1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES.DEVE

  • Accepted imagemagick 8:7.1.1.47+dfsg1-2 (source) into unstable

    From Debian FTP Masters@21:1/5 to All on Thu Jul 17 00:20:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Tue, 15 Jul 2025 22:29:23 +0200
    Source: imagemagick
    Architecture: source
    Version: 8:7.1.1.47+dfsg1-2
    Distribution: unstable
    Urgency: medium
    Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
    Changed-By: Bastien Roucariès <rouca@debian.org>
    Closes: 1109339
    Changes:
    imagemagick (8:7.1.1.47+dfsg1-2) unstable; urgency=medium
    .
    * Fix CVE-2025-53014:
    A heap buffer overflow was found in the `InterpretImageFilename`
    function. The issue stems from an off-by-one error that
    causes out-of-bounds memory access when processing format
    strings containing consecutive percent signs (`%%`).
    (Closes: #1109339)
    * Fix CVE-2025-53015:
    Infinite loop occur when writing during a specific XMP
    file conversion command
    (Closes: #1109339)
    * Fix CVE-2025-53019:
    `magick stream` command, specifying
    multiple consecutive `%d` format specifiers in a
    filename template causes a memory leak
    (Closes: #1109339)
    * Fix CVE-2025-53101:
    `magick mogrify` command, specifying multiple consecutive
    `%d` format specifiers in a filename template causes
    internal pointer arithmetic to generate an address
    below the beginning of the stack buffer, resulting
    in a stack overflow through `vsnprintf()`
    (Closes: #1109339)
    Checksums-Sha1:
    e11a11e18e41b2e78e9758da2bc77da2a7031152 5104 imagemagick_7.1.1.47+dfsg1-2.dsc
    92b23f2f93e7648fd23941cac2326b663de17402 276836 imagemagick_7.1.1.47+dfsg1-2.debian.tar.xz
    8c4f9bf1c7aae6b4b7511b5e429228271ac55c74 29505 imagemagick_7.1.1.47+dfsg1-2_amd64.buildinfo
    Checksums-Sha256:
    2d2182a12e1d1282ef853d44e81ce4e0dccfae98bcf1ccfa13570c4a0787fb53 5104 imagemagick_7.1.1.47+dfsg1-2.dsc
    9cde51d8f5c11b09f5e51519256a207d269698ebe5d1771e81d27f459e84414e 276836 imagemagick_7.1.1.47+dfsg1-2.debian.tar.xz
    aaeb2f244a6d5deb796bca213d09f836dbdcded85cd89ab44b4f1d3e9274341a 29505 imagemagick_7.1.1.47+dfsg1-2_amd64.buildinfo
    Files:
    9fad0cf80e077f29f5a9ca0886871547 5104 graphics optional imagemagick_7.1.1.47+dfsg1-2.dsc
    8106e7eafebc1d3d379f2f767816fdbf 276836 graphics optional imagemagick_7.1.1.47+dfsg1-2.debian.tar.xz
    acb95c843a8047dfbb6bcf27e2ae79f8 29505 graphics optional imagemagick_7.1.1.47+dfsg1-2_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh4IU8ACgkQADoaLapB CF9/xA/+JiEGO9rgYu3iN9SVph1va0Fc7JDykwW0OTEMC7NSWm7B+dcu6RlSMdYW 7hmDuCaxKGxLjA1vbUfSncP1pT3vdHO7yLGZqRynIS+nGhq2K66H8sO62XODG/mq 1zYRVQAywja7Wj8aKKIgJ99x0slDKS7y0FNaES8UloeHUoMKpRfTRST8hw14f9Lu SxLsQXkJV8pGrpyIegKGCOCdxkdndo1r9yJBkJlMtS92OhHXOhgbbNQo0n1mHAFK 8ZvBQ1GnmEq8cKTUh3ZKIDNCsGlXErHoc5wtojP5X8dynaSbfYTs3Jbrt1bnBl5o XPY2zRFCOSVGOevrQmljCLHpdt+/kr8zxCTX7mi6je1C5u5QUnSYZKp+kTTxIa6t PKJbnr4tOfQE5ncAKO1E7qwoTy8jubWmhqtQVNZpf65M81TX0b8XkK1QV3mH071k c6TqWKO7z1U36BMjdm7wTQ4GUc5HyDButOwLVuCQvZh9zcY68XVw8Pfois2pMcKI Z92IyyhXlGxu4pMIeh5KKikUsCHBNHxWPKcBbfTCVtry+VR9ga/AUclvLWn3qt+s 63fcMG8YE3PsbsYraFDJ/ldFQQgidgJZq8O4wL4cqDktvrRlkIvMSCAbLoBbxaZ/ xMIkqZKy9JfJOy6qDt0r/ILooPrddHgVGDJWLSOaABhIgvzuwBU=
    =hf5P
    -----END PGP SIGNATURE-----


    --==============30669246960121154=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaHglXgAKCRCb9qggYcy5 IXxTAP0Z+KTdv0g6TgaWqBvtqc99ej2Ud/mz31ktBBmVsjzUfgD/Uud+oSGKPAUN zaSUuU070I9Kyh5bQTQYGu8y9TLmFwc=oBVU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)