Univention Bugzilla – Bug 53396
imagemagick: Multiple issues (4.4)
Last modified: 2021-06-09 18:27:44 CEST
New Debian imagemagick 8:6.9.7.4+dfsg-11+deb9u13 fixes: This update addresses the following issues: * integer overflow in MagickCore/quantum-export.c (CVE-2020-27751) * Division by zero in GetResizeFilterWeight in MagickCore/resize.c (CVE-2021-20243) * Division by zero in WriteAnimatedWEBPImage() in coders/webp.c (CVE-2021-20245) * Division by zero in WaveImage() of MagickCore/visual-effects.c (CVE-2021-20309) * Integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c (CVE-2021-20312) * Cipher leak when the calculating signatures in TransformSignatureof MagickCore/signature.c (CVE-2021-20313)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/imagemagick_6.9.7.4+dfsg-11+deb9u12.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/imagemagick_6.9.7.4+dfsg-11+deb9u13.dsc @@ -1,3 +1,15 @@ +8:6.9.7.4+dfsg-11+deb9u13 [Wed, 02 Jun 2021 20:29:11 +0200] Anton Gladky <gladk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2021-20312, CVE-2021-20313, CVE-2021-20309, CVE-2021-20245, + CVE-2021-20243, CVE-2020-27751. + * Multiple security and other vulnerabilities were fixed in Imagemagick: + - possible division by zero + - integer overflows + - undefined behavior + - values outsied of ranges + - . + 8:6.9.7.4+dfsg-11+deb9u12 [Tue, 23 Mar 2021 20:06:24 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/4.4-8/#2881453931039198316>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 057c8d4b02 Bug #53396: imagemagick 8:6.9.7.4+dfsg-11+deb9u13 doc/errata/staging/imagemagick.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-8] 85f5fc7e52 Bug #53396: imagemagick 8:6.9.7.4+dfsg-11+deb9u13 doc/errata/staging/imagemagick.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x989>