[Pkg-gmagick-im-team] imagemagick_7.1.1.47+dfsg1-2_source.changes ACCEPTED into unstable

Wed Jul 16 23:19:10 BST 2025

Thank you for your contribution to Debian.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jul 2025 22:29:23 +0200
Source: imagemagick
Architecture: source
Version: 8:7.1.1.47+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1109339
Changes:
 imagemagick (8:7.1.1.47+dfsg1-2) unstable; urgency=medium
 .
   * Fix CVE-2025-53014:
     A heap buffer overflow was found in the `InterpretImageFilename`
     function. The issue stems from an off-by-one error that
     causes out-of-bounds memory access when processing format
     strings containing consecutive percent signs (`%%`).
     (Closes: #1109339)
   * Fix CVE-2025-53015:
     Infinite loop occur when writing during a specific XMP
     file conversion command
     (Closes: #1109339)
   * Fix CVE-2025-53019:
     `magick stream` command, specifying
     multiple consecutive `%d` format specifiers in a
     filename template causes a memory leak
     (Closes: #1109339)
   * Fix CVE-2025-53101:
     `magick mogrify` command, specifying multiple consecutive
     `%d` format specifiers in a filename template causes
     internal pointer arithmetic to generate an address
     below the beginning of the stack buffer, resulting
     in a stack overflow through `vsnprintf()`
     (Closes: #1109339)
Checksums-Sha1:
 e11a11e18e41b2e78e9758da2bc77da2a7031152 5104 imagemagick_7.1.1.47+dfsg1-2.dsc
 92b23f2f93e7648fd23941cac2326b663de17402 276836 imagemagick_7.1.1.47+dfsg1-2.debian.tar.xz
 8c4f9bf1c7aae6b4b7511b5e429228271ac55c74 29505 imagemagick_7.1.1.47+dfsg1-2_amd64.buildinfo
Checksums-Sha256:
 2d2182a12e1d1282ef853d44e81ce4e0dccfae98bcf1ccfa13570c4a0787fb53 5104 imagemagick_7.1.1.47+dfsg1-2.dsc
 9cde51d8f5c11b09f5e51519256a207d269698ebe5d1771e81d27f459e84414e 276836 imagemagick_7.1.1.47+dfsg1-2.debian.tar.xz
 aaeb2f244a6d5deb796bca213d09f836dbdcded85cd89ab44b4f1d3e9274341a 29505 imagemagick_7.1.1.47+dfsg1-2_amd64.buildinfo
Files:
 9fad0cf80e077f29f5a9ca0886871547 5104 graphics optional imagemagick_7.1.1.47+dfsg1-2.dsc
 8106e7eafebc1d3d379f2f767816fdbf 276836 graphics optional imagemagick_7.1.1.47+dfsg1-2.debian.tar.xz
 acb95c843a8047dfbb6bcf27e2ae79f8 29505 graphics optional imagemagick_7.1.1.47+dfsg1-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmh4IU8ACgkQADoaLapB
CF9/xA/+JiEGO9rgYu3iN9SVph1va0Fc7JDykwW0OTEMC7NSWm7B+dcu6RlSMdYW
7hmDuCaxKGxLjA1vbUfSncP1pT3vdHO7yLGZqRynIS+nGhq2K66H8sO62XODG/mq
1zYRVQAywja7Wj8aKKIgJ99x0slDKS7y0FNaES8UloeHUoMKpRfTRST8hw14f9Lu
SxLsQXkJV8pGrpyIegKGCOCdxkdndo1r9yJBkJlMtS92OhHXOhgbbNQo0n1mHAFK
8ZvBQ1GnmEq8cKTUh3ZKIDNCsGlXErHoc5wtojP5X8dynaSbfYTs3Jbrt1bnBl5o
XPY2zRFCOSVGOevrQmljCLHpdt+/kr8zxCTX7mi6je1C5u5QUnSYZKp+kTTxIa6t
PKJbnr4tOfQE5ncAKO1E7qwoTy8jubWmhqtQVNZpf65M81TX0b8XkK1QV3mH071k
c6TqWKO7z1U36BMjdm7wTQ4GUc5HyDButOwLVuCQvZh9zcY68XVw8Pfois2pMcKI
Z92IyyhXlGxu4pMIeh5KKikUsCHBNHxWPKcBbfTCVtry+VR9ga/AUclvLWn3qt+s
63fcMG8YE3PsbsYraFDJ/ldFQQgidgJZq8O4wL4cqDktvrRlkIvMSCAbLoBbxaZ/
xMIkqZKy9JfJOy6qDt0r/ILooPrddHgVGDJWLSOaABhIgvzuwBU=
=hf5P
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20250716/491fd93e/attachment.sig>