!2 CVE-2022-44268 安全更新：possible arbitrary file leak

Merge pull request !2 from moyoo0/openkylin/yangtze

debian/patches/0050-2-CVE-2022-44268-possible-arbitrary-file-leak.patch

@@ -0,0 +1,30 @@
+From: rtlhq <nobelxyz@163.com>
+Date: Thu, 28 Dec 2023 10:02:35 +0000
+Subject: =?utf-8?q?!2_CVE-2022-44268_=E5=AE=89=E5=85=A8=E6=9B=B4=E6=96=B0?=
+ =?utf-8?q?=EF=BC=9Apossible_arbitrary_file_leak_Merge_pull_request_!2_from?=
+ =?utf-8?q?_moyoo0/openkylin/yangtze?=
+
+---
+ coders/png.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index af8d957..d4241c7 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -3785,13 +3785,14 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
+              */
+             if (!png_get_valid(ping,ping_info,PNG_INFO_pHYs) ||
+                 (LocaleCompare(text[i].key,"density") != 0 &&
+-                LocaleCompare(text[i].key,"units") != 0))
++                 LocaleCompare(text[i].key,"units") != 0))
+               {
+                 char
+                   key[MaxTextExtent];
+ 
+                 (void) FormatLocaleString(key,MaxTextExtent,"%s",text[i].key);
+                 if ((LocaleCompare(key,"version") == 0) ||
++                    (LocaleCompare(key,"profile") == 0) ||
+                     (LocaleCompare(key,"width") == 0))
+                   (void) FormatLocaleString(key,MagickPathExtent,"png:%s",
+                     text[i].key);

debian/patches/series

@@ -47,3 +47,4 @@ CVE-2023-34151-prepatch.patch
 CVE-2023-34151-prepatch-2.patch
 CVE-2023-34151.patch
 CVE-2023-3428.patch
+0050-2-CVE-2022-44268-possible-arbitrary-file-leak.patch