Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u4 (source) into oldstable-proposed-updates

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Sep 2025 23:54:25 +0200
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1109339 1111103 1111586 1111587 1112469 1114520
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u4) bookworm-security; urgency=medium
 .
   * Fix CVE-2025-53014:
     A heap buffer overflow was found in the `InterpretImageFilename`
     function. The issue stems from an off-by-one error that causes
     out-of-bounds memory access when processing format strings
     containing consecutive percent signs (`%%`).
     (Closes: #1109339)
   * Fix CVE-2025-53019:
     ImageMagick's `magick stream` command, specifying multiple
     consecutive `%d` format specifiers in a filename template
     causes a memory leak
   * Fix CVE-2025-53101:
     ImageMagick's `magick mogrify` command, specifying
     multiple consecutive `%d` format specifiers in a filename
     template causes internal pointer arithmetic to generate
     an address below the beginning of the stack buffer,
     resulting in a stack overflow through `vsnprintf()`.
   * Fix CVE-2025-55154:
     the magnified size calculations in ReadOneMNGIMage
     (in coders/png.c) are unsafe and can overflow,
     leading to memory corruption.
     (Closes: #1111103)
   * Fix CVE-2025-55212:
     passing a geometry string containing only a colon (":")
     to montage -geometry leads GetGeometry() to set width/height
     to 0. Later, ThumbnailImage() divides by these zero dimensions,
     triggering a crash (SIGFPE/abort)
     (Closes: #1111587)
   * Fix CVE-2025-55298:
     A format string bug vulnerability exists in InterpretImageFilename
     function where user input is directly passed to FormatLocaleString
     without proper sanitization. An attacker can overwrite arbitrary
     memory regions, enabling a wide range of attacks from heap
     overflow to remote code execution.
     (Closes: #1111586)
   * Fix CVE-2025-57803:
     A 32-bit integer overflow in the BMP encoder’s scanline-stride
     computation collapses bytes_per_line (stride) to a tiny
     value while the per-row writer still emits 3 × width bytes
     for 24-bpp images. The row base pointer advances using the
     (overflowed) stride, so the first row immediately writes
     past its slot and into adjacent heap memory with
     attacker-controlled bytes.
     (Closes: #1112469)
   * Fix CVE-2025-57807:
     A security problem was found in SeekBlob(), which permits
     advancing the stream offset beyond the current end without
     increasing capacity, and WriteBlob(), which then expands by
     quantum + length (amortized) instead of offset + length,
     and copies to data + offset. When offset ≫ extent, the
     copy targets memory beyond the allocation, producing a
     deterministic heap write on 64-bit builds. No 2⁶⁴
     arithmetic wrap, external delegates, or policy settings
     are required.
     (Closes: #1114520)
Checksums-Sha1:
 79d5b02adec86c1503fd0db2ac8df8a191a0c0d5 5131 imagemagick_6.9.11.60+dfsg-1.6+deb12u4.dsc
 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 70c71068c5c82ad582e9a523c935256fae4ee3b6 275684 imagemagick_6.9.11.60+dfsg-1.6+deb12u4.debian.tar.xz
 7cf8d6c36d053800677eec088ae28c9c2943e29b 8034 imagemagick_6.9.11.60+dfsg-1.6+deb12u4_source.buildinfo
Checksums-Sha256:
 520ab1f2e2310d89018595597b4e922291725aea14d5f835b042ba657a0a5190 5131 imagemagick_6.9.11.60+dfsg-1.6+deb12u4.dsc
 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 6d627be6acec16282946f038acb765e8dd0475fc681d17298e84dd0c9593d133 275684 imagemagick_6.9.11.60+dfsg-1.6+deb12u4.debian.tar.xz
 ba5ada3a3363e5dc02d0b16a49dfe97ca9a2dc942101c7e5f73d9288ed954155 8034 imagemagick_6.9.11.60+dfsg-1.6+deb12u4_source.buildinfo
Files:
 ee9e4cbe88f6e0756a5b9cc1ff64ff69 5131 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u4.dsc
 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz
 e2f4a6d8aceaae5796b7dfcf69c69d37 275684 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u4.debian.tar.xz
 b69db9c5cafe177d98a6c59f5a71f7b1 8034 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u4_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmi+lOARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9m1Q/8DzO2RNbgP1Zv9usHCyBsG7wfKga9y9Hi
6dDFx5E6cKbIjx85/4mUAj4DMgenw6WKCc8t81q/5f3HcgV82uv9O8MhqrJBZooH
fEpeKHm4+M8ACc5ZRVHa5bvAT1j3WDfYH2jL/OFlsyrGA17q2NV1NSeHPgJVPxtE
1gKe8++oeHB+TNhAg4WJ6UzHUzMpERSwqaJ//AEIzXYV1ww9djFCUY7/1ynrNjU7
G31M5ZiBInDQFk+5XcpnWZgX2k4Iz8uIrmPh1MR5JKGgkYM7BKwlwJSUBi4e6+Yd
MjD65hEkzY7CHlzlYswYESG+MTrKPZZ/brpuiN4GbzIkIA0P0M5Zca8wVKkq6L/1
kC+JcTsBJzUpP5pBkv0wfFGMk8iW+MBH9YVkW8KlbI+BZiuUQ4OB0ul+iFYKKV6d
B+dgAueAEFkC5oyDTCoF9+IKUrPr5nqy/OKQM5XUNwmHpLMNWEbhX0SF+TtEQ5YC
TfX2BA23zw6MX7DBdTeHzXzX7PCLW5neW6qOkisvx46p/ubKNydoF8BHGC+hlSEk
7IHmGyGE7AvtHK963pKemu+qa+6O+LVIoXSA5ET2fAj9ttPZEDG55xuAdAhtETAj
KViv3wX3OjEwbOOovuAmMqD99Zn9Q1ByG+CpJcRPrhGtqGjM6NO2WO0WSg67qZFR
OTM+OikhAPg=
=CjgP
-----END PGP SIGNATURE-----

Attachment: pgpNYMg0mA9DF.pgp
Description: PGP signature