diff --git a/CVE-2021-20176.patch b/CVE-2021-20176.patch new file mode 100644 index 0000000000000000000000000000000000000000..201994f706cda63dbbc01f73035b34212a645101 --- /dev/null +++ b/CVE-2021-20176.patch @@ -0,0 +1,22 @@ +From 90255f0834eead08d59f46b0bda7b1580451cc0f Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Wed, 6 Jan 2021 18:12:06 -0500 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/3077 + +--- + magick/gem.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/gem.c b/magick/gem.c +index b18b69ec4..cb694cfef 100644 +--- a/magick/gem.c ++++ b/magick/gem.c +@@ -1580,7 +1580,7 @@ MagickExport double GenerateDifferentialNoise(RandomInfo *random_info, + beta=GetPseudoRandomValue(random_info); + alpha*=beta; + } +- noise=(double) (QuantumRange*i/SigmaPoisson); ++ noise=(double) (QuantumRange*i*PerceptibleReciprocal(SigmaPoisson)); + break; + } + case RandomNoise: diff --git a/ImageMagick.spec b/ImageMagick.spec index 60abfac8af68f058f2eed11768ed94254565d1d9..e626a12272840440d907e9530578109a3fc65972 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,7 +1,7 @@ Name: ImageMagick Epoch: 1 Version: 6.9.10.67 -Release: 10 +Release: 12 Summary: Create, edit, compose, or convert bitmap images License: ImageMagick and MIT Url: http://www.imagemagick.org/ @@ -32,6 +32,7 @@ Patch0022: CVE-2020-27754-pre-1.patch Patch0023: CVE-2020-27754-pre-2.patch Patch0024: CVE-2020-27754.patch Patch0025: CVE-2020-25664.patch +Patch0026: CVE-2021-20176.patch BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel @@ -188,7 +189,10 @@ rm PerlMagick/demo/Generic.ttf %{_libdir}/pkgconfig/ImageMagick++* %changelog -* Wed Feb 10 2021 zhanghua - 6.9.10.67-10 +* Thu Feb 25 2021 wangxiao - 6.9.10.67-12 +- Fix CVE-2021-20176 + +* Wed Feb 10 2021 zhanghua - 6.9.10.67-11 - fix CVE-2020-25664 CVE-2020-27754 * Tue Jan 12 2021 wangxiao - 6.9.10.67-9