[ubuntu/lunar-proposed] imagemagick 8:6.9.11.60+dfsg-1.3ubuntu1 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Fri Nov 25 12:17:13 UTC 2022 

imagemagick (8:6.9.11.60+dfsg-1.3ubuntu1) lunar; urgency=medium

  * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
    remote attacker to cause a denial of service via a crafted image file
    - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
      to fix division by zeros in coders/jp2.c
    - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
      to fix division by zeros in magick/resize.c
    - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
      magick/fx.c
    - debian/patches/CVE-2021-20245.patch: Avoid division by zero in
      oders/webp.c
    - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
      magick/resample.c
    - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
      magick/fx.c
    - CVE-2021-20241
    - CVE-2021-20243
    - CVE-2021-20244
    - CVE-2021-20245
    - CVE-2021-20246
    - CVE-2021-20309
  * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
    imagemagick allow a remote attacker to cause a denial of service or
    possible leak of cryptographic information via a crafted image file
    - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
      coders/thumbnail.c, division by zero in magick/colorspace.c and
      a potential cipher leak in magick/memory.c
    - CVE-2021-20312
    - CVE-2021-20313
  * SECURITY UPDATE: memory leaks when executing convert command
    - debian/patches/CVE-2021-3574.patch: fix memory leaks
    - CVE-2021-3574
  * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
    Security Policy
    - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
      RegisterStaticModules
    - CVE-2021-39212
  * SECURITY UPDATE: DoS while processing crafted SVG files
    - debian/patches/CVE-2021-4219.patch: fix denial of service
    - CVE-2021-4219
  * SECURITY UPDATE: use-after-free in magick
    - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
      dcm.c
    - CVE-2022-1114
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-28463.patch: fix buffer overflow
    - CVE-2022-28463
  * SECURITY UPDATE: out-of-range value
    - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned char in
      coders/psd.c.
    - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
      use of a value that falls outside the range of an unsigned long in
      coders/pcl.c.
    - CVE-2022-32545
    - CVE-2022-32546
  * SECURITY UPDATE: load of misaligned address
    - debian/patches/CVE-2022-32547.patch: addresses the potential for the
      loading of misaligned addresses in magick/property.c.
    - CVE-2022-32547

Date: Wed, 23 Nov 2022 11:05:26 +0530
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Alex Murray <alex.murray at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Nov 2022 11:05:26 +0530
Source: imagemagick
Built-For-Profiles: noudeb
Architecture: source
Version: 8:6.9.11.60+dfsg-1.3ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.3ubuntu1) lunar; urgency=medium
 .
   * SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
     remote attacker to cause a denial of service via a crafted image file
     - debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
       to fix division by zeros in coders/jp2.c
     - debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
       to fix division by zeros in magick/resize.c
     - debian/patches/CVE-2021-20244.patch: Avoid division by zero in
       magick/fx.c
     - debian/patches/CVE-2021-20245.patch: Avoid division by zero in
       oders/webp.c
     - debian/patches/CVE-2021-20246.patch: Avoid division by zero in
       magick/resample.c
     - debian/patches/CVE-2021-20309.patch: Avoid division by zero in
       magick/fx.c
     - CVE-2021-20241
     - CVE-2021-20243
     - CVE-2021-20244
     - CVE-2021-20245
     - CVE-2021-20246
     - CVE-2021-20309
   * SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
     imagemagick allow a remote attacker to cause a denial of service or
     possible leak of cryptographic information via a crafted image file
     - debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
       coders/thumbnail.c, division by zero in magick/colorspace.c and
       a potential cipher leak in magick/memory.c
     - CVE-2021-20312
     - CVE-2021-20313
   * SECURITY UPDATE: memory leaks when executing convert command
     - debian/patches/CVE-2021-3574.patch: fix memory leaks
     - CVE-2021-3574
   * SECURITY UPDATE: Security Issue when Configuring the ImageMagick
     Security Policy
     - debian/patches/CVE-2021-39212.patch: Added missing policy checks in
       RegisterStaticModules
     - CVE-2021-39212
   * SECURITY UPDATE: DoS while processing crafted SVG files
     - debian/patches/CVE-2021-4219.patch: fix denial of service
     - CVE-2021-4219
   * SECURITY UPDATE: use-after-free in magick
     - debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
       dcm.c
     - CVE-2022-1114
   * SECURITY UPDATE: heap-based buffer overflow
     - debian/patches/CVE-2022-28463.patch: fix buffer overflow
     - CVE-2022-28463
   * SECURITY UPDATE: out-of-range value
     - debian/patches/CVE-2022-32545.patch: addresses the possibility for the
       use of a value that falls outside the range of an unsigned char in
       coders/psd.c.
     - debian/patches/CVE-2022-32546.patch: addresses the possibility for the
       use of a value that falls outside the range of an unsigned long in
       coders/pcl.c.
     - CVE-2022-32545
     - CVE-2022-32546
   * SECURITY UPDATE: load of misaligned address
     - debian/patches/CVE-2022-32547.patch: addresses the potential for the
       loading of misaligned addresses in magick/property.c.
     - CVE-2022-32547
Checksums-Sha1:
 81027834a21823fed5978b6a385c56bf882d2a81 4873 imagemagick_6.9.11.60+dfsg-1.3ubuntu1.dsc
 9073f8141eb54c5d7bd33fe2fff8d76e506ddde4 253540 imagemagick_6.9.11.60+dfsg-1.3ubuntu1.debian.tar.xz
 007bc4b17771f0b797be2ff02e5dc65bfabe609d 17260 imagemagick_6.9.11.60+dfsg-1.3ubuntu1_source.buildinfo
Checksums-Sha256:
 fb36e7dfea236c372db4a19c72ac1f9b0325bb5d823938d2551918525bb7daaf 4873 imagemagick_6.9.11.60+dfsg-1.3ubuntu1.dsc
 0323c52e3b61811395e60239e3f649660241a85d35ae0bbe1c3463b1825a99df 253540 imagemagick_6.9.11.60+dfsg-1.3ubuntu1.debian.tar.xz
 ef23e4f8423fb9dd4bffc19f0bf412dced30d53a3199594a03b172f05a77debe 17260 imagemagick_6.9.11.60+dfsg-1.3ubuntu1_source.buildinfo
Files:
 93b1e94283505a829d28a0d4a23f4036 4873 graphics optional imagemagick_6.9.11.60+dfsg-1.3ubuntu1.dsc
 1cbf784bd2ee764f729f1f75b4325821 253540 graphics optional imagemagick_6.9.11.60+dfsg-1.3ubuntu1.debian.tar.xz
 991fd2a14dbf98a046d67a3417b5d31f 17260 graphics optional imagemagick_6.9.11.60+dfsg-1.3ubuntu1_source.buildinfo
Original-Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>

More information about the lunar-changes mailing list