #1013282)
  * SECURITY UPDATE: out-of-range value
    - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned char in
      coders/psd.c.
    - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned long in
      coders/pcl.c.
    - CVE-2022-32545
    - CVE-2022-32546
  * SECURITY UPDATE: load of misaligned address
    - debian/patches/CVE-2022-32547.patch: addresses the potential for the
      loading of misaligned addresses in magick/property.c.
    - CVE-2022-32547 (Closes: #1016442)

 -- Jeremy Bicha <email address hidden>  Sat, 04 Feb 2023 21:50:44 -0500

Available diffs

Builds

Package files