All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
Date: Mon, 15 Aug 2022 21:36:17 +0200	[thread overview]
Message-ID: <20220815193617.GK2854108@scaer> (raw)
In-Reply-To: <20220815191914.568237-1-fontaine.fabrice@gmail.com>

Fabrice, All,

On 2022-08-15 21:19 +0200, Fabrice Fontaine spake thusly:
> - Fix CVE-2022-1114: A heap-use-after-free flaw was found in
>   ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
>   vulnerability is triggered when an attacker passes a specially crafted
>   DICOM image file to ImageMagick for conversion, potentially leading to
>   information disclosure and a denial of service.
> - Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
>   an outside the range of representable values of type 'unsigned char'
>   at coders/psd.c, when crafted or untrusted input is processed. This
>   leads to a negative impact to application availability or other
>   problems related to undefined behavior.
> - Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
>   an outside the range of representable values of type 'unsigned long'
>   at coders/pcl.c, when crafted or untrusted input is processed. This
>   leads to a negative impact to application availability or other
>   problems related to undefined behavior.
> - Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
>   address for type 'double', which requires 8 byte alignment and for
>   type 'float', which requires 4 byte alignment at
>   MagickCore/property.c. Whenever crafted or untrusted input is
>   processed by ImageMagick, this causes a negative impact to application
>   availability or other problems related to undefined behavior.
> - Update hash of LICENSE (year updated with
>   https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
> 
> https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/imagemagick/imagemagick.hash | 4 ++--
>  package/imagemagick/imagemagick.mk   | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
> index 278becd2ab..ff0f3e26c6 100644
> --- a/package/imagemagick/imagemagick.hash
> +++ b/package/imagemagick/imagemagick.hash
> @@ -1,3 +1,3 @@
>  # Locally computed
> -sha256  385ca5bd8ce9b37e685779c46868171af949265c9db40067c1c4d7442dbc723e  imagemagick-7.1.0-19.tar.gz
> -sha256  040badb77b659e751ea16113490a937e1e01f3f5d32181e966b8982413533fb2  LICENSE
> +sha256  3df6ca6dff15a4e8a20b4593c60285a59e38890440494d91a344e5c0e2bb3eec  imagemagick-7.1.0-45.tar.gz
> +sha256  8cceeb67d4e783cb63075c7311fdb990fa0369ee80fbd0f481064cd02386ca2d  LICENSE
> diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
> index 64a530c6d2..893606ff01 100644
> --- a/package/imagemagick/imagemagick.mk
> +++ b/package/imagemagick/imagemagick.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -IMAGEMAGICK_VERSION = 7.1.0-19
> +IMAGEMAGICK_VERSION = 7.1.0-45
>  IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
>  IMAGEMAGICK_LICENSE = Apache-2.0
>  IMAGEMAGICK_LICENSE_FILES = LICENSE
> -- 
> 2.35.1
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

  reply	other threads:[~2022-08-15 19:36 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-15 19:19 [Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45 Fabrice Fontaine
2022-08-15 19:36 ` Yann E. MORIN [this message]
2022-09-16 21:53 ` Peter Korsgaard

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220815193617.GK2854108@scaer \
    --to=yann.morin.1998@free.fr \
    --cc=buildroot@buildroot.org \
    --cc=fontaine.fabrice@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.