File _patchinfo of Package patchinfo.11105

<patchinfo incident="11105">
  <issue tracker="cve" id="2019-11506"/>
  <issue tracker="cve" id="2019-11472"/>
  <issue tracker="cve" id="2019-11470"/>
  <issue tracker="cve" id="2019-11505"/>
  <issue tracker="cve" id="2019-11598"/>
  <issue tracker="bnc" id="1133204">VUL-1: CVE-2019-11472: ImageMagick,GraphicsMagick: ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the</issue>
  <issue tracker="bnc" id="1133498">VUL-1: CVE-2019-11506: GraphicsMagick: heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possi</issue>
  <issue tracker="bnc" id="1133501">VUL-1: CVE-2019-11505: GraphicsMagick,ImageMagick: heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly</issue>
  <issue tracker="bnc" id="1133205">VUL-1: CVE-2019-11470: ImageMagick: The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attackers to cause a denial-of-service (uncontrolled resource consumption) by crafting a Cineon image with an incorrect claimed image size.</issue>
  <issue tracker="bnc" id="1136183">VUL-1: ImageMagick: PCL might still decode using ghostscript</issue>
  <issue tracker="bnc" id="1136732">VUL-0: CVE-2019-11598: ImageMagick: heap-based buffer over-read in the function WritePNMImage of coders/pnm.c leading to DoS or information disclosure</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for ImageMagick</summary>
  <description>This update for ImageMagick fixes the following issues:

Security issues fixed:

- CVE-2019-11472: Fixed a denial-of-service in ReadXWDImage() (bsc#1133204).
- CVE-2019-11470: Fixed a denial-of-service in ReadCINImage() (bsc#1133205).
- CVE-2019-11506: Fixed a heap-based buffer overflow in the WriteMATLABImage() (bsc#1133498).
- CVE-2019-11505: Fixed a heap-based buffer overflow in the WritePDBImage() (bsc#1133501).
- CVE-2019-11598: Fixed a heap-based buffer overread in WritePNMImage() (bsc#1136732)

We also now disable PCL in the -SUSE configuration, as it also uses ghostscript for decoding (bsc#1136183)

</description>
</patchinfo>