packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!17 fix CVE-2020-29599

Browse Source 
From: @wangxiao65
Reviewed-by: @wang_yue111,@small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-01-13 09:35:47 +08:00 committed by Gitee
commit a14448956d
11 changed files with 426 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
CVE-2020-29599-1.patch Normal file
View File

@ -0,0 +1,71 @@
From a7b2d8328c539da6e79a118a0b8e97462c7daa77 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 10 Nov 2019 14:53:23 -0500
Subject: [PATCH] Santize ';' from SHOW and WIN delegates
---
magick/delegate.c | 26 +++++++++++++++++++++++++-
magick/string.c | 4 ++--
2 files changed, 27 insertions(+), 3 deletions(-)
diff --git a/magick/delegate.c b/magick/delegate.c
index 37cd77b39..4fec87fc6 100644
--- a/magick/delegate.c
+++ b/magick/delegate.c
@@ -507,6 +507,30 @@ MagickExport int ExternalDelegateCommand(const MagickBooleanType asynchronous,
%
*/
+static char *SanitizeDelegateString(const char *source)
+{
+ char
+ *sanitize_source;
+
+ const char
+ *q;
+
+ register char
+ *p;
+
+ static char
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!*'(),{}|\\^~[]`\"><#%/?:@&=";
+
+ sanitize_source=AcquireString(source);
+ p=sanitize_source;
+ q=sanitize_source+strlen(sanitize_source);
+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+ *p='_';
+ return(sanitize_source);
+}
+
static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image,
const char letter)
{
@@ -918,7 +942,7 @@ static char *GetMagickPropertyLetter(const ImageInfo *image_info,Image *image,
break;
}
}
- return(SanitizeString(string));
+ return(SanitizeDelegateString(string));
}
static char *InterpretDelegateProperties(const ImageInfo *image_info,
diff --git a/magick/string.c b/magick/string.c
index 828f12a0c..1e4ae55cb 100644
--- a/magick/string.c
+++ b/magick/string.c
@@ -1588,10 +1588,10 @@ MagickExport void ResetStringInfo(StringInfo *string_info)
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
-% SanitizeString() returns an new string removes all characters except
+% SanitizeString() returns a new string removes all characters except
% letters, digits and !#$%&'*+-=?^_`{|}~@.[].
%
-% The returned string shoud be freed using DestoryString().
+% Free the sanitized string with DestroyString().
%
% The format of the SanitizeString method is:
%

30
CVE-2020-29599-10.patch Normal file
View File

@ -0,0 +1,30 @@
From 83ec5b5b8ee7cae891fff59340be207b513a030d Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 21 Nov 2020 13:26:16 +0000
Subject: [PATCH] restore passphrase support when rendering PDF's
---
coders/pdf.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/coders/pdf.c b/coders/pdf.c
index 31efd06e5..ce4f7a5f1 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -611,14 +611,13 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
(void) ConcatenateMagickString(options,"-dUseTrimBox ",MaxTextExtent);
if (stop_on_error != MagickFalse)
(void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
- option=GetImageOption(image_info,"authenticate");
- if (option != (char *) NULL)
+ if (image_info->authenticate != (char *) NULL)
{
char
passphrase[MagickPathExtent],
*sanitize_passphrase;
- sanitize_passphrase=SanitizeDelegateString(option);
+ sanitize_passphrase=SanitizeDelegateString(image_info->authenticate);
(void) FormatLocaleString(passphrase,MagickPathExtent,
"'-sPDFPassword=%s' ",sanitize_passphrase);
sanitize_passphrase=DestroyString(sanitize_passphrase);

22
CVE-2020-29599-2.patch Normal file
View File

@ -0,0 +1,22 @@
From 2eead004825d31e8f49022f0bc4ca0d3457b0bb1 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 20 Nov 2019 07:20:50 -0500
Subject: [PATCH] Santize "'" from SHOW and WIN delegates
---
magick/delegate.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/magick/delegate.c b/magick/delegate.c
index 4fec87fc6..32beeb15e 100644
--- a/magick/delegate.c
+++ b/magick/delegate.c
@@ -521,7 +521,7 @@ static char *SanitizeDelegateString(const char *source)
static char
whitelist[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
- "$-_.+!*'(),{}|\\^~[]`\"><#%/?:@&=";
+ "$-_.+!*;(),{}|\\^~[]`\"><#%/?:@&=";
sanitize_source=AcquireString(source);
p=sanitize_source;

