-
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.5) kinetic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow issue
- debian/patches/CVE-2021-3610.patch: eliminate heap buffer overflow
vulnerability
- debian/patches/CVE-2023-3428.patch: fix heap buffer overflow
- CVE-2021-3610
- CVE-2023-3428
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2023-1289*.patch: erecursion detection
- CVE-2023-1289
* SECURITY UPDATE: out-of-bound read issue
- debian/patches/CVE-2023-1906.patch: fix possible heap buffer overflow
- CVE-2023-1906
* SECURITY UPDATE: stack-based buffer overflow issue
- debian/patches/CVE-2023-3195.patch: fix stack overflow when parsing
malicious tiff image
- CVE-2023-3195
* SECURITY UPDATE: integer overflow vulnerability
- debian/patches/CVE-2023-34151*.patch: properly cast double to size_t
- CVE-2023-34151
-- Nishit Majithia <email address hidden> Mon, 03 Jul 2023 14:52:09 +0530
-
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.4) kinetic-security; urgency=medium
* SECURITY REGRESSION: Revert additional mitigation.
- debian/patches/CVE-2022-44267_44268-3.patch: Remove bad mitigation via
a policy file.
-- Paulo Flabiano Smorigo <email address hidden> Thu, 30 Mar 2023 14:26:36 -0300
-
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.3) kinetic-security; urgency=medium
* SECURITY UPDATE: Additional fix from previous release
- debian/patches/CVE-2022-44267_44268-1.patch: Renamed from
debian/patches/CVE-2022-44267.patch.
- debian/patches/CVE-2022-44267_44268-2.patch: Renamed from
debian/patches/CVE-2022-44268.patch.
- debian/patches/CVE-2022-44267_44268-3.patch: Additional mitigation.
- CVE-2022-44267
- CVE-2022-44268
-- Paulo Flabiano Smorigo <email address hidden> Thu, 16 Mar 2023 10:27:54 -0300
-
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.2) kinetic-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2022-44267.patch: possible DoS @ stdin (OCE-
2022-70); possible arbitrary file leak (OCE-2022-72) (LP: #2004580)
- CVE-2022-44267
* SECURITY UPDATE: Information Disclosure
- debian/patches/CVE-2022-44268.patch: move -set profile handler to CLI
- CVE-2022-44268
-- Paulo Flabiano Smorigo <email address hidden> Fri, 24 Feb 2023 11:21:38 -0300
-
imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
remote attacker to cause a denial of service via a crafted image file
- debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
to fix division by zeros in coders/jp2.c
- debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
to fix division by zeros in magick/resize.c
- debian/patches/CVE-2021-20244.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20245.patch: Avoid division by zero in
oders/webp.c
- debian/patches/CVE-2021-20246.patch: Avoid division by zero in
magick/resample.c
- debian/patches/CVE-2021-20309.patch: Avoid division by zero in
magick/fx.c
- CVE-2021-20241
- CVE-2021-20243
- CVE-2021-20244
- CVE-2021-20245
- CVE-2021-20246
- CVE-2021-20309
* SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
imagemagick allow a remote attacker to cause a denial of service or
possible leak of cryptographic information via a crafted image file
- debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
coders/thumbnail.c, division by zero in magick/colorspace.c and
a potential cipher leak in magick/memory.c
- CVE-2021-20312
- CVE-2021-20313
* SECURITY UPDATE: memory leaks when executing convert command
- debian/patches/CVE-2021-3574.patch: fix memory leaks
- CVE-2021-3574
* SECURITY UPDATE: Security Issue when Configuring the ImageMagick
Security Policy
- debian/patches/CVE-2021-39212.patch: Added missing policy checks in
RegisterStaticModules
- CVE-2021-39212
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2021-4219.patch: fix denial of service
- CVE-2021-4219
* SECURITY UPDATE: use-after-free in magick
- debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
dcm.c
- CVE-2022-1114
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-28463.patch: fix buffer overflow
- CVE-2022-28463
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32545.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned char in
coders/psd.c.
- debian/patches/CVE-2022-32546.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned long in
coders/pcl.c.
- CVE-2022-32545
- CVE-2022-32546
* SECURITY UPDATE: load of misaligned address
- debian/patches/CVE-2022-32547.patch: addresses the potential for the
loading of misaligned addresses in magick/property.c.
- CVE-2022-32547
-- Nishit Majithia <email address hidden> Tue, 22 Nov 2022 13:12:36 +0530
-
imagemagick (8:6.9.11.60+dfsg-1.3build3) kinetic; urgency=medium
* No-change rebuild against libopenexr3-1-30
-- Steve Langasek <email address hidden> Tue, 23 Aug 2022 04:02:40 +0000
-
imagemagick (8:6.9.11.60+dfsg-1.3build2) jammy; urgency=medium
* No-change rebuild for the perl update.
-- Matthias Klose <email address hidden> Sun, 06 Feb 2022 13:53:27 +0100