Hi Bastien,
Hope you are ok.
On Tue, Dec 15, 2020 at 10:34:59AM +0100, Bastien ROUCARIES wrote:
> Hi,
>
> As said on debian-provate go ahead please. I am late due to payjob issue.
Alright attached is a proposed debdiff for covering the CVEs, but
please double check them as well please (it includes as well disabling
the ghostscript handled formats).
There is though another RC bug, #971216 which needs handling for
bullseye and unstable.
Can you take it from here in case you got more free time?
Regards,
Salvatore
diff -Nru imagemagick-6.9.11.24+dfsg/debian/changelog
imagemagick-6.9.11.24+dfsg/debian/changelog
--- imagemagick-6.9.11.24+dfsg/debian/changelog 2020-07-27 03:13:36.0
+0200
+++ imagemagick-6.9.11.24+dfsg/debian/changelog 2021-01-03 15:06:17.0
+0100
@@ -1,3 +1,15 @@
+imagemagick (8:6.9.11.24+dfsg-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable ghostscript handled formats based on -SAFER insecurity
+ * Division by Zero in function OptimizeLayerFrames (CVE-2020-27560)
+(Closes: #972797)
+ * Fix shell injection vulnerability via the -authenticate option
+(CVE-2020-29599) (Closes: #977205)
+ * Restore passphrase support when rendering PDF's
+
+ -- Salvatore Bonaccorso Sun, 03 Jan 2021 15:06:17 +0100
+
imagemagick (8:6.9.11.24+dfsg-1) unstable; urgency=medium
* Acknowledge NMU
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
1970-01-01 01:00:00.0 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
2021-01-03 14:53:42.0 +0100
@@ -0,0 +1,24 @@
+Author: Steve Beattie
+Subject: disable ghostscript handled formats based on -SAFER insecurity
+
+Based on Tavis Ormandy's Recommendations
+updated: 2019-11-11
+
+---
+ config/policy.xml |5 +
+ 1 file changed, 5 insertions(+)
+
+--- a/config/policy.xml
b/config/policy.xml
+@@ -86,4 +86,11 @@
+
+
+
++
++
++
++
++
++
++
+
diff -Nru imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
--- imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
1970-01-01 01:00:00.0 +0100
+++ imagemagick-6.9.11.24+dfsg/debian/patches/0024-CVE-2020-27560.patch
2021-01-03 14:56:32.0 +0100
@@ -0,0 +1,34 @@
+From: Cristy
+Date: Mon, 19 Oct 2020 01:20:20 +
+Subject: https://github.com/ImageMagick/ImageMagick/pull/2743
+Origin:
https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
+Bug-Debian: https://bugs.debian.org/972797
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-27560
+
+---
+ magick/layer.c | 6 --
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/magick/layer.c b/magick/layer.c
+index ca7ab5da6947..e5c83ede6eda 100644
+--- a/magick/layer.c
b/magick/layer.c
+@@ -1382,11 +1382,13 @@ static Image *OptimizeLayerFrames(const Image *image,
+ if ( disposals[i] == DelDispose ) {
+ size_t time = 0;
+ while ( disposals[i] == DelDispose ) {
+-time += curr->delay*1000/curr->ticks_per_second;
++time += (size_t) (curr->delay*1000*
++ PerceptibleReciprocal((double) curr->ticks_per_second));
+ curr=GetNextImageInList(curr);
+ i++;
+ }
+- time += curr->delay*1000/curr->ticks_per_second;
++ time += (size_t) (curr->delay*1000*
++PerceptibleReciprocal((double) curr->ticks_per_second));
+ prev_image->ticks_per_second = 100L;
+ prev_image->delay = time*prev_image->ticks_per_second/1000;
+ }
+--
+2.30.0
+
diff -Nru
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
---
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
1970-01-01 01:00:00.0 +0100
+++
imagemagick-6.9.11.24+dfsg/debian/patches/0025-shell-injection-vulnerability-via-the-authenticate-o.patch
2021-01-03 14:58:59.0 +0100
@@ -0,0 +1,36 @@
+From a2b3dd8455da2f17849b55e6b6ddcce587e4a323 Mon Sep 17 00:00:00 2001
+From: Cristy
+Date: Mon, 16 Nov 2020 17:01:57 +
+Subject: [PATCH] shell injection vulnerability via the -authenticate option
+
+---
+ coders/pdf.c | 13 -
+ 1 file changed, 8 insertions(+), 5 deletions(-)
+
+diff --git a/coders/pdf.c b/coders/pdf.c
+index 5e4edc76099c..63eda5d81d64 100644
+--- a/coders/pdf.c
b/coders/pdf.c
+@@ -588,11 +588,14 @@ static Image *ReadPDFImage(const ImageInfo
*image_info,ExceptionInfo *exception)
+ if (option != (char *) NULL)
+ {
+ char
+-passphrase[Max