Univention Bugzilla – Bug 56081
imagemagick: Multiple issues (5.0)
Last modified: 2023-05-24 15:43:43 CEST
New Debian imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5 fixes: This update addresses the following issues: 8:6.9.10.23+dfsg-2.1+deb10u5 (Sun, 21 May 2023 18:57:13 +0000) * Fix CVE-2021-20176: divide by zero in gem.c file. * Fix CVE-2021-20241: divide by zero in jp2 coder. * Fix CVE-2021-20243: divide by zero in dcm coder. * Fix CVE-2021-20244: divide by zero in fx.c. * Fix CVE-2021-20245: divide by zero in webp coder.git * Fix CVE-2021-20246: divide by zero in resample.c * Fix CVE-2021-20309: divide by zero in WaveImage.c * Fix CVE-2021-20312: integer overflow in WriteTHUMBNAILImage() of coders/thumbnail.c * Fix CVE-2021-20313: potential cipher leak when the calculate signatures in TransformSignature(). * Fix CVE-2021-39212: Policy bypass for postscript files * Fix CVE-2022-28463: Buffer overflow in cin coder. * Fix CVE-2022-32545: Fix undefined behavior due to an outside the range of representable values of type 'unsigned char' conversion in psd file handling. * Fix CVE-2022-32546: Fix undefined behavior due to an outside the range of representable values of type 'long' conversion in pcl file handling. * Fix CVE-2022-32547: unaligned access in property.c
--- mirror/ftp/pool/main/i/imagemagick/imagemagick_6.9.10.23+dfsg-2.1+deb10u4.dsc +++ apt/ucs_5.0-0-errata5.0-3/source/imagemagick_6.9.10.23+dfsg-2.1+deb10u5.dsc @@ -1,3 +1,28 @@ +8:6.9.10.23+dfsg-2.1+deb10u5 [Sun, 21 May 2023 18:57:13 +0000] Bastien Roucariès <rouca@debian.org>: + + * Fix CVE-2021-20176: divide by zero in gem.c file. + * Fix CVE-2021-20241: divide by zero in jp2 coder. (Closes: #1013282) + * Fix CVE-2021-20243: divide by zero in dcm coder. + * Fix CVE-2021-20244: divide by zero in fx.c. + * Fix CVE-2021-20245: divide by zero in webp coder.git + * Fix CVE-2021-20246: divide by zero in resample.c + * Fix CVE-2021-20309: divide by zero in WaveImage.c + * Fix CVE-2021-20312: integer overflow in WriteTHUMBNAILImage() + of coders/thumbnail.c + * Fix CVE-2021-20313: potential cipher leak when the calculate + signatures in TransformSignature(). + * Fix CVE-2021-39212: Policy bypass for postscript files + (Closes: #996588) + * Fix CVE-2022-28463: Buffer overflow in cin coder. + * Fix CVE-2022-32545: Fix undefined behavior due to + an outside the range of representable values of + type 'unsigned char' conversion in psd file handling. + (Closes: #1016442) + * Fix CVE-2022-32546: Fix undefined behavior due to + an outside the range of representable values of + type 'long' conversion in pcl file handling. + * Fix CVE-2022-32547: unaligned access in property.c + 8:6.9.10.23+dfsg-2.1+deb10u4 [Sat, 18 Mar 2023 11:58:46 +0000] Bastien Roucariès <rouca@debian.org>: * Fix FTBFS due to CVE-2020-27767 <http://piuparts.knut.univention.de/5.0-3/#2341571916652000826>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-3] 741f3dde1e Bug #56081: imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5 doc/errata/staging/imagemagick.yaml | 38 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 20 deletions(-) [5.0-3] e45c185c55 Bug #56081: imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5 doc/errata/staging/imagemagick.yaml | 45 +++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x670>