[Bug 2004580] Re: Possible arbitrary file leak
Paulo Flabiano Smorigo
2004580 at bugs.launchpad.net
Wed Mar 1 19:44:45 UTC 2023
Hello David Zuelke (dzuelke), I saw your updates in the LP only today
after I published the new release. I think I backported all required
fixes for both CVE-2022-44267 and CVE-2022-44268. Can you check if
everything was fixed correctly? I'm ok to add new fixes if necessary.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/2004580
Title:
Possible arbitrary file leak
Status in imagemagick package in Ubuntu:
Fix Released
Bug description:
More details can be found here:
https://www.metabaseq.com/imagemagick-zero-days/
Affected versions:
Injection via "-authenticate"
- ImageMagick 6: 6.9.8-1 up to 6.9.11-40
Explotation via MSL:
-ImageMagick 6: 6.9.11-35 up to 6.9.11-40
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2004580/+subscriptions
More information about the foundations-bugs
mailing list