31
CVE-2020-29599-3.patch Normal file
View File

@ -0,0 +1,31 @@
From 20f520ed5c8541ae6646bc38d9d3b480785be6c3 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 25 Nov 2019 13:33:50 -0500
Subject: [PATCH] Per Enzo Puig, santize "'" from SHOW and WIN delegates under
Linux, '"\' for Windows
---
magick/delegate.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/magick/delegate.c b/magick/delegate.c
index 32beeb15e..bc83401fd 100644
--- a/magick/delegate.c
+++ b/magick/delegate.c
@@ -519,9 +519,15 @@ static char *SanitizeDelegateString(const char *source)
*p;
static char
+#if defined(MAGICKCORE_WINDOWS_SUPPORT)
whitelist[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
- "$-_.+!*;(),{}|\\^~[]`\"><#%/?:@&=";
+ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
+#else
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
+#endif
sanitize_source=AcquireString(source);
p=sanitize_source;

33
CVE-2020-29599-4.patch Normal file
View File

@ -0,0 +1,33 @@
From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 16 Nov 2020 17:01:57 +0000
Subject: [PATCH] shell injection vulnerability via the -authenticate option
---
coders/pdf.c | 13 ++++++++-----
1 file changed, 8 insertions(+), 5 deletions(-)
diff --git a/coders/pdf.c b/coders/pdf.c
index 5e4edc760..63eda5d81 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
if (option != (char *) NULL)
{
char
- passphrase[MaxTextExtent];
-
- (void) FormatLocaleString(passphrase,MaxTextExtent,
- "\"-sPDFPassword=%s\" ",option);
- (void) ConcatenateMagickString(options,passphrase,MaxTextExtent);
+ message[MagickPathExtent],
+ *passphrase;
+
+ passphrase=SanitizeString(option);
+ (void) FormatLocaleString(message,MagickPathExtent,
+ "\"-sPDFPassword=%s\" ",passphrase);
+ passphrase=DestroyString(passphrase);
+ (void) ConcatenateMagickString(options,message,MagickPathExtent);
}
read_info=CloneImageInfo(image_info);
*read_info->magick='\0';

60
CVE-2020-29599-5.patch Normal file
View File

@ -0,0 +1,60 @@
From 7b0cce080345e5b7ef26d122f18809c93a19a80e Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 16 Nov 2020 18:17:31 +0000
Subject: [PATCH] fix shell injection vulnerability via the -authenticate
option
---
coders/pdf.c | 15 ++++++---------
magick/string.c | 8 +++++++-
2 files changed, 13 insertions(+), 10 deletions(-)
diff --git a/coders/pdf.c b/coders/pdf.c
index 63eda5d81..074ba3f64 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -585,17 +585,14 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
if (stop_on_error != MagickFalse)
(void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
option=GetImageOption(image_info,"authenticate");
- if (option != (char *) NULL)
+ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
{
char
- message[MagickPathExtent],
- *passphrase;
-
- passphrase=SanitizeString(option);
- (void) FormatLocaleString(message,MagickPathExtent,
- "\"-sPDFPassword=%s\" ",passphrase);
- passphrase=DestroyString(passphrase);
- (void) ConcatenateMagickString(options,message,MagickPathExtent);
+ passphrase[MagickPathExtent];
+
+ (void) FormatLocaleString(passphrase,MagickPathExtent,
+ "\"-sPDFPassword=%s\" ",option);
+ (void) ConcatenateMagickString(options,passphrase,MagickPathExtent);
}
read_info=CloneImageInfo(image_info);
*read_info->magick='\0';
diff --git a/magick/string.c b/magick/string.c
index c8ffa086f..7f6eebc3b 100644
--- a/magick/string.c
+++ b/magick/string.c
@@ -1604,9 +1604,15 @@ MagickExport char *SanitizeString(const char *source)
*p;
static char
+#if defined(MAGICKCORE_WINDOWS_SUPPORT)
whitelist[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
- "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";
+ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
+#else
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
+#endif
sanitize_source=AcquireString(source);
p=sanitize_source;

