packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!168 [sync] PR-165: Fix CVE-2022-44267 and CVE-2022-44268

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @gitee-cmd 
Signed-off-by: @gitee-cmd
This commit is contained in:
openeuler-ci-bot 2023-02-09 13:02:39 +00:00 committed by Gitee
commit 380c7216c6
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2022-44267_CVE-2022-44268.patch Normal file
View File

@ -0,0 +1,22 @@
From 05673e63c919e61ffa1107804d1138c46547a475 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 22 Oct 2022 13:28:46 -0400
Subject: [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
leak (OCE-2022-72)
---
coders/png.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/coders/png.c b/coders/png.c
index c83d937c93..4f8c8909bf 100644
--- a/coders/png.c
+++ b/coders/png.c
@@ -3980,6 +3980,7 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
(void) FormatLocaleString(key,MagickPathExtent,"%s",
text[i].key);
if ((LocaleCompare(key,"version") == 0) ||
+ (LocaleCompare(key,"profile") == 0) ||
(LocaleCompare(key,"width") == 0))
(void) FormatLocaleString(key,MagickPathExtent,"png:%s",
text[i].key);

6
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick Name: ImageMagick
Epoch: 1 Epoch: 1
Version: 7.1.0.28 Version: 7.1.0.28
Release: 5 Release: 6
Summary: Create, edit, compose, or convert bitmap images Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT License: ImageMagick and MIT
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
@ -14,6 +14,7 @@ Patch0004: CVE-2022-3213-pre2.patch
Patch0005: CVE-2022-3213-pre3.patch Patch0005: CVE-2022-3213-pre3.patch
Patch0006: CVE-2022-3213.patch Patch0006: CVE-2022-3213.patch
Patch0007: CVE-2022-32547.patch Patch0007: CVE-2022-32547.patch
Patch0008: CVE-2022-44267_CVE-2022-44268.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -168,6 +169,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick* %{_libdir}/pkgconfig/ImageMagick*
%changelog %changelog
* Thu Feb 09 2023 yaoxin <yaoxin30@h-partners.com> - 1:7.1.0.28-6
- Fix CVE-2022-44267 and CVE-2022-44268
* Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:7.1.0.28-5 * Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:7.1.0.28-5
- Fix CVE-2022-32547 - Fix CVE-2022-32547