[Pkg-gmagick-im-team] Bug#1076562: bullseye-pu: package imagemagick/8:6.9.11.60+dfsg-1.3+deb11u4

[Bastien Roucariès]

Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: imagemagick at packages.debian.org
Control: affects -1 + src:imagemagick
User: release.debian.org at packages.debian.org
Usertags: pu

[ Reason ]

  * CVE-2023-34151 fix was incomplete (Closes: #1070340)
  * Fix variation of CVE-2023-1289 found by testing.

[ Impact ]

  * CVE are still open is not fixed


[ Tests ]

Manual test of CVE-2023-34151, automatic of CVE-2023-1289.
Cross checked by santiago

[ Risks ]

Risk are low, crosscheck done by santiago.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[Other changes]

Update d/changelog for old fixed CVE. Investigated status with carnil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: imagemagick.debdiff
Type: text/x-patch
Size: 52784 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20240718/282b9114/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20240718/282b9114/attachment-0001.sig>