[Pkg-gmagick-im-team] imagemagick_7.1.2.13+dfsg1-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed Jan 21 23:33:51 GMT 2026 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 21 Jan 2026 22:54:51 +0100
Source: imagemagick
Architecture: source
Version: 8:7.1.2.13+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: ImageMagick Packaging Team <pkg-gmagick-im-team at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1126074 1126075 1126076 1126077
Changes:
 imagemagick (8:7.1.2.13+dfsg1-1) unstable; urgency=high
 .
   * New upstream version
   * Fix CVE-2026-22770 (Closes: #1126074)
     The BilateralBlurImage method will allocate a set of
     double buffers inside AcquireBilateralTLS.
     The last element in the set is not properly initialized.
     This will result in a release of an invalid pointer
     inside DestroyBilateralTLS when the memory allocation fails
   * Fix CVE-2026-23874 (Closes: #1126075)
     a stack overflow was found via infinite recursion in
     MSL (Magick Scripting Language) `<write>` command when
     writing to MSL format.
   * Fix CVE-2026-23876 (Closes: #1126076)
     A heap buffer overflow vulnerability was found in the XBM
     image decoder (ReadXBMImage) allows an attacker to write
     controlled data past the allocated heap buffer when
     processing a maliciously crafted image file.
     Any operation that reads or identifies an image can
     trigger the overflow, making it exploitable via common
     image upload and processing pipelines.
   * Fix CVE-2026-23952 (Closes: 1126077)
     NULL pointer dereference was found in MSL parser via <comment>
     tag before image load
Checksums-Sha1:
 a6005cdc26c3e9859956313788ad4ef2a8cc2009 5202 imagemagick_7.1.2.13+dfsg1-1.dsc
 c2faca7104b0bfa92eef065504e0889e549a2cc1 10524452 imagemagick_7.1.2.13+dfsg1.orig.tar.xz
 e50dad0117c55ad6732b7591653e7281eca45dcc 268004 imagemagick_7.1.2.13+dfsg1-1.debian.tar.xz
 d514ee33ba3686e9ed9e6b023ebf19385cfa4a1e 8336 imagemagick_7.1.2.13+dfsg1-1_source.buildinfo
Checksums-Sha256:
 47f3ad7fa7667bad841ec5cfa2c82432f346eb407b55abaaf2fcd4afe0372b95 5202 imagemagick_7.1.2.13+dfsg1-1.dsc
 491e46c2dea8bc92de69d41cb80e9a4cf6a8db1778742f99f82f47203c0e8106 10524452 imagemagick_7.1.2.13+dfsg1.orig.tar.xz
 18793469ad352b48c006fa07fb471f52efbffbaf6751afee9e0886f70506c638 268004 imagemagick_7.1.2.13+dfsg1-1.debian.tar.xz
 d6ea1aca3ac34a72eb8a2ddb7596ab6633c53cbf66cbdca721a1ee0c57114128 8336 imagemagick_7.1.2.13+dfsg1-1_source.buildinfo
Files:
 0980fc4ffc11822f00e137e60ea157ab 5202 graphics optional imagemagick_7.1.2.13+dfsg1-1.dsc
 bc179c284f888b7a7e6dff9349b529e0 10524452 graphics optional imagemagick_7.1.2.13+dfsg1.orig.tar.xz
 680d623062216faeded8a41599037240 268004 graphics optional imagemagick_7.1.2.13+dfsg1-1.debian.tar.xz
 0d96ae4272f3904499ce1168b8dc46a4 8336 graphics optional imagemagick_7.1.2.13+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

wsG7BAEBCgBvBYJpcV6eCRAAOhotqkEIX0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfOdXLPsftm58/k92XGqQzrT578Mqan/Egd8PeaSyCl
uxYhBF0Bh7lAokW617D1agA6Gi2qQQhfAACBoBAAq4KPhFsznYGIJI/UPVyZaFX1
depOWbqFEADx9maG3fY9Ve7pH2N1oLF28I2h9oZu+OHGP7+g2t4AKdKvagBTTn2U
yq6X8miUpWaFTVnZUfiVqhT6fZFLDC8PTL3w94XDqwwhSaVJfUwMo2M2JsEfrZ+a
EYOh4SjywvlrsLyF7wqM2rtRYXTYqTMofxVjKTMR1jGjFAeQMvRBDw7cZ8909axf
XIlyR9+zboxrc+oAS3NSyfzMtu/imtv8J8tewNnnHwANGENu5byGnl44kApe52aT
tCImG+wvnYXBIeCNLcCjd3qq5JdnQMrA5Sei61+ROlG2rCsSKKDEqZEMamXATelJ
AXkVToF6FQx+PtcgerZe+GySWlyyYV/4FcEQrFFFyjHYfg36QxC8GA7sP3mWgVJc
g0/BUMNK/taLe42mjP3CJODAwv8gBbNON2kfd0/W+rcwYbTk8005yQBAn5MJ2eUo
DK0Cbu3WK8hQ8Tk2WcTu7EICt5xqjLMtiaku3H/D0UXaeSeCS9EgmdVjkBBGuP5U
KMeWf5znQgxZshLFosnE0tB02oHx8tN+fqfiniJ2rfGcDyrkw5F99DoY5ir7bwtu
vToF3Cv9u0TQYxgbHwlQ77TAbALLrq2VpGdjckev8ullBe+Z7Z9YsoMQg/y3YIGC
AlqnGYkDcuwwkZNmG08=
=3Qzw
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gmagick-im-team/attachments/20260121/4e271802/attachment.sig>

More information about the Pkg-gmagick-im-team mailing list