1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1104243: bookworm-pu: package imagemagick/8:6.9.11.60+dfsg-1.6+deb1

    From Adrian Bunk@21:1/5 to All on Sun Apr 27 18:30:01 2025
    XPost: linux.debian.devel.release

    This is a multi-part MIME message sent by reportbug.


    Package: release.debian.org
    Severity: normal
    Tags: bookworm moreinfo
    User: release.debian.org@packages.debian.org
    Usertags: pu
    X-Debbugs-Cc: security@debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>

    * CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat

    Tagged moreinfo, as question to the security team whether they want
    this in pu or as DSA.

    diffstat for imagemagick-6.9.11.60+dfsg imagemagick-6.9.11.60+dfsg

    changelog | 7 ++
    patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch | 25 ++++++++++
    patches/series | 1
    3 files changed, 33 insertions(+)

    diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog imagemagick-6.9.11.60+dfsg/debian/changelog
    --- imagemagick-6.9.11.60+dfsg/debian/changelog 2024-07-11 13:48:47.000000000 +0300
    +++ imagemagick-6.9.11.60+dfsg/debian/changelog 2025-04-26 20:26:11.000000000 +0300
    @@ -1,3 +1,10 @@
    +imagemagick (8:6.9.11.60+dfsg-1.6+deb12u3) bookworm; urgency=medium
    +
    + * Non-maintainer upload.
    + * CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat
    +
    + -- Adrian Bunk <bunk@debian.org> Sat, 26 Apr 2025 20:26:11 +0300
    +
    imagemagick (8:6.9.11.60+dfsg-1.6+deb12u2) bookworm; urgency=medium

    * CVE-2023-34151 fix was incomplete (Closes: #1070340)
    diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch
    --- imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch 1970-01-01 02:00:00.000000000 +0200
    +++ imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-
  • From Salvatore Bonaccorso@21:1/5 to Adrian Bunk on Wed Apr 30 18:40:01 2025
    XPost: linux.debian.devel.release

    Control: tags -1 - moreinfo

    Hi Adrian,

    On Sun, Apr 27, 2025 at 07:21:19PM +0300, Adrian Bunk wrote:
    Package: release.debian.org
    Severity: normal
    Tags: bookworm moreinfo
    User: release.debian.org@packages.debian.org
    Usertags: pu
    X-Debbugs-Cc: security@debian.org, ImageMagick Packaging Team <pkg-gmagick-im-team@lists.alioth.debian.org>

    * CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat

    Tagged moreinfo, as question to the security team whether they want
    this in pu or as DSA.

    A point release update seems enough for this issue.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Adam D Barratt@21:1/5 to All on Sat May 3 17:10:01 2025
    XPost: linux.debian.devel.release

    package release.debian.org
    tags 1104243 = bookworm pending
    thanks

    Hi,

    The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

    Thanks for your contribution!

    Upload details
    ==============

    Package: imagemagick
    Version: 6.9.11.60+dfsg-1.6+deb12u3

    Explanation: fix "MIFF image depth mishandled after SetQuantumFormat" [CVE-2025-43965]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)