[ubuntu/jammy-security] imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5 (Accepted)

Paulo Flabiano Smorigo pfsmorigo at canonical.com
Thu Jul 25 20:06:30 UTC 2024 

imagemagick (8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS while processing crafted SVG files
    - debian/patches/CVE-2023-1289-prepatch.patch: recursion detection
      framework.
    - debian/patches/CVE-2023-1289.patch: erecursion detection
    - d/p/0077-CVE-2023-1289-recursion-detection-fail.patch: recursion detection
      fail
    - d/p/0078-improved-fix-for-possible-DoS-for-certain-SVG-constr.patch:
      improved fix for possible DoS for certain SVG constructs
    - debian/patches/0079-permit-compositing-MPRI-images.patch: permit
      compositing MPRI images.
    - d/p/0080-VID-images-not-permitted-when-compositing.patch: VID images not
      permitted when compositing.
    - d/p/0081-do-not-composite-SVG-to-avoid-possible-recursion.patch: do not
      composite SVG to avoid possible recursion.
    - CVE-2023-1289
  * SECURITY UPDATE: integer overflow vulnerability
    - debian/patches/CVE-2023-34151*.patch: properly cast double to size_t
    - debian/patches/CVE-2023-34151-prepatch.patch: improved range checking.
    - debian/patches/CVE-2023-34151-prepatch-2.patch: add additional checks for
      casting double to size_t
    - debian/patches/CVE-2023-34151.patch: properly cast double to size_t.
    - d/p/0069-CVE-2023-34151-properly-cast-double-to-size_t.patch: properly
      cast double to size_t
    - debian/patches/0070-CVE-2023-34151.patch: magick produces incorrect
      result possibly due to overflow.
    - debian/patches/0072-CVE-2023-34151.patch: improved range checking
    - debian/patches/0073-check-for-value-0-ceil-not-required.patch: check for
      value < 0, ceil() not required
    - d/p/0074-fix-undefined-behaviors-when-casting-double-to-size_.patch: fix
      undefined behaviors when casting double to size_t
    - d/p/0075-use-a-different-path-for-positive-and-negative-value.patch: use
      a different path for positive and negative values
    - d/p/0076-use-instead-to-work-around-precision-limitations-of-.patch: use
      >= instead to work around precision limitations of a double.
    - CVE-2023-34151
  * Other security fixes:
    - debian/patches/0063-Added-check-for-invalid-size.patch: Added check for
      invalid size.
    - debian/patches/0064-improve-BMP-error-checking.patch: improve BMP
      error checking.
    - d/p/0071-incorrect-bounds-checking-for-draw-affine-https-gith.patch:
      incorrect bounds checking for draw affine
    - debian/patches/0082-recursion-detection-framework.patch: recursion
      detection framework.
    - debian/patches/0083-Fixed-memory-leak.patch: Fixed memory leak.

Date: 2024-07-23 22:23:10.495990+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list