Accepted imagemagick 8:6.9.11.60+dfsg-1.6+deb12u6 (source) into oldstable-proposed-updates

Thu, 29 Jan 2026 10:49:41 -0800 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jan 2026 22:54:51 +0100
Source: imagemagick
Architecture: source
Version: 8:6.9.11.60+dfsg-1.6+deb12u6
Distribution: bookworm-security
Urgency: high
Maintainer: ImageMagick Packaging Team 
<[email protected]>
Changed-By: Bastien Roucariès <[email protected]>
Closes: 1126075 1126076 1126077
Changes:
 imagemagick (8:6.9.11.60+dfsg-1.6+deb12u6) bookworm-security; urgency=high
 .
   * Fix CVE-2026-23874 (Closes: #1126075)
     a stack overflow was found via infinite recursion in
     MSL (Magick Scripting Language) `<write>` command when
     writing to MSL format.
   * Fix CVE-2026-23876 (Closes: #1126076)
     A heap buffer overflow vulnerability was found in the XBM
     image decoder (ReadXBMImage) allows an attacker to write
     controlled data past the allocated heap buffer when
     processing a maliciously crafted image file.
     Any operation that reads or identifies an image can
     trigger the overflow, making it exploitable via common
     image upload and processing pipelines.
   * Fix CVE-2026-23952 (Closes: 1126077)
     NULL pointer dereference was found in MSL parser via <comment>
     tag before image load
Checksums-Sha1:
 8f1920435eb663545836777b075284fc06af8118 5106 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6.dsc
 824a63dce5e54bd8b78077d671d8ab06300a8848 9395144 
imagemagick_6.9.11.60+dfsg.orig.tar.xz
 3a67d62f25cf7f5beba07503074ce94504bdfc50 279512 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6.debian.tar.xz
 00caf1fa5a3ca5748f387853b19f8be2b3ab2c5e 8249 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6_source.buildinfo
Checksums-Sha256:
 799fed83cad9abf34645cc9390620c6fe4b01a00544e3f52416a0e2dbdef8b26 5106 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6.dsc
 472fb516df842ee9c819ed80099c188463b9e961303511c36ae24d0eaa8959c4 9395144 
imagemagick_6.9.11.60+dfsg.orig.tar.xz
 7519571167b790528dcee982ba97f5e2ac0c685a7b63215e47c72fb673f87920 279512 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6.debian.tar.xz
 9bba7b5461a64301d8c2cca7bf68faa1f0a206f0366f4fd8512b8ed3ee3e794c 8249 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6_source.buildinfo
Files:
 72530400c95866003a1c7ddfc247934c 5106 graphics optional 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6.dsc
 8b8f7b82bd1299cf30aa3c488c46a3cd 9395144 graphics optional 
imagemagick_6.9.11.60+dfsg.orig.tar.xz
 e10cecab9b0ab09a9b1259568ba2ef20 279512 graphics optional 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6.debian.tar.xz
 725b1a64c035c9724882ad5b54a32c53 8249 graphics optional 
imagemagick_6.9.11.60+dfsg-1.6+deb12u6_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmlzoakACgkQADoaLapB
CF/j4A/8CMpBl/7dSjucA1bG7yX3hqXithkUImjbkpSKZK1oT593qT1ACEAIVNzq
v71xTM9iQnn6kdUJH8EQ+J2XmaSRA1ZRELI9hrwdk4+LnEr4TWtqp/J736IBQRzx
yBLY865auTzblDgqs7bF+q6B/nhyKdFT6P8Td4AaSvUJBLekjGvWeeA2YUNWiNYL
uQnr5MpXH/XWnE+9SnaYozWTFPkWb/WookRH7UWOmDYNQBKw9T5lBEZepzP4q18q
R6JdlmANY6+nQmLn9Cud6U/zxExIeXFgxj7kvVsqaZYfBxuCReWYmbkJqjRUIinc
9JYCUW6eDG3vFv1ul1BlMoiPYTnFsUToWq0y2QQmuya35jx9dARSOrDu+EP7WfWh
Y8A2S3HKu61K7V5vPsCnVExnBh9s3Wm+I2OgDBikyBSws7rrJNQoSlgmRLCT1+RY
RPgL6sDcCbEHErb4I8M+6rZzJC6fc3IvQe0waSQWT/ZFKt5hJZzgjKwu+ZrEvK0p
8SI6GCQ2P3jSB08de9qAPzyajYykDCD4jj+q68r3PdvPZLJJoD+HdvjQFJAHzTEz
lFPhNBgYcW2zJTYNMg+LdLCU8lJ1Maex6KpME2nagFwJK4v3D/3iIxLXtrH5pPUk
H8kmVHzhx8huFZGCfbwZQ8R0ZmfDhS3mGqnvq0s1h6fxsXG7dxk=
=OfqJ
-----END PGP SIGNATURE-----

Attachment: pgpr9vAV3dOnI.pgp
Description: PGP signature

Reply via email to