Univention Bugzilla – Bug 47990
imagemagick: Multiple issues (4.3)
Last modified: 2018-10-17 14:57:23 CEST
New Debian imagemagick 8:6.9.7.4+dfsg-11+deb9u6 fixes: This update addresses the following issues: * heap-based buffer over-read in the ParseImageResourceBlocks function in coders/psd.c (CVE-2018-16412) * heap-based buffer over-read in the PushShortPixel function in MagickCore/quantum-private.h (CVE-2018-16413) * out-of-bounds write in InsertRow function in coders/cut.c (CVE-2018-16642) * improper check for length in ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c (CVE-2018-16644) * Out-of-memory ReadBMPImage of coders/bmp.c and ReadDIBImage of codes/dib.c (CVE-2018-16645)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/imagemagick_6.9.7.4+dfsg-11+deb9u5.dsc +++ apt/ucs_4.3-0-errata4.3-2/source/imagemagick_6.9.7.4+dfsg-11+deb9u6.dsc @@ -1,3 +1,11 @@ +8:6.9.7.4+dfsg-11+deb9u6 [Thu, 11 Oct 2018 00:09:33 +0200] Moritz Mühlenhoff <jmm@debian.org>: + + * CVE-2018-16412 + * CVE-2018-16413 + * CVE-2018-16642 + * CVE-2018-16644 + * CVE-2018-16645 + 8:6.9.7.4+dfsg-11+deb9u5 [Fri, 13 Jul 2018 00:04:11 +0200] Moritz Mühlenhoff <jmm@debian.org>: * 0113-CVE-2018-12599 (Closes: #902727) <http://10.200.17.11/4.3-2/#2927392920418456821>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-2] b6b4fb44f8 Bug #47990: imagemagick 8:6.9.7.4+dfsg-11+deb9u6 doc/errata/staging/imagemagick.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<http://errata.software-univention.de/ucs/4.3/277.html>