From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Subject: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
Date: Mon, 15 Aug 2022 21:19:14 +0200 [thread overview]
Message-ID: <20220815191914.568237-1-fontaine.fabrice@gmail.com> (raw)
- Fix CVE-2022-1114: A heap-use-after-free flaw was found in
ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
vulnerability is triggered when an attacker passes a specially crafted
DICOM image file to ImageMagick for conversion, potentially leading to
information disclosure and a denial of service.
- Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned char'
at coders/psd.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned long'
at coders/pcl.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
address for type 'double', which requires 8 byte alignment and for
type 'float', which requires 4 byte alignment at
MagickCore/property.c. Whenever crafted or untrusted input is
processed by ImageMagick, this causes a negative impact to application
availability or other problems related to undefined behavior.
- Update hash of LICENSE (year updated with
https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/imagemagick/imagemagick.hash | 4 ++--
package/imagemagick/imagemagick.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 278becd2ab..ff0f3e26c6 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 385ca5bd8ce9b37e685779c46868171af949265c9db40067c1c4d7442dbc723e imagemagick-7.1.0-19.tar.gz
-sha256 040badb77b659e751ea16113490a937e1e01f3f5d32181e966b8982413533fb2 LICENSE
+sha256 3df6ca6dff15a4e8a20b4593c60285a59e38890440494d91a344e5c0e2bb3eec imagemagick-7.1.0-45.tar.gz
+sha256 8cceeb67d4e783cb63075c7311fdb990fa0369ee80fbd0f481064cd02386ca2d LICENSE
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index 64a530c6d2..893606ff01 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IMAGEMAGICK_VERSION = 7.1.0-19
+IMAGEMAGICK_VERSION = 7.1.0-45
IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next reply other threads:[~2022-08-15 19:19 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 19:19 Fabrice Fontaine [this message]
2022-08-15 19:36 ` [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45 Yann E. MORIN
2022-09-16 21:53 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220815191914.568237-1-fontaine.fabrice@gmail.com \
--to=fontaine.fabrice@gmail.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.