Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package GraphicsMagick for openSUSE:Factory checked in at 2026-03-10 17:46:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old) and /work/SRC/openSUSE:Factory/.GraphicsMagick.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick" Tue Mar 10 17:46:56 2026 rev:98 rq:1337630 version:1.3.46 Changes: -------- --- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes 2025-12-24 13:15:20.872073951 +0100 +++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.8177/GraphicsMagick.changes 2026-03-10 17:47:17.128618350 +0100 @@ -1,0 +2,8 @@ +Mon Mar 9 10:13:37 UTC 2026 - Petr Gajdos <[email protected]> + +- security update +- added patches + CVE-2026-25799 [bsc#1258786], Division-by-Zero in YUV sampling factor validation leads to crash + * GraphicsMagick-CVE-2026-25799.patch + +------------------------------------------------------------------- New: ---- GraphicsMagick-CVE-2026-25799.patch ----------(New B)---------- New: CVE-2026-25799 [bsc#1258786], Division-by-Zero in YUV sampling factor validation leads to crash * GraphicsMagick-CVE-2026-25799.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.Qa6yrq/_old 2026-03-10 17:47:18.088657980 +0100 +++ /var/tmp/diff_new_pack.Qa6yrq/_new 2026-03-10 17:47:18.092658146 +0100 @@ -1,7 +1,7 @@ # # spec file for package GraphicsMagick # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,8 @@ Source: https://downloads.sourceforge.net/project/graphicsmagick/graphicsmagick/%{version}/%{name}-%{version}.tar.xz Patch0: GraphicsMagick-perl-linkage.patch Patch1: GraphicsMagick-disable-insecure-coders.patch +# CVE-2026-25799 [bsc#1258786], Division-by-Zero in YUV sampling factor validation leads to crash +Patch2: GraphicsMagick-CVE-2026-25799.patch BuildRequires: cups-client BuildRequires: dcraw BuildRequires: gcc-c++ ++++++ GraphicsMagick-CVE-2026-25799.patch ++++++ Index: GraphicsMagick-1.3.46/coders/yuv.c =================================================================== --- GraphicsMagick-1.3.46.orig/coders/yuv.c +++ GraphicsMagick-1.3.46/coders/yuv.c @@ -153,8 +153,8 @@ static Image *ReadYUVImage(const ImageIn &vertical_factor); if (factors != 2) vertical_factor=horizontal_factor; - if ((horizontal_factor != 1) && (horizontal_factor != 2) && - (vertical_factor != 1) && (vertical_factor != 2)) + if (((horizontal_factor != 1) && (horizontal_factor != 2)) || + ((vertical_factor != 1) && (vertical_factor != 2))) ThrowYUVReaderException(OptionError,UnsupportedSamplingFactor, image); } @@ -576,8 +576,8 @@ static unsigned int WriteYUVImage(const &vertical_factor); if (factors != 2) vertical_factor=horizontal_factor; - if ((horizontal_factor != 1) && (horizontal_factor != 2) && - (vertical_factor != 1) && (vertical_factor != 2)) + if (((horizontal_factor != 1) && (horizontal_factor != 2)) || + ((vertical_factor != 1) && (vertical_factor != 2))) ThrowWriterException(OptionError,UnsupportedSamplingFactor, image); }
