| Summary: | Graphicsmagick 1.3.32 fixes several new security issues | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | nicolas.salguero, sysadmin-bugs, tarazed25, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | graphicsmagick-1.3.31-1.5.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2019-06-16 20:24:44 CEST
David Walser
2019-06-16 20:24:52 CEST
Whiteboard:
(none) =>
MGA7TOO, MGA6TOO Suggested advisory: ======================== The updated packages fix security vulnerabilities. References: https://www.openwall.com/lists/oss-security/2019/06/15/9 ======================== Updated packages in core/updates_testing: ======================== graphicsmagick-1.3.32-1.mga6 lib(64)graphicsmagick3-1.3.32-1.mga6 lib(64)graphicsmagick++12-1.3.32-1.mga6 lib(64)graphicsmagickwand2-1.3.32-1.mga6 lib(64)graphicsmagick-devel-1.3.32-1.mga6 perl-Graphics-Magick-1.3.32-1.mga6 graphicsmagick-doc-1.3.32-1.mga6 from SRPMS: graphicsmagick-1.3.32-1.mga6.src.rpm CC:
(none) =>
nicolas.salguero mga6, x86_64 Updated the seven packages. Ran a few tests similar to those in a previous test of graphicsmagick. No regressions. $ gm version GraphicsMagick 1.3.32 2019-06-15 Q8 http://www.GraphicsMagick.org/ Copyright (C) 2002-2019 GraphicsMagick Group. [...] LIBS = -llcms2 -lfreetype -lX11 -llzma -lbz2 -lz -lltdl -lm -lpthread Captured an area of the screen using $ gm import bugz.png $ gm display bugz.png That displayed an image of the captured area. $ gm convert -rotate 180 GlenShiel_4.jpg flipped.ppm Image upside down. $ gm convert -rotate 90 workspace.jpg clockwise.png Image turned through 90°. $ cat gmtest.pl #!/bin/env perl # http://www.graphicsmagick.org/perl.html#example-script use Graphics::Magick; my($image, $status); $image = Graphics::Magick->new; $status = $image->Read('frame1.png', 'frame2.png', 'frame3.png', 'frame4.png'); warn "$status" if "$status"; $status = $image->Write('frames.gif'); warn "$status" if "$status"; $ perl gmtest.pl $ ll frames.gif -rw-r--r-- 1 lcl lcl 10120013 Jun 19 18:40 frames.gif $ gm animate frames.gif Continuous loop displaying the four images. $ gm montage loch*.png montage.jpg $ gm display montage.jpg Image shows thumbnails of ten photos in a 6x2 arrangement. $ perl imagestack.pl $ gm identify x.gif x.gif[0] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000001s x.gif[1] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000334s x.gif[2] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000254s x.gif[3] GIF 100x100+100+100 PseudoClass 256c 8-bit 35.6Ki 0.000u 0m:0.000157s $ gm animate -delay 50 x.gif Continuous loop animation at 2 frames per second. $ gm mogrify -resize 200% JessicaAlba.ppm Enlarged an image, overwriting the original. $ ./graffiti.pl This produced a new image x.ppm showing a red rectangle on a white background and a modified image xyz.ppm with a red rectangle superimposed. This looks good for 64bits. Whiteboard:
(none) =>
MGA6-64-OK Validating this. Advisory almost there. Keywords:
(none) =>
validated_update
Thomas Backlund
2019-06-21 01:56:31 CEST
CC:
(none) =>
tmb An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0194.html Status:
ASSIGNED =>
RESOLVED CVE-2019-12921 was fixed in this update: https://lists.opensuse.org/opensuse-security-announce/2020-03/msg00049.html |