[ubuntu/trusty-security] imagemagick 8:6.7.7.10-6ubuntu3.13+esm11 (Accepted)
Chrisa Oikonomou
chrisa.oikonomou at canonical.com
Tue Dec 17 07:07:28 UTC 2024
imagemagick (8:6.7.7.10-6ubuntu3.13+esm11) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2020-19667,
CVE-2020-25664, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674,
CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27753,
CVE-2020-27754, CVE-2020-27755, CVE-2020-27759, CVE-2020-27760,
CVE-2020-27761, CVE-2020-27762, CVE-2020-27763, CVE-2020-27764,
CVE-2020-27765, CVE-2020-27766, CVE-2020-27767, CVE-2020-27768,
CVE-2020-27769, CVE-2020-27770, CVE-2020-27771, CVE-2020-27772,
CVE-2020-27775
- CVE-2020-27774 has the same fixes as CVE-2020-27766
- CVE-2020-27776 has the same fixes as CVE-2020-27764
imagemagick (8:6.7.7.10-6ubuntu3.13+esm10) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300,
CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13307,
CVE-2019-13309, CVE-2019-13311, CVE-2019-13454, CVE-2019-15139,
CVE-2019-15140, CVE-2019-16708, CVE-2019-16710, CVE-2019-16711,
CVE-2019-16713, CVE-2019-19948, CVE-2019-19949, CVE-2019-7175
- CVE-2019-13306 has the same fixes as CVE-2019-13305
- CVE-2019-13310 has the same fixes as CVE-2019-13309
- CVE-2019-15141 has the same fixes as CVE-2019-11597
- CVE-2019-16709 has the same fixes as CVE-2019-16708
- CVE-2019-16712 has the same fixes as CVE-2019-11597
imagemagick (8:6.7.7.10-6ubuntu3.13+esm9) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472,
CVE-2019-11598, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976,
CVE-2019-12978, CVE-2019-12979, CVE-2019-11597
imagemagick (8:6.7.7.10-6ubuntu3.13+esm8) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-*.patch: backport multiple upstream commits.
- CVE-2017-12805, CVE-2017-12806, CVE-2017-13144, CVE-2018-16412,
CVE-2018-16413, CVE-2018-17966, CVE-2018-18016, CVE-2018-18024,
CVE-2018-18025, CVE-2018-20467
imagemagick (8:6.7.7.10-6ubuntu3.13+esm7) trusty-security; urgency=medium
* SECURITY UPDATE: Use After Free
- debian/patches/Added-check-for-invalid-size-4522.patch: Added
check for invalid size (#4522).
- debian/patches/CVE-2023-5341.patch: Check for BMP file size.
- CVE-2023-5341
imagemagick (8:6.7.7.10-6ubuntu3.13+esm6) trusty-security; urgency=medium
* SECURITY UPDATE: memory leak
- debian/patches/CVE-2022-48541.patch: adds missing calls to destroy
methods.
- CVE-2022-48541
imagemagick (8:6.7.7.10-6ubuntu3.13+esm5) trusty-security; urgency=medium
* SECURITY UPDATE: DoS and information disclosure via PNG parsing
(LP: #2004580)
- debian/patches/CVE-2022-4426x.patch: properly handle certain keys in
coders/png.c.
- CVE-2022-44267
- CVE-2022-44268
imagemagick (8:6.7.7.10-6ubuntu3.13+esm4) trusty-security; urgency=medium
* No change rebuild for jbigkit security update.
imagemagick (8:6.7.7.10-6ubuntu3.13+esm3) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in ExportIndexQuantum()
- debian/patches/CVE-2021-20224.patch: outside the range of representable
values of type 'unsigned char'
- CVE-2021-20224
* SECURITY UPDATE: Division by zero in magick/resize.c
- debian/patches/CVE-2021-20243.patch: Use PerceptibleReciprocal()
to fix division by zeros in magick/resize.c
- CVE-2021-20243
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32545.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned char in
coders/psd.c.
- CVE-2022-32545
* SECURITY UPDATE: out-of-range value
- debian/patches/CVE-2022-32546.patch: addresses the possibility for the
use of a value that falls outside the range of an unsigned long in
coders/pcl.c.
- CVE-2022-32546
* SECURITY UPDATE: load of misaligned address
- debian/patches/CVE-2022-32547.patch: addresses the potential for the
loading of misaligned addresses in magick/property.c.
- CVE-2022-32547
imagemagick (8:6.7.7.10-6ubuntu3.13+esm2) trusty-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-28463.patch: fix buffer overflow
- CVE-2022-28463
imagemagick (8:6.7.7.10-6ubuntu3.13+esm1) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple divide by zero issues in imagemagick allow a
remote attacker to cause a denial of service via a crafted image file
- debian/patches/CVE-2021-20244-pre1.patch: backport update to
magick/pixel-private.h required for division by zero remediation
- debian/patches/CVE-2021-20244-pre2.patch: backport update to
MagickEpsilonReciprocal() function in magick/pixel-private.h
- debian/patches/CVE-2021-20244-pre3.patch: backport update to
rename MagickEpsilonReciprocal() to PerceptibleReciprocal() in
magick/pixel-private.h
- debian/patches/CVE-2021-20244.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20309.patch: Avoid division by zero in
magick/fx.c
- debian/patches/CVE-2021-20246.patch: Avoid division by zero in
magick/resample.c
- CVE-2021-20244, CVE-2021-20309, CVE-2021-20246
* SECURITY UPDATE: Integer overflow, divide by zero and memory leak in
imagemagick allow a remote attacker to cause a denial of service or
possible leak of cryptographic information via a crafted image file
- debian/patches/CVE-2021-20312.patch: Avoid integer overflow in
coders/thumbnail.c, division by zero in magick/colorspace.c and
a potential cipher leak in magick/memory.c
- CVE-2021-20312, CVE-2021-20313
Date: 2024-10-14 10:37:12.090582+00:00
Changed-By: Chrisa Oikonomou <chrisa.oikonomou at canonical.com>
https://launchpad.net/ubuntu/+source/imagemagick/8:6.7.7.10-6ubuntu3.13+esm11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list