File _patchinfo of Package patchinfo.7668

<patchinfo incident="7668">
  <issue id="1098545" tracker="bnc">VUL-0: CVE-2018-12600: GraphicsMagick,ImageMagick: out of bounds write in ReadDIBImage and WriteDIBImage in coders/dib.c</issue>
  <issue id="1098546" tracker="bnc">VUL-0: CVE-2018-12599: GraphicsMagick,ImageMagick: out of bounds write in ReadBMPImage and WriteBMPImage in coders/bmp.c</issue>
  <issue id="2018-12599" tracker="cve" />
  <issue id="2018-12600" tracker="cve" />
  <issue tracker="bnc" id="1094742">ImageMagick: Error message when running convert with `-gamma -1,-1,0`parameter</issue>
  <issue tracker="bnc" id="1094745">openQA test fails in ImageMagick - `-gamma` behavior is off</issue>
  <issue id="1095812" tracker="bnc">VUL-1: CVE-2018-10805: ImageMagick: Memory leak in ReadYCBCRImage</issue>
  <issue id="1096200" tracker="bnc">VUL-1: CVE-2018-11625: GraphicsMagick,ImageMagick: heap-based buffer over-read in SetGrayscaleImage in the quantize.c</issue>
  <issue id="1096203" tracker="bnc">VUL-1: CVE-2018-11624: GraphicsMagick,ImageMagick: use after free in ReadMATImage function in coders/mat.c</issue>
  <issue tracker="cve" id="2018-11624"></issue>
  <issue tracker="cve" id="2018-11625"></issue>
  <issue tracker="cve" id="2018-10805"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for ImageMagick fixes the following issues:

The following security vulnerabilities were fixed:

- CVE-2018-11625: Fixed heap-based buffer over-read in SetGrayscaleImage in the
  quantize.c file, which allowed remote attackers to cause buffer over-read via
  a crafted file. (bsc#1096200)
- CVE-2018-11624: Fixed a use-after-free issue in the ReadMATImage function in
  coders/mat.c. (bsc#1096203)
- CVE-2018-10805: Fixed several memory leaks in bgr.c, rgb.c, cmyk.c, gray.c,
  and ycbcr.c (bsc#1095812)
- CVE-2018-12600: The ReadDIBImage and WriteDIBImage functions allowed
  attackers to cause an out of bounds write via a crafted file (bsc#1098545).
- CVE-2018-12599: The ReadBMPImage and WriteBMPImage fucntions allowed
  attackers to cause an out of bounds write via a crafted file (bsc#1098546).

The following other changes were made:

- Fix -gamma issues in special cases. (bsc#1094745, bsc#1094742)
</description>
  <summary>Security update for ImageMagick</summary>
</patchinfo>