[Buildroot] [PATCH 1/1] package/imagemagick: security bump to version 7.0.7-1
Peter Korsgaard
peter at korsgaard.com
Thu Sep 21 14:25:20 UTC 2017
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls at t-online.de> writes:
> Quoting CVE-related issues from
> https://github.com/ImageMagick/ImageMagick/blob/master/ChangeLog
> 2017-07-29 7.0.6-5 Glenn Randers-Pehrson <glennrp at image...>
> * Fix improper use of NULL in the JNG decoder (CVE-2017-11750, Reference
> https://github.com/ImageMagick/ImageMagick/issues/632).
> 2017-07-24 7.0.6-4 Cristy <quetzlzacatenango at image...>
> * Fixed numerous memory leaks (reference
> https://github.com/ImageMagick/ImageMagick/issues) including
> https://github.com/ImageMagick/ImageMagick/issues/618 (CVE-2017-12676).
> 2017-07-23 7.0.6-3 Glenn Randers-Pehrson <glennrp at image...>
> * Fix memory leaks when reading a malformed JNG image:
> https://github.com/ImageMagick/ImageMagick/issues/600 (CVE-2017-13141),
> https://github.com/ImageMagick/ImageMagick/issues/602 (CVE-2017-12565).
> 2017-07-19 7.0.6-2 Cristy <quetzlzacatenango at image...>
> * coders/png.c: fixed memory leak of quantum_info (CVE-2017-11539, reference
> https://github.com/ImageMagick/ImageMagick/issues/582
> * coders/png.c: fixed NULL dereference when trying to write an empty MNG
> (CVE-2017-11522, reference
> https://github.com/ImageMagick/ImageMagick/issues/586).
> 2017-06-22 7.0.6-1 Glenn Randers-Pehrson <glennrp at image...>
> * Stop a memory leak in read_user_chunk_callback() (reference
> https://github.com/ImageMagick/ImageMagick/issues/517,
> CVE 2017-11310).
> Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Committed to 2017.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list