Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ImageMagick for openSUSE:Factory checked in at 2026-05-12 19:26:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ImageMagick (Old) and /work/SRC/openSUSE:Factory/.ImageMagick.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ImageMagick" Tue May 12 19:26:21 2026 rev:334 rq:1352386 version:7.1.2.21 Changes: -------- --- /work/SRC/openSUSE:Factory/ImageMagick/ImageMagick.changes 2026-04-30 20:26:01.328072871 +0200 +++ /work/SRC/openSUSE:Factory/.ImageMagick.new.1966/ImageMagick.changes 2026-05-12 19:26:38.827034495 +0200 @@ -1,0 +2,7 @@ +Mon May 11 07:44:45 UTC 2026 - Petr Gajdos <[email protected]> + +- added patches + fix overflow check (CVE-2026-31853, [bsc#1259528]) + * ImageMagick-fix-overflow-check.patch + +------------------------------------------------------------------- @@ -11 +18 @@ - * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p 2598004 + * https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p New: ---- ImageMagick-fix-overflow-check.patch ----------(New B)---------- New: fix overflow check (CVE-2026-31853, [bsc#1259528]) * ImageMagick-fix-overflow-check.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ImageMagick.spec ++++++ --- /var/tmp/diff_new_pack.wwoyrV/_old 2026-05-12 19:26:39.791074449 +0200 +++ /var/tmp/diff_new_pack.wwoyrV/_new 2026-05-12 19:26:39.795074615 +0200 @@ -52,6 +52,8 @@ Patch1: ImageMagick-configuration-SUSE.patch # library installation Patch2: ImageMagick-library-installable-in-parallel.patch +# fix overflow check (CVE-2026-31853, [bsc#1259528]) +Patch3: ImageMagick-fix-overflow-check.patch Patch1000: ImageMagick-s390x-disable-tests.patch BuildRequires: chrpath ++++++ ImageMagick-fix-overflow-check.patch ++++++ >From f028fe940b90aa3d3cd78b4199e2a05bf9e0190d Mon Sep 17 00:00:00 2001 From: Dirk Lemstra <[email protected]> Date: Sat, 2 May 2026 17:16:28 +0200 Subject: [PATCH] Another fix to check for the 32-bit overflow. --- coders/sfw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coders/sfw.c b/coders/sfw.c index cca66ab0508..083fb84a112 100644 --- a/coders/sfw.c +++ b/coders/sfw.c @@ -251,7 +251,7 @@ static Image *ReadSFWImage(const ImageInfo *image_info,ExceptionInfo *exception) Read image into a buffer. */ extent=(size_t) GetBlobSize(image)+MagickPathExtent; - if (GetBlobSize(image) != extent) + if (extent < GetBlobSize(image)) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); if (GetBlobSize(image) < 141) ThrowReaderException(CorruptImageError,"ImproperImageHeader");
