[Bug 2004580] Re: Possible arbitrary file leak
Paulo Flabiano Smorigo
2004580 at bugs.launchpad.net
Thu Mar 30 17:58:09 UTC 2023
Thanks for the heads up!
So I removed the additional mitigation for all affected releases and
compare your patches with the ones in the package.
For focal, there were no changes, just indentations and line breaks as you can see here:
https://pastebin.ubuntu.com/p/NQZWgRbbfy/
For jammy and kinetic, there were two lines that I modified to be
exactly as yours.
The new releases are building in proposed and will be published after some testing:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages?field.name_filter=imagem&field.status_filter=published&field.series_filter=
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/2004580
Title:
Possible arbitrary file leak
Status in imagemagick package in Ubuntu:
Fix Released
Bug description:
More details can be found here:
https://www.metabaseq.com/imagemagick-zero-days/
Affected versions:
Injection via "-authenticate"
- ImageMagick 6: 6.9.8-1 up to 6.9.11-40
Explotation via MSL:
-ImageMagick 6: 6.9.11-35 up to 6.9.11-40
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/2004580/+subscriptions
More information about the foundations-bugs
mailing list