- security update (webp.c)

* CVE-2018-9135 [bsc#1087825] + ImageMagick-CVE-2018-9135.patch OBS-URL: https://build.opensuse.org/package/show/graphics/ImageMagick?expand=0&rev=356
2018-04-11 11:27:36 +00:00 · 2018-04-11 11:27:36 +00:00 · 7045d324ee
commit 7045d324ee
parent f913edfbae
3 changed files with 21 additions and 0 deletions
--- a/ImageMagick-CVE-2018-9135.patch
+++ b/ImageMagick-CVE-2018-9135.patch
@ -0,0 +1,12 @@
+--- a/coders/webp.c
+++ b/coders/webp.c
+@@ -181,6 +181,8 @@ static MagickBooleanType IsWEBPImageLossless(const unsigned char *stream,
+   /*
+     Read simple header.
+   */
+  if (length <= VP8_CHUNK_INDEX)
+    return(MagickFalse);
+   if (stream[VP8_CHUNK_INDEX] != EXTENDED_HEADER)
+     return(stream[VP8_CHUNK_INDEX] == LOSSLESS_FLAG ? MagickTrue : MagickFalse);
+   /*
+
--- a/ImageMagick.changes
+++ b/ImageMagick.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Apr 11 11:26:19 UTC 2018 - pgajdos@suse.com
+
+- security update (webp.c)
+  * CVE-2018-9135 [bsc#1087825]
+    + ImageMagick-CVE-2018-9135.patch
+
 -------------------------------------------------------------------
 Tue Apr 10 08:36:17 UTC 2018 - pgajdos@suse.com

--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -57,6 +57,7 @@ Patch4:         ImageMagick-write.t-pict.patch
 #%%ifarch i586
 Patch5:         ImageMagick-tests.tap-attributes.patch
 #%%endif
+Patch6:         ImageMagick-CVE-2018-9135.patch
 BuildRequires:  chrpath
 BuildRequires:  dos2unix
 BuildRequires:  fdupes
@ -313,6 +314,7 @@ HTML documentation for ImageMagick library and scene examples.
 %ifarch i586
 %patch5 -p1
 %endif
+%patch6 -p1

 %build
 # bsc#1088463