commit ImageMagick for openSUSE:Factory

Fri, 30 Jun 2023 10:58:18 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ImageMagick for openSUSE:Factory 
checked in at 2023-06-30 19:58:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old)
 and      /work/SRC/openSUSE:Factory/.ImageMagick.new.13546 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ImageMagick"

Fri Jun 30 19:58:00 2023 rev:277 rq:1095937 version:7.1.1.12

Changes:
--------
--- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes  2023-06-16 
16:54:02.681421197 +0200
+++ /work/SRC/openSUSE:Factory/.ImageMagick.new.13546/ImageMagick.changes       
2023-06-30 19:58:06.529371027 +0200
@@ -1,0 +2,8 @@
+Thu Jun 29 09:17:27 UTC 2023 - pgaj...@suse.com
+
+- version update to 7.1.1.12
+- added patches
+  fix CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c
+  + ImageMagick-CVE-2023-3428.patch
+
+-------------------------------------------------------------------

Old:
----
  ImageMagick-7.1.1-11.tar.xz
  ImageMagick-7.1.1-11.tar.xz.asc

New:
----
  ImageMagick-7.1.1-12.tar.xz
  ImageMagick-7.1.1-12.tar.xz.asc
  ImageMagick-CVE-2023-3428.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ImageMagick.spec ++++++
--- /var/tmp/diff_new_pack.eHoOL2/_old  2023-06-30 19:58:07.453376523 +0200
+++ /var/tmp/diff_new_pack.eHoOL2/_new  2023-06-30 19:58:07.457376547 +0200
@@ -20,7 +20,7 @@
 %define asan_build     0
 %define maj            7
 %define mfr_version    %{maj}.1.1
-%define mfr_revision   11
+%define mfr_revision   12
 %define quantum_depth  16
 %define source_version %{mfr_version}-%{mfr_revision}
 %define clibver        10
@@ -55,6 +55,8 @@
 Patch4:         ImageMagick-filter.t-disable-Contrast.patch
 #%%endif
 #%%endif
+# CVE-2023-3428 [bsc#1212847], heap-buffer-overflow in coders/tiff.c
+Patch5:         ImageMagick-CVE-2023-3428.patch
 BuildRequires:  chrpath
 BuildRequires:  dejavu-fonts
 BuildRequires:  fdupes
@@ -297,6 +299,7 @@
 %patch4 -p1
 %endif
 %endif
+%patch5 -p1
 
 %build
 # bsc#1088463

++++++ ImageMagick-7.1.1-11.tar.xz -> ImageMagick-7.1.1-12.tar.xz ++++++
/work/SRC/openSUSE:Factory/ImageMagick/ImageMagick-7.1.1-11.tar.xz 
/work/SRC/openSUSE:Factory/.ImageMagick.new.13546/ImageMagick-7.1.1-12.tar.xz 
differ: char 26, line 1

++++++ ImageMagick-CVE-2023-3428.patch ++++++
diff --git a/coders/tiff.c b/coders/tiff.c
index 9e0d0b1201..df4274cacd 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -2010,7 +2010,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         number_pixels=(MagickSizeType) columns*rows;
         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
-        extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
+        
extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
           TIFFTileSize(tiff));
         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
           sizeof(*tile_pixels));

Reply via email to