30
CVE-2020-29599-6.patch Normal file
View File

@ -0,0 +1,30 @@
From 875fdf773d6e822364f876bed14c1785a01b45a7 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 16 Nov 2020 23:18:42 +0000
Subject: [PATCH] revert whitelist mod
---
magick/string.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/magick/string.c b/magick/string.c
index 7f6eebc3b..c8ffa086f 100644
--- a/magick/string.c
+++ b/magick/string.c
@@ -1604,15 +1604,9 @@ MagickExport char *SanitizeString(const char *source)
*p;
static char
-#if defined(MAGICKCORE_WINDOWS_SUPPORT)
whitelist[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
- "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
-#else
- whitelist[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
- "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
-#endif
+ "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&=";
sanitize_source=AcquireString(source);
p=sanitize_source;

23
CVE-2020-29599-7.patch Normal file
View File

@ -0,0 +1,23 @@
From ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 19 Nov 2020 18:36:05 +0000
Subject: [PATCH] fix shell injection vulnerability via the -authenticate
option
---
coders/pdf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/coders/pdf.c b/coders/pdf.c
index 074ba3f64..ef1567b29 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -585,7 +585,7 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
if (stop_on_error != MagickFalse)
(void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
option=GetImageOption(image_info,"authenticate");
- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|") == (char *) NULL))
+ if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL))
{
char
passphrase[MagickPathExtent];

24
CVE-2020-29599-8.patch Normal file
View File

@ -0,0 +1,24 @@
From 869e38717fa91325da87c2a4cedc148a770a07ec Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 19 Nov 2020 18:39:30 +0000
Subject: [PATCH] fix shell injection vulnerability via the -authenticate
option
---
coders/pdf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/coders/pdf.c b/coders/pdf.c
index ef1567b29..d5ed56596 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -585,7 +585,8 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
if (stop_on_error != MagickFalse)
(void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
option=GetImageOption(image_info,"authenticate");
- if ((option != (char *) NULL) && (strpbrk(option,"&;<>|\"") == (char *) NULL))
+ if ((option != (char *) NULL) &&
+ (strpbrk(option,"&;<>|\"'") == (char *) NULL))
{
char
passphrase[MagickPathExtent];

