imagemagick
Hello,
The following patch applied to the imagemagick in Debian wheezy should
fix the security problem already resolved in squeeze. The patches have
been ported from the squeeze version.
https://security-tracker.debian.org/tracker/TEMP-0773834-5EB6CF
I will also make debs available for testing.
Any comments?
Regards
diff -Nru imagemagick-6.7.7.10/debian/changelog imagemagick-6.7.7.10/debian/changelog
--- imagemagick-6.7.7.10/debian/changelog 2014-03-03 04:24:19.000000000 +1100
+++ imagemagick-6.7.7.10/debian/changelog 2016-03-06 15:44:11.000000000 +1100
@@ -1,3 +1,12 @@
+imagemagick (8:6.7.7.10-5+deb7u4) wheezy-security; urgency=medium
+
+ * Add fix-overflow-in-icon-parsing.patch to fix an integer overflow
+ that can lead to a buffer overrun in the icon parsing code.
+ * Add fix-overflow-in-pict-parsing.patch to fix an integer overflow
+ that can lead to a double free.
+
+ -- Brian May <bam@debian.org> Sun, 06 Mar 2016 15:43:39 +1100
+
imagemagick (8:6.7.7.10-5+deb7u3) wheezy-security; urgency=high
* Fix three security bugs (Closes: #740250):
diff -Nru imagemagick-6.7.7.10/debian/patches/fix-overflow-in-icon-parsing.patch imagemagick-6.7.7.10/debian/patches/fix-overflow-in-icon-parsing.patch
--- imagemagick-6.7.7.10/debian/patches/fix-overflow-in-icon-parsing.patch 1970-01-01 10:00:00.000000000 +1000
+++ imagemagick-6.7.7.10/debian/patches/fix-overflow-in-icon-parsing.patch 2016-03-06 15:37:47.000000000 +1100
@@ -0,0 +1,20 @@
+Description: Fix buffer overflow in icon parsing code
+ This patch backports a small extract of a larger upstream
+ commit that addresses this specific issue.
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
+Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
+Applied-Upstream: 7.0.0
+Last-Update: 2015-11-26
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/coders/icon.c
++++ b/coders/icon.c
+@@ -277,6 +277,8 @@
+ Icon image encoded as a compressed PNG image.
+ */
+ length=icon_file.directory[i].size;
++ if (~length < 12)
++ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+ png=(unsigned char *) AcquireQuantumMemory(length+16,sizeof(*png));
+ if (png == (unsigned char *) NULL)
+ ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
diff -Nru imagemagick-6.7.7.10/debian/patches/fix-overflow-in-pict-parsing.patch imagemagick-6.7.7.10/debian/patches/fix-overflow-in-pict-parsing.patch
--- imagemagick-6.7.7.10/debian/patches/fix-overflow-in-pict-parsing.patch 1970-01-01 10:00:00.000000000 +1000
+++ imagemagick-6.7.7.10/debian/patches/fix-overflow-in-pict-parsing.patch 2016-03-06 16:03:04.000000000 +1100
@@ -0,0 +1,45 @@
+Description: Fix overflow in pict image parsing
+ Backport a small part of an upstream commit fixing
+ an issue with pict image parsing.
+Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
+Applied-Upstream: 7.0.0
+Last-Update: 2015-11-27
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/coders/pict.c
++++ b/coders/pict.c
+@@ -1573,6 +1573,7 @@
+
+ size_t
+ bytes_per_line,
++ row_bytes,
+ count,
+ storage_class;
+
+@@ -1587,7 +1588,6 @@
+
+ unsigned short
+ base_address,
+- row_bytes,
+ transfer_mode;
+
+ /*
+@@ -1618,7 +1618,7 @@
+ source_rectangle=size_rectangle;
+ destination_rectangle=size_rectangle;
+ base_address=0xff;
+- row_bytes=(unsigned short) (image->columns | 0x8000);
++ row_bytes=image->columns;
+ bounds.top=0;
+ bounds.left=0;
+ bounds.bottom=(short) image->rows;
+@@ -1648,7 +1648,7 @@
+ pixmap.bits_per_pixel=32;
+ pixmap.pack_type=0x04;
+ transfer_mode=0x40;
+- row_bytes=(unsigned short) ((4*image->columns) | 0x8000);
++ row_bytes=4*image->columns;
+ }
+ /*
+ Allocate memory.
diff -Nru imagemagick-6.7.7.10/debian/patches/series imagemagick-6.7.7.10/debian/patches/series
--- imagemagick-6.7.7.10/debian/patches/series 2014-03-09 09:48:48.000000000 +1100
+++ imagemagick-6.7.7.10/debian/patches/series 2016-03-06 15:33:59.000000000 +1100
@@ -10,3 +10,5 @@
0009-Fixing-a-buffer-overflow-in-psd-file-handling.patch
0010-Added-boundary-checks-in-DecodePSDPixels.patch
0011-Prevent-buffer-overflow-in-messaging-system-CVE-2014.patch
+fix-overflow-in-icon-parsing.patch
+fix-overflow-in-pict-parsing.patch
--
Brian May <brian@linuxpenguins.xyz>
https://linuxpenguins.xyz/brian/
Reply to: