packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-44267 and CVE-2022-44268

Browse Source 
(cherry picked from commit 441e3e42e392cdc4e29dc3fc7810c4d6dfdd8b8b)
This commit is contained in:
starlet-dx 2023-02-09 17:06:42 +08:00 committed by openeuler-sync-bot
parent fe0e12314f
commit 30752e4ff5
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
CVE-2022-44267_CVE-2022-44268.patch Normal file
View File

@ -0,0 +1,30 @@
From 3c5188b41902a909e163492fb0c19e49efefcefe Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 22 Oct 2022 13:28:51 -0400
Subject: [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
leak (OCE-2022-72)
---
coders/png.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/coders/png.c b/coders/png.c
index dae894d9c..887827636 100644
--- a/coders/png.c
+++ b/coders/png.c
@@ -3793,13 +3793,14 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
*/
if (!png_get_valid(ping,ping_info,PNG_INFO_pHYs) ||
(LocaleCompare(text[i].key,"density") != 0 &&
- LocaleCompare(text[i].key,"units") != 0))
+ LocaleCompare(text[i].key,"units") != 0))
{
char
key[MaxTextExtent];
(void) FormatLocaleString(key,MaxTextExtent,"%s",text[i].key);
if ((LocaleCompare(key,"version") == 0) ||
+ (LocaleCompare(key,"profile") == 0) ||
(LocaleCompare(key,"width") == 0))
(void) FormatLocaleString(key,MagickPathExtent,"png:%s",
text[i].key);

6
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick Name: ImageMagick
Epoch: 1 Epoch: 1
Version: 6.9.12.43 Version: 6.9.12.43
Release: 4 Release: 5
Summary: Create, edit, compose, or convert bitmap images Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT License: ImageMagick and MIT
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
@ -12,6 +12,7 @@ Patch0002: CVE-2022-3213-pre1.patch
Patch0003: CVE-2022-3213-pre2.patch Patch0003: CVE-2022-3213-pre2.patch
Patch0004: CVE-2022-3213.patch Patch0004: CVE-2022-3213.patch
Patch0005: CVE-2022-32547.patch Patch0005: CVE-2022-32547.patch
Patch0006: CVE-2022-44267_CVE-2022-44268.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
@ -170,6 +171,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++* %{_libdir}/pkgconfig/ImageMagick++*
%changelog %changelog
* Thu Feb 09 2023 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-5
- Fix CVE-2022-44267 and CVE-2022-44268
* Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-4 * Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-4
- Fix CVE-2022-32547 - Fix CVE-2022-32547