Bug#928402: unblock: imagemagick/8:6.9.10.23+dfsg-2.1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#928402: unblock: imagemagick/8:6.9.10.23+dfsg-2.1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 03 May 2019 20:50:52 +0200
Message-id: <[🔎] 155690945278.5338.2069366487180278384.reportbug@lorien.valinor.li>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 928402@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear release team,

Please unblock package imagemagick (actually it is pending in deferred
queue, uploaded as NMU to delayed/2 yet).

Recent DSA fixed two CVEs for imagemagick, so I would like to fix the
same set for imagemagick (although there would be more CVEs open for
buster), as well for buster to avoid a regression from stretch ->
buster?

+imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Stack-based buffer overflow in function PopHexPixel in coders/ps.c
+    (CVE-2019-9956) (Closes: #925395)
+  * Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650)
+    (Closes: #926091)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 03 May 2019 16:34:26 +0200

could you consider those changes please as well for buster?

unblock imagemagick/8:6.9.10.23+dfsg-2.1

Regards,
Salvatore

diff -Nru imagemagick-6.9.10.23+dfsg/debian/changelog imagemagick-6.9.10.23+dfsg/debian/changelog
--- imagemagick-6.9.10.23+dfsg/debian/changelog	2019-01-08 15:08:25.000000000 +0100
+++ imagemagick-6.9.10.23+dfsg/debian/changelog	2019-05-03 16:34:26.000000000 +0200
@@ -1,3 +1,13 @@
+imagemagick (8:6.9.10.23+dfsg-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Stack-based buffer overflow in function PopHexPixel in coders/ps.c
+    (CVE-2019-9956) (Closes: #925395)
+  * Heap-buffer-overflow in WriteTIFFImage of coders/tiff.c (CVE-2019-10650)
+    (Closes: #926091)
+
+ -- Salvatore Bonaccorso <carnil@debian.org>  Fri, 03 May 2019 16:34:26 +0200
+
 imagemagick (8:6.9.10.23+dfsg-2) unstable; urgency=medium
 
   * Bug fix: "identify 6.9.10-23 does not convert units (pixels per
diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch
--- imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.10.23+dfsg/debian/patches/0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch	2019-05-03 16:21:49.000000000 +0200
@@ -0,0 +1,35 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Fri, 22 Mar 2019 07:39:18 -0400
+Subject: https://github.com/ImageMagick/ImageMagick/issues/1523
+Origin: https://github.com/ImageMagick/ImageMagick6/commit/90401e430840c5ff31ad870f4370bbda1318ac94
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-9956
+Bug-Debian: https://bugs.debian.org/925395
+Bug: https://github.com/ImageMagick/ImageMagick/issues/1523
+
+---
+ coders/ps.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/coders/ps.c b/coders/ps.c
+index cf8e4bdfccc9..828f6cfcbbcd 100644
+--- a/coders/ps.c
++++ b/coders/ps.c
+@@ -2272,8 +2272,13 @@ RestoreMSCWarning
+                   p++;
+                 }
+                 q=PopHexPixel(hex_digits,(size_t) index,q);
+-                q=PopHexPixel(hex_digits,(size_t)
+-                  MagickMin(length,0xff),q);
++                q=PopHexPixel(hex_digits,(size_t) MagickMin(length,0xff),q);
++                if ((q-pixels+6) >= 80)
++                  {
++                    *q++='\n';
++                    (void) WriteBlob(image,q-pixels,pixels);
++                    q=pixels;
++                  }
+                 if (image->previous == (Image *) NULL)
+                   {
+                     status=SetImageProgress(image,SaveImageTag,
+-- 
+2.11.0
+
diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch
--- imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.10.23+dfsg/debian/patches/0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch	2019-05-03 16:31:31.000000000 +0200
@@ -0,0 +1,26 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Thu, 28 Mar 2019 20:35:26 -0400
+Subject: https://github.com/ImageMagick/ImageMagick/issues/1532
+Origin: https://github.com/ImageMagick/ImageMagick6/commit/4800ae0dabdb3012f82820af946060c3ca9fdb87
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-10650
+Bug-Debian: https://bugs.debian.org/926091
+Bug: https://github.com/ImageMagick/ImageMagick/issues/1532
+
+---
+ coders/tiff.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -3261,6 +3261,11 @@ static MagickBooleanType WriteTIFFImage(
+     TIFFUnmapBlob);
+   if (tiff == (TIFF *) NULL)
+     return(MagickFalse);
++  if (exception->severity > ErrorException)
++    {
++      TIFFClose(tiff);
++      return(MagickFalse);
++    }
+   scene=0;
+   debug=IsEventLogging();
+   (void) debug;
diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch
--- imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch	1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.10.23+dfsg/debian/patches/0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch	2019-05-03 16:26:37.000000000 +0200
@@ -0,0 +1,28 @@
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sat, 30 Mar 2019 07:10:45 -0400
+Subject: https://github.com/ImageMagick/ImageMagick/issues/1532
+Origin: https://github.com/ImageMagick/ImageMagick6/commit/d8d844c6f23f4d90d8fe893fe9225dd78fc1e6ef
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-10650
+Bug-Debian: https://bugs.debian.org/926091
+Bug: https://github.com/ImageMagick/ImageMagick/issues/1532
+
+---
+ coders/tiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/coders/tiff.c b/coders/tiff.c
+index 31f39d2f73b9..00040a214e16 100644
+--- a/coders/tiff.c
++++ b/coders/tiff.c
+@@ -3280,7 +3280,7 @@ static MagickBooleanType WriteTIFFImage(const ImageInfo *image_info,
+     TIFFUnmapBlob);
+   if (tiff == (TIFF *) NULL)
+     return(MagickFalse);
+-  if (exception->severity > ErrorException)
++  if (image->exception.severity > ErrorException)
+     {
+       TIFFClose(tiff);
+       return(MagickFalse);
+-- 
+2.11.0
+
diff -Nru imagemagick-6.9.10.23+dfsg/debian/patches/series imagemagick-6.9.10.23+dfsg/debian/patches/series
--- imagemagick-6.9.10.23+dfsg/debian/patches/series	2019-01-08 14:51:35.000000000 +0100
+++ imagemagick-6.9.10.23+dfsg/debian/patches/series	2019-05-03 16:27:07.000000000 +0200
@@ -20,3 +20,6 @@
 0020-Fix-remaining-error-in-documentation.patch
 0021-Fix-privacy-breach.patch
 0022-Revert-https-imagemagick.org-discourse-server-viewto.patch
+0023-https-github.com-ImageMagick-ImageMagick-issues-1523.patch
+0024-https-github.com-ImageMagick-ImageMagick-issues-1532.patch
+0025-https-github.com-ImageMagick-ImageMagick-issues-1532.patch

Reply to:

Follow-Ups:
- Bug#928402: marked as done (unblock: imagemagick/8:6.9.10.23+dfsg-2.1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#928401: [pre-approval] unblock: manpages/4.16-2
Next by Date: Bug#928401: [pre-approval] unblock: manpages/4.16-2
Previous by thread: Bug#928401: marked as done ([pre-approval] unblock: manpages/4.16-2)
Next by thread: Bug#928402: marked as done (unblock: imagemagick/8:6.9.10.23+dfsg-2.1)
Index(es):
- Date
- Thread