[Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.1.0-45
Yann E. MORIN
yann.morin.1998 at free.fr
Mon Aug 15 19:36:17 UTC 2022
Fabrice, All,
On 2022-08-15 21:19 +0200, Fabrice Fontaine spake thusly:
> - Fix CVE-2022-1114: A heap-use-after-free flaw was found in
> ImageMagick's RelinquishDCMInfo() function of dcm.c file. This
> vulnerability is triggered when an attacker passes a specially crafted
> DICOM image file to ImageMagick for conversion, potentially leading to
> information disclosure and a denial of service.
> - Fix CVE-2022-32545: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned char'
> at coders/psd.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32546: A vulnerability was found in ImageMagick, causing
> an outside the range of representable values of type 'unsigned long'
> at coders/pcl.c, when crafted or untrusted input is processed. This
> leads to a negative impact to application availability or other
> problems related to undefined behavior.
> - Fix CVE-2022-32547: In ImageMagick, there is load of misaligned
> address for type 'double', which requires 8 byte alignment and for
> type 'float', which requires 4 byte alignment at
> MagickCore/property.c. Whenever crafted or untrusted input is
> processed by ImageMagick, this causes a negative impact to application
> availability or other problems related to undefined behavior.
> - Update hash of LICENSE (year updated with
> https://github.com/ImageMagick/ImageMagick/commit/80629dfb3fea55eefa2dd8bdd9ca1be341502e16)
>
> https://github.com/ImageMagick/Website/blob/main/ChangeLog.md
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/imagemagick/imagemagick.hash | 4 ++--
> package/imagemagick/imagemagick.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/imagemagick/imagemagick.hash b/package/imagemagick/imagemagick.hash
> index 278becd2ab..ff0f3e26c6 100644
> --- a/package/imagemagick/imagemagick.hash
> +++ b/package/imagemagick/imagemagick.hash
> @@ -1,3 +1,3 @@
> # Locally computed
> -sha256 385ca5bd8ce9b37e685779c46868171af949265c9db40067c1c4d7442dbc723e imagemagick-7.1.0-19.tar.gz
> -sha256 040badb77b659e751ea16113490a937e1e01f3f5d32181e966b8982413533fb2 LICENSE
> +sha256 3df6ca6dff15a4e8a20b4593c60285a59e38890440494d91a344e5c0e2bb3eec imagemagick-7.1.0-45.tar.gz
> +sha256 8cceeb67d4e783cb63075c7311fdb990fa0369ee80fbd0f481064cd02386ca2d LICENSE
> diff --git a/package/imagemagick/imagemagick.mk b/package/imagemagick/imagemagick.mk
> index 64a530c6d2..893606ff01 100644
> --- a/package/imagemagick/imagemagick.mk
> +++ b/package/imagemagick/imagemagick.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -IMAGEMAGICK_VERSION = 7.1.0-19
> +IMAGEMAGICK_VERSION = 7.1.0-45
> IMAGEMAGICK_SITE = $(call github,ImageMagick,ImageMagick,$(IMAGEMAGICK_VERSION))
> IMAGEMAGICK_LICENSE = Apache-2.0
> IMAGEMAGICK_LICENSE_FILES = LICENSE
> --
> 2.35.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list