[Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45

From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Subject: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
Date: Mon, 15 Aug 2022 21:19:14 +0200	[thread overview]
Message-ID: <20220815191914.568237-1-fontaine.fabrice@gmail.com> (raw)

- Fix CVE-2022-1114: A heap-use-after-free flaw was found in
  ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
  vulnerability is triggered when an attacker passes a specially crafted
  DICOM image file to ImageMagick for conversion, potentially leading to
  information disclosure and a denial of service.
- Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
  an outside the range of representable values of type 'unsigned char'
  at coders/psd.c, when crafted or untrusted input is processed. This
  leads to a negative impact to application availability or other
  problems related to undefined behavior.
- Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
  an outside the range of representable values of type 'unsigned long'
  at coders/pcl.c, when crafted or untrusted input is processed. This
  leads to a negative impact to application availability or other
  problems related to undefined behavior.
- Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
  address for type 'double', which requires 8 byte alignment and for
  type 'float', which requires 4 byte alignment at
  MagickCore/property.c. Whenever crafted or untrusted input is
  processed by ImageMagick, this causes a negative impact to application
  availability or other problems related to undefined behavior.
- Update hash of LICENSE (year updated with
  https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)

https://github.com/ImageMagick/Website/blob/main/ChangeLog.md

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/imagemagick/imagemagick.hash | 4 ++--
 package/imagemagick/imagemagick.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 278becd2ab..ff0f3e26c6 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,3 +1,3 @@
 # Locally computed
-sha256  385ca5bd8ce9b37e685779c46868171af949265c9db40067c1c4d7442dbc723e  imagemagick-7.1.0-19.tar.gz
-sha256  040badb77b659e751ea16113490a937e1e01f3f5d32181e966b8982413533fb2  LICENSE
+sha256  3df6ca6dff15a4e8a20b4593c60285a59e38890440494d91a344e5c0e2bb3eec  imagemagick-7.1.0-45.tar.gz
+sha256  8cceeb67d4e783cb63075c7311fdb990fa0369ee80fbd0f481064cd02386ca2d  LICENSE
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index 64a530c6d2..893606ff01 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-IMAGEMAGICK_VERSION = 7.1.0-19
+IMAGEMAGICK_VERSION = 7.1.0-45
 IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
 IMAGEMAGICK_LICENSE = Apache-2.0
 IMAGEMAGICK_LICENSE_FILES = LICENSE
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
