Univention Bugzilla – Bug 51616
imagemagick: Multiple issues (4.4)
Last modified: 2020-07-08 15:09:09 CEST
New Debian imagemagick 8:6.9.7.4+dfsg-11+deb9u8 fixes: This update addresses the following issues: * heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling columns (CVE-2019-13300) * stack-based buffer overflow at coders/pnm.c in WritePNMImage because of a misplaced assignment (CVE-2019-13304) * stack-based buffer overflow at coders/pnm.c in WritePNMImage because of off-by-one errors (CVE-2019-13306) * heap-based buffer overflow at MagickCore/statistic.c in EvaluateImages because of mishandling rows (CVE-2019-13307) * Use after free in ReadMATImage in coders/mat.c (CVE-2019-15140) * heap-based buffer overflow in WriteSGIImage in coders/sgi.c (CVE-2019-19948)
--- mirror/ftp/4.3/unmaintained/4.3-5/source/imagemagick_6.9.7.4+dfsg-11+deb9u7.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/imagemagick_6.9.7.4+dfsg-11+deb9u8.dsc @@ -1,3 +1,13 @@ +8:6.9.7.4+dfsg-11+deb9u8 [Wed, 01 Jul 2020 23:11:31 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2019-13300 (Closes: #931454) + * CVE-2019-13304 (Closes: #931453) + * CVE_2019-13305 (Closes: #931452) + * CVE-2019-13306 (Closes: #931449) + * CVE-2019-13307 (Closes: #931448) + * CVE-2019-15140 (Closes: #941671) + * CVE-2019-19948 (Closes: #947308) + 8:6.9.7.4+dfsg-11+deb9u7 [Thu, 25 Apr 2019 21:05:09 +0200] Moritz Mühlenhoff <jmm@debian.org>: * CVE-2019-10650 (Closes: #926091) <http://10.200.17.11/4.4-4/#2927392920429282071>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-4] a0f8e9cf5d Bug #51616: imagemagick 8:6.9.7.4+dfsg-11+deb9u8 doc/errata/staging/imagemagick.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<http://errata.software-univention.de/ucs/4.4/650.html>