[From nobody Sun Jun 21 20:19:08 2026
Received: (at 1140176-close) by bugs.debian.org; 21 Jun 2026 19:17:09 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
 (2024-03-25) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-112.8 required=4.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA,FVGT_m_MULTI_ODD,
 HAS_BUG_NUMBER,MD5_SHA1_SUM,PDS_BTC_ID,PGPSIGNATURE,RCVD_IN_DNSWL_MED,
 SPF_HELO_PASS,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham
 autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 136; hammy, 150; neutral, 215; spammy,
 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK,
 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz,
 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo
Return-path: &lt;envelope@ftp-master.debian.org&gt;
Received: from mitropoulos.debian.org
 ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:60382)
 by buxtehude.debian.org with esmtps
 (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;envelope@ftp-master.debian.org&gt;)
 id 1wbNfJ-00DCe7-1P for 1140176-close@bugs.debian.org;
 Sun, 21 Jun 2026 19:17:09 +0000
Received: via submission
 from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA,
 CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified)
 by mitropoulos.debian.org with esmtps
 (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;envelope@ftp-master.debian.org&gt;)
 id 1wbNfH-006ecN-16 for 1140176-close@bugs.debian.org;
 Sun, 21 Jun 2026 19:17:07 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type:
 Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID
 :Content-Description:In-Reply-To:References;
 bh=B68vHJYSC6jGMjiX6Psxdi3ajJXMODAMiWCiljVl4sU=; b=IjgwPoKfQrORi9HxNYJ1ZRSMXq
 nQ7PZYwWcOK1ZwDv0+1/A2eU89F/VuEIvm7Kq4JxwQ4ndgb89xRkaL7X3NcY/9p13KtQ6ggQ+gx/P
 bPvnR4JxhaFnb4j1hL4pZXVgS/Kwm5/slT3hEtRMFOKi7HZEsrW6ecQJ7y5yuGp+NYuTCXBAL8+ih
 C2zxWHT74k9wFCLD1X0lk6vukaL0XjbftTFLYgHZWt8ulm4gP7AY2UvLmi66OhjbTyH5N/Onk02/4
 SJb6SrGKs02nYgb0K+8rjwS3WcddYdLnqmNCQd1M7RjZXHVxZqpq5mXn2w5W31N4bIs1mmu3yVH0k
 AMD9WF/A==;
Received: from dak by fasolo.debian.org with local (Exim 4.98.2)
 (envelope-from &lt;envelope@ftp-master.debian.org&gt;)
 id 1wbNfG-00000004r3A-0XUf; Sun, 21 Jun 2026 19:17:06 +0000
From: Debian FTP Masters &lt;ftpmaster@ftp-master.debian.org&gt;
Reply-To: =?utf-8?q?Bastien_Roucari=C3=A8s?= &lt;rouca@debian.org&gt;
To: 1140176-close@bugs.debian.org
X-DAK: dak process-policy
X-Debian: DAK
X-Debian-Package: imagemagick
Debian: DAK
Debian-Changes: imagemagick_7.1.1.43+dfsg1-1+deb13u10_source.changes
Debian-Source: imagemagick
Debian-Version: 8:7.1.1.43+dfsg1-1+deb13u10
Debian-Architecture: source
Debian-Suite: proposed-updates
Debian-Archive-Action: accept
MIME-Version: 1.0
Subject: Bug#1140176: fixed in imagemagick 8:7.1.1.43+dfsg1-1+deb13u10
Content-Type: multipart/signed; micalg=&quot;pgp-sha256&quot;;
 protocol=&quot;application/pgp-signature&quot;;
 boundary=&quot;===============6908548459024109552==&quot;
Message-Id: &lt;E1wbNfG-00000004r3A-0XUf@fasolo.debian.org&gt;
Date: Sun, 21 Jun 2026 19:17:06 +0000

--===============6908548459024109552==
Content-Type: text/plain; charset=&quot;utf-8&quot;
Content-Transfer-Encoding: quoted-printable

Source: imagemagick
Source-Version: 8:7.1.1.43+dfsg1-1+deb13u10
Done: Bastien Roucari=C3=A8s &lt;rouca@debian.org&gt;

