diff -Nru imagemagick-6.9.7.4+dfsg/debian/changelog imagemagick-6.9.7.4+dfsg/debian/changelog --- imagemagick-6.9.7.4+dfsg/debian/changelog 2023-11-11 00:15:59.000000000 +0000 +++ imagemagick-6.9.7.4+dfsg/debian/changelog 2024-02-15 22:36:55.000000000 +0000 @@ -1,20 +1,24 @@ -imagemagick (8:6.9.7.4+dfsg-16ubuntu6.15+esm2+16.04.sav0.1) xenial; urgency=medium - - * No-change rebuild against libopenexr-3-2-31 and libtiff6 - - -- Rob Savoury Fri, 10 Nov 2023 16:15:59 -0800 - -imagemagick (8:6.9.7.4+dfsg-16ubuntu6.15+esm2+16.04.sav0) xenial; urgency=medium +imagemagick (8:6.9.7.4+dfsg-16ubuntu6.15+esm3+16.04.sav0) xenial; urgency=medium * Backport to Xenial - * Build against new OpenEXR 3.1.11 for libopenexr30 dependency + * Build against new OpenEXR 3.2.1 for libopenexr-3-2-31 dependency * Backport "Enable WEBP image format" from 8:6.9.10.23+dfsg-1 package: - debian/{control,control.d/noquantum.in}: Add libwebp-dev BD - debian/rules: Add --with-webp to STATIC_CONFIGURE_OPTIONS - debian/patches: Add CVE-2017-{6502,14138}.patch and also CVE-2018-{7470,9135}.patch to fix webp vulnerabilities - -- Rob Savoury Wed, 27 Sep 2023 08:45:44 -0700 + -- Rob Savoury Thu, 15 Feb 2024 14:36:55 -0800 + +imagemagick (8:6.9.7.4+dfsg-16ubuntu6.15+esm3) bionic-security; urgency=medium + + * SECURITY UPDATE: Use After Free + - debian/patches/Added-check-for-invalid-size-4522.patch: Added + check for invalid size (#4522). + - debian/patches/CVE-2023-5341.patch: Check for BMP file size. + - CVE-2023-5341 + + -- Paulo Flabiano Smorigo Tue, 23 Jan 2024 16:22:20 -0300 imagemagick (8:6.9.7.4+dfsg-16ubuntu6.15+esm2) bionic-security; urgency=medium diff -Nru imagemagick-6.9.7.4+dfsg/debian/patches/Added-check-for-invalid-size-4522.patch imagemagick-6.9.7.4+dfsg/debian/patches/Added-check-for-invalid-size-4522.patch --- imagemagick-6.9.7.4+dfsg/debian/patches/Added-check-for-invalid-size-4522.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.7.4+dfsg/debian/patches/Added-check-for-invalid-size-4522.patch 2024-01-23 19:21:27.000000000 +0000 @@ -0,0 +1,23 @@ +From 285c84a86dacdc4ebee2ce3e88e642dbf174d3dc Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Tue, 30 Nov 2021 20:20:09 +0100 +Subject: [PATCH] Added check for invalid size (#4522). + +--- + coders/bmp.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- imagemagick-6.9.7.4+dfsg.orig/coders/bmp.c ++++ imagemagick-6.9.7.4+dfsg/coders/bmp.c +@@ -612,9 +612,8 @@ static Image *ReadBMPImage(const ImageIn + + bmp_info.offset_bits=ReadBlobLSBLong(image); + bmp_info.size=ReadBlobLSBLong(image); +- if (image->debug != MagickFalse) +- (void) LogMagickEvent(CoderEvent,GetMagickModule()," BMP size: %lu", +- bmp_info.size); ++ if (bmp_info.size > 124) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (bmp_info.size == 12) + { + /* diff -Nru imagemagick-6.9.7.4+dfsg/debian/patches/CVE-2023-5341.patch imagemagick-6.9.7.4+dfsg/debian/patches/CVE-2023-5341.patch --- imagemagick-6.9.7.4+dfsg/debian/patches/CVE-2023-5341.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.7.4+dfsg/debian/patches/CVE-2023-5341.patch 2024-01-23 19:21:31.000000000 +0000 @@ -0,0 +1,22 @@ +From aa673b2e4defc7cad5bec16c4fc8324f71e531f1 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Sun, 24 Sep 2023 07:28:19 -0400 +Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of + Vehere (Dawn Treaders team) + +--- + coders/bmp.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- imagemagick-6.9.7.4+dfsg.orig/coders/bmp.c ++++ imagemagick-6.9.7.4+dfsg/coders/bmp.c +@@ -614,6 +614,9 @@ static Image *ReadBMPImage(const ImageIn + bmp_info.size=ReadBlobLSBLong(image); + if (bmp_info.size > 124) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); ++ if ((bmp_info.file_size != 0) && ++ ((MagickSizeType) bmp_info.file_size > GetBlobSize(image))) ++ ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if (bmp_info.size == 12) + { + /* diff -Nru imagemagick-6.9.7.4+dfsg/debian/patches/series imagemagick-6.9.7.4+dfsg/debian/patches/series --- imagemagick-6.9.7.4+dfsg/debian/patches/series 2023-09-27 15:45:18.000000000 +0000 +++ imagemagick-6.9.7.4+dfsg/debian/patches/series 2024-02-15 22:35:14.000000000 +0000 @@ -386,6 +386,8 @@ CVE-2023-34151-prepatch-2.patch CVE-2023-34151.patch CVE-2022-48541.patch +Added-check-for-invalid-size-4522.patch +CVE-2023-5341.patch # libwebp fixes CVE-2017-6502.patch