[ubuntu/lunar-proposed] imagemagick 8:6.9.11.60+dfsg-1.5 (Accepted)
Jeremy Bícha
jeremy.bicha at canonical.com
Sun Feb 5 11:22:24 UTC 2023
imagemagick (8:6.9.11.60+dfsg-1.5) unstable; urgency=high
* Non-maintainer upload
[ Nishit Majithia ]
* SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
remote attacker to cause a denial of service via a crafted image file
- debian/patches/CVE-2021-20241.patch: Use PerceptibleReciprocal()
to fix division by zeros in coders/jp2.c
- debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
to fix division by zeros in magick/resize.c
- debian/patches/CVE-2021-20244.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20245.patch: Avoid division by zero in
oders/webp.c
- debian/patches/CVE-2021-20246.patch: Avoid division by zero in
magick/resample.c
- debian/patches/CVE-2021-20309.patch: Avoid division by zero in
magick/fx.c
- CVE-2021-20241
- CVE-2021-20243
- CVE-2021-20244
- CVE-2021-20245
- CVE-2021-20246
- CVE-2021-20309
* SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
imagemagick allow a remote attacker to cause a denial of service or
possible leak of cryptographic information via a crafted image file
- debian/patches/CVE-2021-20312_20313.patch: Avoid integer overflow in
coders/thumbnail.c, division by zero in magick/colorspace.c and
a potential cipher leak in magick/memory.c
- CVE-2021-20312
- CVE-2021-20313
* SECURITY UPDATE: memory leaks when executing convert command
- debian/patches/CVE-2021-3574.patch: fix memory leaks
- CVE-2021-3574
* SECURITY UPDATE: Security Issue when Configuring the ImageMagick
Security Policy
- debian/patches/CVE-2021-39212.patch: Added missing policy checks in
RegisterStaticModules
- CVE-2021-39212 (Closes: #996588)
* SECURITY UPDATE: DoS while processing crafted SVG files
- debian/patches/CVE-2021-4219.patch: fix denial of service
- CVE-2021-4219
* SECURITY UPDATE: use-after-free in magick
- debian/patches/CVE-2022-1114.patch: fix use-after-free in magick at
dcm.c
- CVE-2022-1114
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-28463.patch: fix buffer overflow
- CVE-2022-28463 (Closes: #1013282)
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32545.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned char in
coders/psd.c.
- debian/patches/CVE-2022-32546.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned long in
coders/pcl.c.
- CVE-2022-32545
- CVE-2022-32546
* SECURITY UPDATE: load of misaligned address
- debian/patches/CVE-2022-32547.patch: addresses the potential for the
loading of misaligned addresses in magick/property.c.
- CVE-2022-32547 (Closes: #1016442)
imagemagick (8:6.9.11.60+dfsg-1.4) unstable; urgency=medium
* Non-maintainer upload.
[ Vagrant Cascadian ]
* debian/rules: Pass MVDelegate and RMDelegate to configure. (Closes:
#983303)
Date: 2023-02-05 10:31:01.854511+00:00
Signed-By: Jeremy Bícha <jeremy.bicha at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.11.60+dfsg-1.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the lunar-changes
mailing list