--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Cc: Thorsten Alteholz <debian@alteholz.de>
- Subject: buster-pu: package graphicsmagick/1.4+really1.3.35-1~deb10u2
- From: László Böszörményi (GCS) <gcs@debian.org>
- Date: Fri, 31 Dec 2021 17:02:01 +0100
- Message-id: <CAKjSHr2wGQ+utuTkP=h8Oc=L81M9d54LEd87HmvXtT_xCv1OxA@mail.gmail.com>
Package: release.debian.org
User: release.debian.org@packages.debian.org
Tags: buster
Severity: normal
Hi RMs,
There's a low priority security issue (CVE-2020-12672: heap-based
buffer overflow in ReadMNGImage in coders/png.c) in GraphicsMagick in
Buster.
Thorsten Alteholz backported the fix for this package version, debdiff
is attached. It would be nice if it can be accepted.
Thanks in advance,
Laszlo/GCS
diff -Nru graphicsmagick-1.4+really1.3.35/debian/changelog graphicsmagick-1.4+really1.3.35/debian/changelog
--- graphicsmagick-1.4+really1.3.35/debian/changelog 2020-04-18 18:30:17.000000000 +0200
+++ graphicsmagick-1.4+really1.3.35/debian/changelog 2021-12-31 16:41:12.000000000 +0100
@@ -1,3 +1,11 @@
+graphicsmagick (1.4+really1.3.35-1~deb10u2) buster; urgency=high
+
+ [ Thorsten Alteholz <debian@alteholz.de> ]
+ * CVE-2020-12672
+ Fix for a heap-based buffer overflow in ReadMNGImage() in coders/png.c.
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 31 Dec 2021 16:41:12 +0100
+
graphicsmagick (1.4+really1.3.35-1~deb10u1) buster-security; urgency=high
* Security backport for Buster.
diff -Nru graphicsmagick-1.4+really1.3.35/debian/patches/CVE-2020-12672.patch graphicsmagick-1.4+really1.3.35/debian/patches/CVE-2020-12672.patch
--- graphicsmagick-1.4+really1.3.35/debian/patches/CVE-2020-12672.patch 1970-01-01 01:00:00.000000000 +0100
+++ graphicsmagick-1.4+really1.3.35/debian/patches/CVE-2020-12672.patch 2021-12-31 16:41:08.000000000 +0100
@@ -0,0 +1,49 @@
+Index: graphicsmagick-1.4+really1.3.35/coders/png.c
+===================================================================
+--- graphicsmagick-1.4+really1.3.35.orig/coders/png.c 2021-12-30 00:10:05.139412435 +0100
++++ graphicsmagick-1.4+really1.3.35/coders/png.c 2021-12-30 00:10:05.131412440 +0100
+@@ -5689,7 +5689,28 @@
+
+ if (logging)
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+- " Processing MNG MAGN chunk");
++ " Processing MNG MAGN chunk: MB=%u, ML=%u,"
++ " MR=%u, MT=%u, MX=%u, MY=%u,"
++ " X_method=%u, Y_method=%u",
++ mng_info->magn_mb,mng_info->magn_ml,
++ mng_info->magn_mr,mng_info->magn_mt,
++ mng_info->magn_mx,mng_info->magn_my,
++ mng_info->magn_methx,
++ mng_info->magn_methy);
++
++ /*
++ If the image width is 1, then X magnification is done
++ by simple pixel replication.
++ */
++ if (image->columns == 1)
++ mng_info->magn_methx = 1;
++
++ /*
++ If the image height is 1, then Y magnification is done
++ by simple pixel replication.
++ */
++ if (image->rows == 1)
++ mng_info->magn_methy = 1;
+
+ if (mng_info->magn_methx == 1)
+ {
+@@ -5734,12 +5755,10 @@
+ Image
+ *large_image;
+
+- int
+- yy;
+-
+ long
+ m,
+- y;
++ y,
++ yy;
+
+ register long
+ x;
diff -Nru graphicsmagick-1.4+really1.3.35/debian/patches/series graphicsmagick-1.4+really1.3.35/debian/patches/series
--- graphicsmagick-1.4+really1.3.35/debian/patches/series 2019-07-25 18:43:39.000000000 +0200
+++ graphicsmagick-1.4+really1.3.35/debian/patches/series 2021-12-31 16:41:08.000000000 +0100
@@ -1,2 +1,4 @@
link-demos.diff
semaphore_O0_ppc64el.patch
+
+CVE-2020-12672.patch
--- End Message ---