Your message dated Sat, 17 May 2025 09:37:57 +0000
with message-id <[email protected]>
and subject line Close 1104243
has caused the Debian Bug report #1104243,
regarding bookworm-pu: package imagemagick/8:6.9.11.60+dfsg-1.6+deb12u3
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104243: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104243
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm moreinfo
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected], ImageMagick Packaging Team
<[email protected]>
* CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat
Tagged moreinfo, as question to the security team whether they want
this in pu or as DSA.
diffstat for imagemagick-6.9.11.60+dfsg imagemagick-6.9.11.60+dfsg
changelog | 7
++
patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch | 25
++++++++++
patches/series | 1
3 files changed, 33 insertions(+)
diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog
imagemagick-6.9.11.60+dfsg/debian/changelog
--- imagemagick-6.9.11.60+dfsg/debian/changelog 2024-07-11 13:48:47.000000000
+0300
+++ imagemagick-6.9.11.60+dfsg/debian/changelog 2025-04-26 20:26:11.000000000
+0300
@@ -1,3 +1,10 @@
+imagemagick (8:6.9.11.60+dfsg-1.6+deb12u3) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat
+
+ -- Adrian Bunk <[email protected]> Sat, 26 Apr 2025 20:26:11 +0300
+
imagemagick (8:6.9.11.60+dfsg-1.6+deb12u2) bookworm; urgency=medium
* CVE-2023-34151 fix was incomplete (Closes: #1070340)
diff -Nru
imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch
imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch
---
imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch
1970-01-01 02:00:00.000000000 +0200
+++
imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch
2025-04-26 20:26:11.000000000 +0300
@@ -0,0 +1,25 @@
+From 64789006934b2974390aa060354ad318c34e0f6a Mon Sep 17 00:00:00 2001
+From: Dirk Lemstra <[email protected]>
+Date: Tue, 11 Feb 2025 22:34:41 +0100
+Subject: Update the image depth after this has been changed by
+ SetQuantumFormat.
+
+---
+ coders/miff.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/coders/miff.c b/coders/miff.c
+index 888be96a5..0703d4822 100644
+--- a/coders/miff.c
++++ b/coders/miff.c
+@@ -1310,6 +1310,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
+ if (quantum_format != UndefinedQuantumFormat)
+ {
+ status=SetQuantumFormat(image,quantum_info,quantum_format);
++ image->depth=GetImageQuantumDepth(image,MagickFalse);
+ if (status == MagickFalse)
+ ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed");
+ }
+--
+2.30.2
+
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/series
imagemagick-6.9.11.60+dfsg/debian/patches/series
--- imagemagick-6.9.11.60+dfsg/debian/patches/series 2024-07-11
13:48:47.000000000 +0300
+++ imagemagick-6.9.11.60+dfsg/debian/patches/series 2025-04-26
20:26:11.000000000 +0300
@@ -78,3 +78,4 @@
0078-do-not-composite-SVG-to-avoid-possible-recursion.patch
0079-recursion-detection-framework.patch
0080-Fixed-memory-leak.patch
+0001-Update-the-image-depth-after-this-has-been-changed-b.patch
--- End Message ---
--- Begin Message ---
Version: 12.11
This update has been released as part of 12.10. Thank you for your contribution.
--- End Message ---
