* [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
@ 2022-08-15 19:19 Fabrice Fontaine
2022-08-15 19:36 ` Yann E. MORIN
2022-09-16 21:53 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-08-15 19:19 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
- Fix CVE-2022-1114: A heap-use-after-free flaw was found in
ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
vulnerability is triggered when an attacker passes a specially crafted
DICOM image file to ImageMagick for conversion, potentially leading to
information disclosure and a denial of service.
- Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned char'
at coders/psd.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
an outside the range of representable values of type 'unsigned long'
at coders/pcl.c, when crafted or untrusted input is processed. This
leads to a negative impact to application availability or other
problems related to undefined behavior.
- Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
address for type 'double', which requires 8 byte alignment and for
type 'float', which requires 4 byte alignment at
MagickCore/property.c. Whenever crafted or untrusted input is
processed by ImageMagick, this causes a negative impact to application
availability or other problems related to undefined behavior.
- Update hash of LICENSE (year updated with
https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/imagemagick/imagemagick.hash | 4 ++--
package/imagemagick/imagemagick.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
index 278becd2ab..ff0f3e26c6 100644
--- a/package/imagemagick/imagemagick.hash
+++ b/package/imagemagick/imagemagick.hash
@@ -1,3 +1,3 @@
# Locally computed
-sha256 385ca5bd8ce9b37e685779c46868171af949265c9db40067c1c4d7442dbc723e imagemagick-7.1.0-19.tar.gz
-sha256 040badb77b659e751ea16113490a937e1e01f3f5d32181e966b8982413533fb2 LICENSE
+sha256 3df6ca6dff15a4e8a20b4593c60285a59e38890440494d91a344e5c0e2bb3eec imagemagick-7.1.0-45.tar.gz
+sha256 8cceeb67d4e783cb63075c7311fdb990fa0369ee80fbd0f481064cd02386ca2d LICENSE
diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
index 64a530c6d2..893606ff01 100644
--- a/package/imagemagick/imagemagick.mk
+++ b/package/imagemagick/imagemagick.mk
@@ -4,7 +4,7 @@
#
################################################################################
-IMAGEMAGICK_VERSION = 7.1.0-19
+IMAGEMAGICK_VERSION = 7.1.0-45
IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
IMAGEMAGICK_LICENSE = Apache-2.0
IMAGEMAGICK_LICENSE_FILES = LICENSE
--
2.35.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
2022-08-15 19:19 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45 Fabrice Fontaine
@ 2022-08-15 19:36 ` Yann E. MORIN
2022-09-16 21:53 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Yann E. MORIN @ 2022-08-15 19:36 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
Fabrice, All,
On 2022-08-15 21:19 +0200, Fabrice Fontaine spake thusly:
> - Fix CVE-2022-1114: A heap-use-after-free flaw was found in
> ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
> vulnerability is triggered when an attacker passes a specially crafted
> DICOM image file to ImageMagick for conversion, potentially leading to
> information disclosure and a denial of service.
> - Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned char'
> at coders/psd.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned long'
> at coders/pcl.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
> address for type 'double', which requires 8 byte alignment and for
> type 'float', which requires 4 byte alignment at
> MagickCore/property.c. Whenever crafted or untrusted input is
> processed by ImageMagick, this causes a negative impact to application
> availability or other problems related to undefined behavior.
> - Update hash of LICENSE (year updated with
> https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
>
> https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/imagemagick/imagemagick.hash | 4 ++--
> package/imagemagick/imagemagick.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
> index 278becd2ab..ff0f3e26c6 100644
> --- a/package/imagemagick/imagemagick.hash
> +++ b/package/imagemagick/imagemagick.hash
> @@ -1,3 +1,3 @@
> # Locally computed
> -sha256 385ca5bd8ce9b37e685779c46868171af949265c9db40067c1c4d7442dbc723e imagemagick-7.1.0-19.tar.gz
> -sha256 040badb77b659e751ea16113490a937e1e01f3f5d32181e966b8982413533fb2 LICENSE
> +sha256 3df6ca6dff15a4e8a20b4593c60285a59e38890440494d91a344e5c0e2bb3eec imagemagick-7.1.0-45.tar.gz
> +sha256 8cceeb67d4e783cb63075c7311fdb990fa0369ee80fbd0f481064cd02386ca2d LICENSE
> diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
> index 64a530c6d2..893606ff01 100644
> --- a/package/imagemagick/imagemagick.mk
> +++ b/package/imagemagick/imagemagick.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -IMAGEMAGICK_VERSION = 7.1.0-19
> +IMAGEMAGICK_VERSION = 7.1.0-45
> IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
> IMAGEMAGICK_LICENSE = Apache-2.0
> IMAGEMAGICK_LICENSE_FILES = LICENSE
> --
> 2.35.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
2022-08-15 19:19 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45 Fabrice Fontaine
2022-08-15 19:36 ` Yann E. MORIN
@ 2022-09-16 21:53 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-09-16 21:53 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - Fix CVE-2022-1114: A heap-use-after-free flaw was found in
> ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
> vulnerability is triggered when an attacker passes a specially crafted
> DICOM image file to ImageMagick for conversion, potentially leading to
> information disclosure and a denial of service.
> - Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned char'
> at coders/psd.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned long'
> at coders/pcl.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
> address for type 'double', which requires 8 byte alignment and for
> type 'float', which requires 4 byte alignment at
> MagickCore/property.c. Whenever crafted or untrusted input is
> processed by ImageMagick, this causes a negative impact to application
> availability or other problems related to undefined behavior.
> - Update hash of LICENSE (year updated with
> https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
> https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2022.05.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-09-16 21:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-15 19:19 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45 Fabrice Fontaine
2022-08-15 19:36 ` Yann E. MORIN
2022-09-16 21:53 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.