[ubuntu/focal-security] imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.10 (Accepted)

Paulo Flabiano Smorigo pfsmorigo at canonical.com
Thu Jul 25 20:06:32 UTC 2024 

imagemagick (8:6.9.10.23+dfsg-2.1ubuntu11.10) focal-security; urgency=medium

  * SECURITY UPDATE: Previous CVE-2023-1289 and CVE-2023-34151 fixes were
    incomplete.
    - d/p/0152-1-2-Prepare-CVE-2023-34151-improved-range-checking.patch:
      Improved range checking
    - d/p/0154-CVE-2023-34151-properly-cast-double-to-size_t.patch: properly
      cast double to size_t
    - debian/patches/0159-CVE-2023-34151.patch: improved range checking
    - debian/patches/0161-CVE-2023-34151.patch: Cast from double to integer is
      hard to correctly and was fixed by a few patches upstream.
    - debian/patches/0162-check-for-value-0-ceil-not-required.patch:
      check for value < 0, ceil() not required
    - d/p/0163-fix-undefined-behaviors-when-casting-double-to-size_.patch: fix
      undefined behaviors when casting double to size_t
    - d/p/0164-use-a-different-path-for-positive-and-negative-value.patch: use
      a different path for positive and negative values
    - d/p/0165-use-instead-to-work-around-precision-limitations-of-.patch: use
      >= instead to work around precision limitations of a double.
    - d/p/0166-CVE-2023-1289-recursion-detection-fail.patch: recursion
      detection fail
    - d/p/0167-improved-fix-for-possible-DoS-for-certain-SVG-constr.patch:
      improved fix for possible DoS for certain SVG constructs
    - debian/patches/0168-permit-compositing-MPRI-images.patch: permit
      compositing MPRI images
    - d/p/0169-VID-images-not-permitted-when-compositing.patch: VID images not
      permitted when compositing
    - d/p/0170-do-not-composite-SVG-to-avoid-possible-recursion.patch: do not
      composite SVG to avoid possible recursion
    - CVE-2023-1289
    - CVE-2023-34151
  * Other security fixes:
    - debian/patches/0155-Added-check-for-invalid-size.patch: Added check for
      invalid size.
    - debian/patches/0156-improve-BMP-error-checking.patch: improve BMP error
      checking
    - d/p/0160-incorrect-bounds-checking-for-draw-affine-https-gith.patch:
      incorrect bounds checking for draw affine
    - debian/patches/0171-recursion-detection-framework.patch: recursion
      detection framework
    - debian/patches/0172-Fixed-memory-leak.patch: Fixed memory leak.

Date: 2024-07-23 15:12:10.664286+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.23+dfsg-2.1ubuntu11.10
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list