88
CVE-2020-29599-9.patch Normal file
View File

@ -0,0 +1,88 @@
From 226804980651bb4eb5f3ba3b9d7e992f2eda4710 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 19 Nov 2020 20:50:44 +0000
Subject: [PATCH] fix shell injection vulnerability via the -authenticate
option
---
coders/pdf.c | 46 ++++++++++++++++++++++++++++++++++-------
config/delegates.xml.in | 4 ++--
2 files changed, 42 insertions(+), 9 deletions(-)
diff --git a/coders/pdf.c b/coders/pdf.c
index d5ed56596..31efd06e5 100644
--- a/coders/pdf.c
+++ b/coders/pdf.c
@@ -368,6 +368,36 @@ static inline void CleanupPDFInfo(PDFInfo *pdf_info)
pdf_info->profile=DestroyStringInfo(pdf_info->profile);
}
+static char *SanitizeDelegateString(const char *source)
+{
+ char
+ *sanitize_source;
+
+ const char
+ *q;
+
+ register char
+ *p;
+
+ static char
+#if defined(MAGICKCORE_WINDOWS_SUPPORT)
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!;*(),{}|^~[]`\'><#%/?:@&=";
+#else
+ whitelist[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 "
+ "$-_.+!;*(),{}|\\^~[]`\"><#%/?:@&=";
+#endif
+
+ sanitize_source=AcquireString(source);
+ p=sanitize_source;
+ q=sanitize_source+strlen(sanitize_source);
+ for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
+ *p='_';
+ return(sanitize_source);
+}
+
static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
{
char
@@ -585,14 +615,16 @@ static Image *ReadPDFImage(const ImageInfo *image_info,ExceptionInfo *exception)
if (stop_on_error != MagickFalse)
(void) ConcatenateMagickString(options,"-dPDFSTOPONERROR ",MaxTextExtent);
option=GetImageOption(image_info,"authenticate");
- if ((option != (char *) NULL) &&
- (strpbrk(option,"&;<>|\"'") == (char *) NULL))
+ if (option != (char *) NULL)
{
char
- passphrase[MagickPathExtent];
+ passphrase[MagickPathExtent],
+ *sanitize_passphrase;
+ sanitize_passphrase=SanitizeDelegateString(option);
(void) FormatLocaleString(passphrase,MagickPathExtent,
- "\"-sPDFPassword=%s\" ",option);
+ "'-sPDFPassword=%s' ",sanitize_passphrase);
+ sanitize_passphrase=DestroyString(sanitize_passphrase);
(void) ConcatenateMagickString(options,passphrase,MagickPathExtent);
}
read_info=CloneImageInfo(image_info);
diff --git a/config/delegates.xml.in b/config/delegates.xml.in
index d93387ac1..4fc3acc3f 100644
--- a/config/delegates.xml.in
+++ b/config/delegates.xml.in
@@ -89,8 +89,8 @@
<delegate decode="pcl:cmyk" stealth="True" command="&quot;@PCLDelegate@&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=@PCLCMYKDevice@&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;"/>
<delegate decode="pcl:color" stealth="True" command="&quot;@PCLDelegate@&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=@PCLColorDevice@&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;"/>
<delegate decode="pcl:mono" stealth="True" command="&quot;@PCLDelegate@&quot; -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=@PCLMonoDevice@&quot; -dTextAlphaBits=%u -dGraphicsAlphaBits=%u &quot;-r%s&quot; %s &quot;-sOutputFile=%s&quot; &quot;%s&quot;"/>
- <delegate decode="pdf" encode="eps" mode="bi" command="&quot;@PSDelegate@&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 -sPDFPassword=&quot;%a&quot; &quot;-sDEVICE=@GSEPSDevice@&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;"/>
- <delegate decode="pdf" encode="ps" mode="bi" command="&quot;@PSDelegate@&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=@GSPSDevice@&quot; -sPDFPassword=&quot;%a&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;"/>
+ <delegate decode="pdf" encode="eps" mode="bi" command="&quot;@PSDelegate@&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=@GSEPSDevice@&quot; &quot;-sPDFPassword=%a&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;"/>
+ <delegate decode="pdf" encode="ps" mode="bi" command="&quot;@PSDelegate@&quot; -sstdout=%%stderr -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 &quot;-sDEVICE=@GSPSDevice@&quot; &quot;-sPDFPassword=%a&quot; &quot;-sOutputFile=%o&quot; &quot;-f%i&quot;"/>
<delegate decode="pnm" encode="trace" command="&quot;@TraceEncodeDelegate@&quot; --svg --output &quot;%o&quot; &quot;%i&quot;"/>
<delegate decode="png" encode="webp" command="&quot;@WebPEncodeDelegate@&quot; -quiet %Q &quot;%i&quot; -o &quot;%o&quot;"/>
<delegate decode="pnm" encode="ilbm" mode="encode" command="&quot;@ILBMEncodeDelegate@&quot; -24if &quot;%i&quot; &gt; &quot;%o&quot;"/>

15
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick
Epoch: 1
Version: 6.9.10.67
Release: 8
Release: 9
Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick
Url: http://www.imagemagick.org/
@ -18,6 +18,16 @@ Patch0008: CVE-2020-27765.patch
Patch0009: CVE-2020-27766.patch
Patch0010: CVE-2020-27767.patch
Patch0011: CVE-2020-27770.patch
Patch0012: CVE-2020-29599-1.patch
Patch0013: CVE-2020-29599-2.patch
Patch0014: CVE-2020-29599-3.patch
Patch0015: CVE-2020-29599-4.patch
Patch0016: CVE-2020-29599-5.patch
Patch0017: CVE-2020-29599-6.patch
Patch0018: CVE-2020-29599-7.patch
Patch0019: CVE-2020-29599-8.patch
Patch0020: CVE-2020-29599-9.patch
Patch0021: CVE-2020-29599-10.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -174,6 +184,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++*
%changelog
* Tue Jan 12 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-9
- fix CVE-2020-29599
* Mon Jan 04 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-8
- fix CVE-2020-27759 CVE-2020-27760 CVE-2020-27761 CVE-2020-27762 CVE-2020-27764
CVE-2020-27765 CVE-2020-27765 CVE-2020-27766 CVE-2020-27767 CVE-2020-27770