[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 (source) into testing-proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 22:29:23 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.1.43+dfsg1-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1109339
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u1) trixie; urgency=medium
 .
   * Fix CVE-2025-53014:
     A heap buffer overflow was found in the `InterpretImageFilename`
     function. The issue stems from an off-by-one error that
     causes out-of-bounds memory access when processing format
     strings containing consecutive percent signs (`%%`).
     (Closes: #1109339)
   * Fix CVE-2025-53015:
     Infinite loop occur when writing during a specific XMP
     file conversion command
     (Closes: #1109339)
   * Fix CVE-2025-53019:
     `magick stream` command, specifying
     multiple consecutive `%d` format specifiers in a
     filename template causes a memory leak
     (Closes: #1109339)
   * Fix CVE-2025-53101:
     `magick mogrify` command, specifying multiple consecutive
     `%d` format specifiers in a filename template causes
     internal pointer arithmetic to generate an address
     below the beginning of the stack buffer, resulting
     in a stack overflow through `vsnprintf()`
     (Closes: #1109339)
   * Fix CVE-2025-43965:
     In MIFF image processing, image depth is mishandled
     after SetQuantumFormat is used.
   * Fix CVE-2025-46393:
     In multispectral MIFF image processing, packet_size is mishandled.
Checksums-Sha1:
 08a497fc2d4f3ffb09e9b4df5a0ec608a2233e68 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u1.dsc
 a0f4484fe9a397d714bf5f0e1d803a5c3e3fbe9f 277660 imagemagick_7.1.1.43+dfsg1-1+deb13u1.debian.tar.xz
 de32ff184bbfe8455bb6cd9d6c67616d30746282 30557 imagemagick_7.1.1.43+dfsg1-1+deb13u1_amd64.buildinfo
Checksums-Sha256:
 8e81a74a85be19f0aa3511db289955935b3d30b5c655e911dd10df5bf60a9444 5136 imagemagick_7.1.1.43+dfsg1-1+deb13u1.dsc
 2b07de47ae8270c0054f5de9bef6f79c9560610f3c7f186ec459d048a4e057b8 277660 imagemagick_7.1.1.43+dfsg1-1+deb13u1.debian.tar.xz
 7a433ae198448d708d6079c8e45eb0b30fc1e660207b089677021ef832cba5d8 30557 imagemagick_7.1.1.43+dfsg1-1+deb13u1_amd64.buildinfo
Files:
 f5396df5cb49623d1a055ad5e9b5cb02 5136 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u1.dsc
 65f6aa18b139bfbaa4fec920b1adf89f 277660 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u1.debian.tar.xz
 5766f530ea54fd36dd13293e49e4be31 30557 graphics optional imagemagick_7.1.1.43+dfsg1-1+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh6v/UACgkQADoaLapB
CF+s6w/+JZy+KRU78JnOX5e827FitMW7uwgXOjbVM39Ivpe9ADV4sNRh4Syf4EIw
g00P/hKzcUJsK9Pgs7k9PWhFdHlkVa1Ujr8m0ikj3ly6D4RIAVDS8CTixVsH/RID
+CQklI+zgOtRrXnycR0kMFEfkpU3+YkSPA7SOmXtnvfG2MGe99w9opVYe9OpSV8Z
9pfrVLTUYM/mA+xM0N39+WwiKuVne3px6UYHpaYgqcQ2oauKdLSyxQvoHHZ9Dzj3
4rn5SxxhuKBOCVc7KeXo45Ho/jqnHdIUunmS97HyBx1+P3viPY/XsXB4q2XkVTl+
eaRqWuUMNy65V1kT4Gn31cC/H/lNem8+ii6jCTS6i0KWNQfKEBGgUOlhD3ibVwL+
Ar58bDcW8xr8H2SL3ZAkTeoDMxDxag/j+2M8UaWRjq1fKE6ndNcB9aMYM7Bly3c0
9WH4GgqHDmk966u6hRonCk0B9iB3nVEF5f6tOuByUM+q1rmXJDSEgYMTNhLQzQnE
9Qnnac4gA3lPQMvL4H3jAKE8ToVTysTdpf+dgem759lwnuvuZNwt9xM4Cnfseblg
STWIYorC6ThWWANdrHn4EX9BLpGIDqPQeQn3YLiUBfaJU8EjfhKIReR/+BoEbOL+
FSuK6RBKCs/ATlBr1QPp1pOf8eE8BFR87GFdCe92PtH7wIG8NXk=
=9eVf
-----END PGP SIGNATURE-----

Attachment: pgpeYPeAorz2h.pgp
Description: PGP signature

Reply to: