diff --git a/CVE-2021-20176.patch b/CVE-2021-20176.patch new file mode 100644 index 0000000000000000000000000000000000000000..201994f706cda63dbbc01f73035b34212a645101 --- /dev/null +++ b/CVE-2021-20176.patch @@ -0,0 +1,22 @@ +From 90255f0834eead08d59f46b0bda7b1580451cc0f Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 6 Jan 2021 18:12:06 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3077 + +--- + magick/gem.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/gem.c b/magick/gem.c +index b18b69ec4..cb694cfef 100644 +--- a/magick/gem.c ++++ b/magick/gem.c +@@ -1580,7 +1580,7 @@ MagickExport double GenerateDifferentialNoise(RandomInfo *random_info, + beta=GetPseudoRandomValue(random_info); + alpha*=beta; + } +- noise=(double) (QuantumRange*i/SigmaPoisson); ++ noise=(double) (QuantumRange*i*PerceptibleReciprocal(SigmaPoisson)); + break; + } + case RandomNoise: diff --git a/ImageMagick.spec b/ImageMagick.spec index b688f10355b5e55708b6bdaba478bf6a84fd7e98..464ed909b1e7580ff94e5fe10cc0e6450dbb057d 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 11 +Release: 12 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -32,6 +32,7 @@ Patch0022: CVE-2020-27754-pre-1.patch Patch0023: CVE-2020-27754-pre-2.patch Patch0024: CVE-2020-27754.patch Patch0025: CVE-2020-25664.patch +Patch0026: CVE-2021-20176.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -189,6 +190,9 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog +* Thu Feb 25 2021 wangxiao - 6.9.10.67-12 +- Fix CVE-2021-20176 + * Wed Feb 10 2021 zhanghua - 6.9.10.67-11 - fix CVE-2020-25664 CVE-2020-27754