-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Jan 2024 13:20:50 -0500
Source: imagemagick
Architecture: source
Version: 8:6.9.10.23+dfsg-2.1+deb10u6
Distribution: buster-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
imagemagick (8:6.9.10.23+dfsg-2.1+deb10u6) buster-security; urgency=medium
.
[ Bastien Roucariès ]
* Fix a heap based overflow in TIFF coder.
* Avoid a DOS with malformed TIFF file.
* Avoid a memory leak in TIFF file coder.
* Fix a non initialized value passed to TIFFGetField().
* Fix buffer overrun in TIFF coder.
* In case of exception bail out early in TIFF file handling.
* Fix unintialised value in TIFF coder.
* Raise exception when image could not be read but no
exception was raised in TIFF coder.
* Fix CVE-2023-39978: a memory leak was present in
Magick::Draw.
* Mark rmagick test as flaky
* Fix CVE-2023-1289: A vulnerability was discovered
in ImageMagick where a specially created SVG file
loads itself and causes a segmentation fault.
This flaw allows a remote attacker to pass a
specially crafted SVG file that leads to a segmentation
fault, generating many trash files in "/tmp," resulting in
a denial of service. When ImageMagick crashes, it generates
a lot of trash files. These trash files can be large if the
SVG file contains many render actions.
* Fix CVE-2023-34151: A vulnerability was found in ImageMagick,
due to undefined behaviors of casting double to size_t in
svg, mvg and other coders.
* Fix CVE-2023-5341: A heap use-after-free flaw was found
in coders/bmp.c
.
[ Santiago Ruano Rincón ]
* Enable ARM builds in salsa-ci.yml
Checksums-Sha1:
7af5a1e0dd776b1c4a4b9f73ab0cb8e6f3cd17a3 5239 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc
641b8eb20e2deb2dad12a101293e9905be6134d7 266256 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz
44e5d1ed6445607d239733180714c5169efb4e30 31683 imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo
Checksums-Sha256:
53918c05acea7724571ec97ec111c8fa229eab843c96116854d7920e62360dee 5239 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc
1da356e74bc3c3f1df08d1a379c8d15400989fcd5ed422dbd74b7c66153d55d6 266256 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz
0803e5caa0253571b089c4dd56acf2d58ec4ee4b56ff6125ad70e8ed2c5c8fed 31683 imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo
Files:
22fee2c63d2be6779ce40b814873a3e2 5239 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc
e49e6b6111835635e0a9f436b774ee0b 266256 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz
58c5058b6e550fde8b074ec63aaeffce 31683 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmXWVQERHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+w5RAAmnd4qav2hNgnlIfp3eC1mgkHIrOrNUBl
HZNufudpnvKiefYbPsX74w+BtR9h2MKeoav+kGHpXvmlk4RTodO6fh4c/YJPEAPh
A5/2J8zkjF4M7UDBBpzLXE6nUYM6EC64gnJ8rbH+xGnVm3aly17VnCfiatKqfvAc
kc80jqdAM2AhGU9CGFFA2Q7GybSTh0/pWPtu7goBTxQdtj/JXdHV3rY1ZW0haxyk
x2WjG8yF6R76b01pNYkFbPkGJ3jEaBL2ZCyjYwnXK/+nTbCtzsnUmJfJDdzvIIlu
oZp4QTRZGDw5fTw2081r2rgwTiqJ7/IKDKoEO/dAJ8FkgFPwUSPEXlmF3PQj6kCc
8vVtHuocgzP6JF10ZV9+wovdGYOR5B063joCVOBQwzs4dJMD439LzioyD6l03dUL
eVW+PdnGys5+EEmdeQOJrzvKToRYp5LMSUxfOY9js+8RcYwjY8OOvSzr9KW3BWGT
aHDGaVs4eXNeMrS/z+XBfIQcMn/66dpF7rfX1LTFAZnpqaAtvfOFw2y6jA7KWAUo
cqKarA6zPWJAPZLQ2f/iv1GfV12wAF/xTy4pcnMNRVSb/KuC3w+8FLPevRqOBQ3q
x3RuyvNoFERgwCqdzZAavGIAZee9TH2RmmZX/hPrm3y/sJ015oHzDq+Nz7Ar5Nac
ntlUu/yPdrE=
=9ZKr
-----END PGP SIGNATURE-----