We believe that the bug you reported is fixed in the latest version of
imagemagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1140176@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastien Roucari=C3=A8s &lt;rouca@debian.org&gt; (supplier of updated imagemagick pa=
ckage)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Jun 2026 13:35:39 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.1.43+dfsg1-1+deb13u10
Distribution: trixie-security
Urgency: high
Maintainer: ImageMagick Packaging Team &lt;pkg-gmagick-im-team@lists.alioth.debi=
an.org&gt;
Changed-By: Bastien Roucari=C3=A8s &lt;rouca@debian.org&gt;
Closes: 1140176
Changes:
 imagemagick (8:7.1.1.43+dfsg1-1+deb13u10) trixie-security; urgency=3Dhigh
 .
   * Fix CVE-2026-48724:
     When using an image with mask the Floyd-Steinberg dithering
     method it will cause a negative heap buffer over-write
   * Fix CVE-2026-48734:
     A crafted MVG file could result in a stack overflow due to a missing dep=
th
     or visited-set check
   * Fix CVE-2026-48994:
     A missing check of a return value could lead to a heap buffer over-write=
 in the MAT
     decoder on 32-bit systems.
   * Fix CVE-2026-49218:
     A missing check in the DCM decoder could result in an image with invalid=
 dimensions
     and that could cause crashes in other operation.
   * Fix CVE-2026-49219:
     An incorrect parsing of the filename can result in a policy bypass and r=
ead files
     disallowed by a security policy using a symlink
   * Backport policy from 7.1.2.25
   * Fix CVE-2026-53460:
     A missing check for maximum memory request in AcquireAlignedMemory
     could trigger an out-of-Memory condition.
   * Fix CVE-2026-53461:
     An incorrect loop in the ICON decoder can result in an out of
     bounds heap write resulting in a crash.
   * Fix CVE-2026-53463:
     When passing incorrect arguments in the distort operation a
     null pointer deference will occur.
   * Fix CVE-2026-53464:
     When providing invalid options to the wand option parser
     a small memory leak will occur.
   * Harden debian policy in case of custom recompilation (Closes: #1140176)
Checksums-Sha1:
 623835326a9e19622ced44bd8b93caf9470fde17 5165 imagemagick_7.1.1.43+dfsg1-1+d=
eb13u10.dsc
 103af0af388a733c043845b228cf3031c16d859b 10501740 imagemagick_7.1.1.43+dfsg1=
.orig.tar.xz
 f0272bcbc3f31e0312f9d104a6d4ecf555485515 346928 imagemagick_7.1.1.43+dfsg1-1=
+deb13u10.debian.tar.xz
 dbb9b98836b3b438e7ccd2cbd5d34e0ec5b04cb8 8537 imagemagick_7.1.1.43+dfsg1-1+d=
eb13u10_source.buildinfo
Checksums-Sha256:
 a3b34ba2a422e93a219195a499ee67b306561f91683d7a77800d83157ed7f10d 5165 imagem=
agick_7.1.1.43+dfsg1-1+deb13u10.dsc
 bcb4f3c78a930a608fa4889f889edbcb384974246ad9407fce1858f2c0607bfe 10501740 im=
agemagick_7.1.1.43+dfsg1.orig.tar.xz
 8aee9cfdf22414d306fa1b027670f7a4ececc359164e92868b150f21e099d621 346928 imag=
emagick_7.1.1.43+dfsg1-1+deb13u10.debian.tar.xz
 f08aa361a89b882d1222aa920d45d1bf124ea073825c941c5f5e1c4786021021 8537 imagem=
agick_7.1.1.43+dfsg1-1+deb13u10_source.buildinfo
Files:
 fae1fc22e7e0345b6e7017c9d00b0101 5165 graphics optional imagemagick_7.1.1.43=
+dfsg1-1+deb13u10.dsc
 01cfb13a7c1813afb50790e431358c6c 10501740 graphics optional imagemagick_7.1.=
1.43+dfsg1.orig.tar.xz
 59618f1ae2ed16055eb4d998dc3b7590 346928 graphics optional imagemagick_7.1.1.=
43+dfsg1-1+deb13u10.debian.tar.xz
 3a439d3a552ce5cf68d54a3a98296237 8537 graphics optional imagemagick_7.1.1.43=
+dfsg1-1+deb13u10_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmo3ku8ACgkQADoaLapB
CF9DWQ//UGqtD+gMuatUKmYJXO9gh3He9gef/enbzNWUnCssn0AMkBjVL2wmw9E0
hUa2AIiWicl8qfDxGZiJzI2JiG5uIlX1pwqrXEUMfMXWXbom0ORVq4WN9cVcge2A
ebvVz7pEiD9oeL56Ff6khV6ha9d/Ig0q/mUq8BNwd19I8Gxz517h6eoe0N434e8j
R1SW244+T1FZLiIsxROHL/bfaX2a/ugwT/SNp3yk0d73vSmANtWYoNFASQbMaxHT
NCieZQxF5RueEpCDD08OSAMOhVf496PjLn644JaAduGcoSbIQW3Tslu53xiNAJt5
l6dHvDZ+JTPmER2tbnb8wygE4VDkwsjP0d+/5Wv3oJ7L5n91Eh8rEFPyq+RgDcGh
DTZb/FZPlovtqVq5/uMGdXkyHosgAEefeJeNp5Pi9c0sSM/P1O8QnPsv0fe/sIIB
FHyWdkRjqxTaI0weJ9LzJdEQefg8wbmisqLIdRRCB584IiKajoQOloOmRLzt5/oM
Tod/zO644H9upgbHl+jwsOo61nqKDvrHRAMWxDRwwWIFHORXO+SWpxSDsdI9OJnY
cGGHY/MB7QbuzfWDZqvsh0EXI6HR6wT1RAVo6T3qj497bOA17Hh+QeZPNswgDcGc
G92tnKoA+OxlSItofoefEXPIe3Toj27laCviBDH1TeZcMxyQhN8=3D
=3Dnqf8
-----END PGP SIGNATURE-----


--===============6908548459024109552==
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCajg4sgAKCRCb9qggYcy5
IQRwAPwLFO4NNIRpW7H63j/oYcA+WOkJmLWZfOz8o+Jrc/OaUQD/adS/pqKlOpb+
FCDZV61X6lfq+5UNJ9gxY6DaSzlo2gI=
=c5vY
-----END PGP SIGNATURE-----

--===============6908548459024109552==--
]