Path: csiph.com!weretis.net!feeder8.news.weretis.net!fu-berlin.de!bofh.it!news.nic.it!robomod From: Debian FTP Masters Newsgroups: linux.debian.changes Subject: Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u9 (source) into oldstable-proposed-updates Date: Sun, 03 May 2026 22:10:01 +0200 Message-ID: X-Mailbox-Line: From debian-changes-request@lists.debian.org Sun May 3 20:04:40 2026 Old-Return-Path: X-Spam-Flag: NO X-Spam-Score: -110.39 X-Dak: dak process-policy X-Debian: DAK X-Debian-Package: imagemagick Debian: DAK Debian-Changes: imagemagick_6.9.11.60+dfsg-1.6+deb12u9_source.changes Debian-Source: imagemagick Debian-Version: 8:6.9.11.60+dfsg-1.6+deb12u9 Debian-Architecture: source Debian-Suite: oldstable-proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============4748584875556795333==" X-Debian-Message: from DAK Reply-To: debian-devel@lists.debian.org Mail-Followup-To: debian-devel@lists.debian.org X-Mailing-List: archive/latest/18251 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/E1wJd3A-0000000A5aZ-2WfO@fasolo.debian.org Approved: robomod@news.nic.it Lines: 111 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Sun, 03 May 2026 20:04:24 +0000 X-Original-Message-ID: Xref: csiph.com linux.debian.changes:13629 --===============4748584875556795333== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Apr 2026 16:03:16 +0200 Source: imagemagick Architecture: source Version: 8:6.9.11.60+dfsg-1.6+deb12u9 Distribution: bookworm-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucari=C3=A8s Closes: 1134627 Changes: imagemagick (8:6.9.11.60+dfsg-1.6+deb12u9) bookworm-security; urgency=3Dmedi= um . * Fix CVE-2026-25971: Magick fails to check for circular references between two MSLs, leading to a stack overflow. * Fix CVE-2026-33899: When `Magick` parses an XML file it is possible that a single zero byte is written out of the bounds. * Fix CVE-2026-33900: The viff encoder contains an integer truncation/wraparound issue on 32-bit builds that could trigger an out of bounds heap write, potentially causing a crash. * Fix CVE-2026-33901: A heap buffer overflow occurs in the MVG decoder that could result in an out of bounds write when processing a crafted image * Fix CVE-2026-33905 The -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. * Fix CVE-2026-33908: When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. * Fix CVE-2026-34238: An integer overflow in the despeckle operation causes a heap buffer overflow on 32-bit builds that will result in an out of bounds write. * Fix CVE-2026-40310: A heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. * Fix CVE-2026-40311 (Closes: #1134627): A heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. Checksums-Sha1: 0343e1b2cae03317fe2213b30cec276174b51162 5105 imagemagick_6.9.11.60+dfsg-1.6= +deb12u9.dsc 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 imagemagick_6.9.11.60+dfsg.= orig.tar.xz 64cb33cdf430bfee5b9b99e6dce29ad8e05aa220 324340 imagemagick_6.9.11.60+dfsg-1= .6+deb12u9.debian.tar.xz edfcdc7f41526ab05e9d87218daab416624d6eae 8485 imagemagick_6.9.11.60+dfsg-1.6= +deb12u9_source.buildinfo Checksums-Sha256: 5dec0ef2e65a0ec5c2a68915def537296c53a3906e6eb01c1174d6c531da749c 5105 imagem= agick_6.9.11.60+dfsg-1.6+deb12u9.dsc 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 ima= gemagick_6.9.11.60+dfsg.orig.tar.xz f6f3ae9f565fc3e4af376653d5b1750194d4734b12af1ca417f8303791b61b07 324340 imag= emagick_6.9.11.60+dfsg-1.6+deb12u9.debian.tar.xz bde6f6a87bae9303b818ca5c1a1459e9d41abef1d9d78f2b48973b1cae58a377 8485 imagem= agick_6.9.11.60+dfsg-1.6+deb12u9_source.buildinfo Files: b74a51511e8e8220e67524d00e29da03 5105 graphics optional imagemagick_6.9.11.6= 0+dfsg-1.6+deb12u9.dsc 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional imagemagick_6.9.1= 1.60+dfsg.orig.tar.xz 4cf8ab27a2ef7c2ff2606700000a602f 324340 graphics optional imagemagick_6.9.11= .60+dfsg-1.6+deb12u9.debian.tar.xz 9afb4388a8891fda457b7fc764ebdd33 8485 graphics optional imagemagick_6.9.11.6= 0+dfsg-1.6+deb12u9_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIyBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmnzxl4ACgkQADoaLapB CF83lA/4oXu+t4RKjj1X6bxkRB4Fcu9rvui+VVx0L+zcYiJOHs/M6JCYN04yVRm7 nDZfb+9okswhiHQ9/2dVj8kxRsIJGnV6MPUZhmvGJlh/WuRpg54MkolpQZctm+XT FBLJ2/gm9/be/XJ2mQiU14BJfMfUnDnbp/FF5CkaUagjgNqNGAiQiv8Lo7JWpKaF G8yG1a7likNYihE/kr6CDP1RM4kVBC8GwnoMPt4CwrdISsJubR4KNLH1tuTRWj0N DhdYidqX65yGvadzq6fBA7yRCQ2JQ2XgfIlK5JRY/VF7PRXk0E368ECvUHBU+MkB WTptFMwf9D/coA332ECIPZnOmRCo9q9MXIY7Agb35/dN1vGPH1Zzlk6d4iW5saDF 26se75DxiXwhye3JBEqWbz8/diqvpPoINke4ykbycW81JYWOFrbE4mQpf71hCglN q/4rcS8RwKMFqywPc+DrR/6hfb00rC4pup9/NEXdLe0jh/WTBMgFkLNY6W7JHVCE bmw4BBsdwZ/psFP9VWl4GPjnf1ZzH3fPtwHiCy/kroOsHNmM0ptgCl2tlPKnevEj b2aZzZWY1E8t/CY26ImxdpE2YAHlVDFq3xFbKuPzO96aj7Tk2V5b0ctJH1kcFxGT fgLN9eTqGbgUeKpYQFHCuN/HnJXl178l2GN3eGBdUjOP3HC4jA=3D=3D =3D8tlJ -----END PGP SIGNATURE----- --===============4748584875556795333== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCafeqSAAKCRCb9qggYcy5 ITljAQD+lTpyf2iIoo2kfKWtI29bAgXyJBx3SiBlf5dwThgBEAD7BjbQKd2GDu1i m0XEGtSIqDYyMHqKsr2AEQ5zyQiCjAo= =jGO0 -----END PGP SIGNATURE----- --===============4748584875556795333==--