Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.changes > #13629

Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u9 (source) into oldstable-proposed-updates

From Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Newsgroups linux.debian.changes
Subject Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u9 (source) into oldstable-proposed-updates
Date 2026-05-03 22:10 +0200
Message-ID <MQLix-2mks-3@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Apr 2026 16:03:16 +0200
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u9
Distribution: bookworm-security
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1134627
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u9) bookworm-security; urgency=medium
 .
   * Fix CVE-2026-25971:
     Magick fails to check for circular references between two MSLs,
     leading to a stack overflow.
   * Fix CVE-2026-33899:
     When `Magick` parses an XML file it is possible that a single
     zero byte is written out of the bounds.
   * Fix CVE-2026-33900:
     The viff encoder contains an integer truncation/wraparound
     issue on 32-bit builds that could trigger an out of bounds
     heap write, potentially causing a crash.
   * Fix CVE-2026-33901:
     A heap buffer overflow occurs in the MVG decoder that could
     result in an out of bounds write when processing a crafted image
   * Fix CVE-2026-33905
     The -sample operation has an out of bounds read when an
     specific offset is set through the `sample:offset` define that could
     lead to an out of bounds read.
   * Fix CVE-2026-33908:
     When Magick processes an XML file with deeply nested structures,
     it will exhaust the stack memory, resulting in a Denial of Service
     (DoS) attack.
   * Fix CVE-2026-34238:
     An integer overflow in the despeckle operation causes a heap
     buffer overflow on 32-bit builds that will result in an out
     of bounds write.
   * Fix CVE-2026-40310:
     A heap out-of-bounds write in the JP2 encoder with when a user specifies
     an invalid sampling index.
   * Fix CVE-2026-40311 (Closes: #1134627):
     A heap use-after-free vulnerability that can cause a crash when
     reading and printing values from an invalid XMP profile.
Checksums-Sha1:
 0343e1b2cae03317fe2213b30cec276174b51162 5105 imagemagick_6.9.11.60+dfsg-1.6+deb12u9.dsc
 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 64cb33cdf430bfee5b9b99e6dce29ad8e05aa220 324340 imagemagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz
 edfcdc7f41526ab05e9d87218daab416624d6eae 8485 imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo
Checksums-Sha256:
 5dec0ef2e65a0ec5c2a68915def537296c53a3906e6eb01c1174d6c531da749c 5105 imagemagick_6.9.11.60+dfsg-1.6+deb12u9.dsc
 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 imagemagick_6.9.11.60+dfsg.orig.tar.xz
 f6f3ae9f565fc3e4af376653d5b1750194d4734b12af1ca417f8303791b61b07 324340 imagemagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz
 bde6f6a87bae9303b818ca5c1a1459e9d41abef1d9d78f2b48973b1cae58a377 8485 imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo
Files:
 b74a51511e8e8220e67524d00e29da03 5105 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u9.dsc
 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.11.60+dfsg.orig.tar.xz
 4cf8ab27a2ef7c2ff2606700000a602f 324340 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz
 9afb4388a8891fda457b7fc764ebdd33 8485 graphics optional imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmnzxl4ACgkQADoaLapB
CF83lA/4oXu+t4RKjj1X6bxkRB4Fcu9rvui+VVx0L+zcYiJOHs/M6JCYN04yVRm7
nDZfb+9okswhiHQ9/2dVj8kxRsIJGnV6MPUZhmvGJlh/WuRpg54MkolpQZctm+XT
FBLJ2/gm9/be/XJ2mQiU14BJfMfUnDnbp/FF5CkaUagjgNqNGAiQiv8Lo7JWpKaF
G8yG1a7likNYihE/kr6CDP1RM4kVBC8GwnoMPt4CwrdISsJubR4KNLH1tuTRWj0N
DhdYidqX65yGvadzq6fBA7yRCQ2JQ2XgfIlK5JRY/VF7PRXk0E368ECvUHBU+MkB
WTptFMwf9D/coA332ECIPZnOmRCo9q9MXIY7Agb35/dN1vGPH1Zzlk6d4iW5saDF
26se75DxiXwhye3JBEqWbz8/diqvpPoINke4ykbycW81JYWOFrbE4mQpf71hCglN
q/4rcS8RwKMFqywPc+DrR/6hfb00rC4pup9/NEXdLe0jh/WTBMgFkLNY6W7JHVCE
bmw4BBsdwZ/psFP9VWl4GPjnf1ZzH3fPtwHiCy/kroOsHNmM0ptgCl2tlPKnevEj
b2aZzZWY1E8t/CY26ImxdpE2YAHlVDFq3xFbKuPzO96aj7Tk2V5b0ctJH1kcFxGT
fgLN9eTqGbgUeKpYQFHCuN/HnJXl178l2GN3eGBdUjOP3HC4jA==
=8tlJ
-----END PGP SIGNATURE-----

Back to linux.debian.changes | Previous | Next | Find similar

Thread

Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u9 (source) into  oldstable-proposed-updates Debian FTP Masters <ftpmaster@ftp-master.debian.org> - 2026-05-03 22:10 +0200

csiph-web