Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package GraphicsMagick for openSUSE:Factory 
checked in at 2026-06-25 10:49:53
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old)
 and      /work/SRC/openSUSE:Factory/.GraphicsMagick.new.2088 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "GraphicsMagick"

Thu Jun 25 10:49:53 2026 rev:106 rq:1361542 version:1.3.47

Changes:
--------
--- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes    
2026-06-13 18:46:17.502823472 +0200
+++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.2088/GraphicsMagick.changes  
2026-06-25 10:51:39.265843771 +0200
@@ -1,0 +2,10 @@
+Wed Jun 24 06:35:57 UTC 2026 - Petr Gajdos <[email protected]>
+
+- added patches
+  CVE-2026-46523: heap-use-after-free via a crafted MSL image [bsc#1268125]
+  * GraphicsMagick-CVE-2026-46523.patch
+- modified patches
+  * GraphicsMagick-disable-insecure-coders.patch (disable MSL
+         to align with ImageMagick)
+
+-------------------------------------------------------------------

New:
----
  GraphicsMagick-CVE-2026-46523.patch

----------(New B)----------
  New:  CVE-2026-46523: heap-use-after-free via a crafted MSL image 
[bsc#1268125]
  * GraphicsMagick-CVE-2026-46523.patch
- modified patches
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ GraphicsMagick.spec ++++++
--- /var/tmp/diff_new_pack.3P9OYY/_old  2026-06-25 10:51:40.489886162 +0200
+++ /var/tmp/diff_new_pack.3P9OYY/_new  2026-06-25 10:51:40.497886439 +0200
@@ -35,6 +35,8 @@
 Patch1:         GraphicsMagick-disable-insecure-coders.patch
 # CVE-2026-42050: Stack buffer overflow in XTileImage [bsc#1265048]
 Patch7:         GraphicsMagick-CVE-2026-42050.patch
+# CVE-2026-46523: heap-use-after-free via a crafted MSL image [bsc#1268125]
+Patch8:         GraphicsMagick-CVE-2026-46523.patch
 BuildRequires:  cups-client
 BuildRequires:  dcraw
 BuildRequires:  gcc-c++

++++++ GraphicsMagick-CVE-2026-46523.patch ++++++
Index: GraphicsMagick-1.3.47/coders/msl.c
===================================================================
--- GraphicsMagick-1.3.47.orig/coders/msl.c
+++ GraphicsMagick-1.3.47/coders/msl.c
@@ -4316,6 +4316,7 @@ RegisterMSLImage(void)
   entry=SetMagickInfo("MSL");
   entry->decoder=(DecoderHandler) ReadMSLImage;
   entry->encoder=(EncoderHandler) WriteMSLImage;
+  entry->blob_support=MagickFalse;
   entry->description="Magick Scripting Language";
   entry->module="MSL";
   entry->extension_treatment=IgnoreExtensionTreatment;

++++++ GraphicsMagick-disable-insecure-coders.patch ++++++
--- /var/tmp/diff_new_pack.3P9OYY/_old  2026-06-25 10:51:40.561888655 +0200
+++ /var/tmp/diff_new_pack.3P9OYY/_new  2026-06-25 10:51:40.565888794 +0200
@@ -323,4 +323,16 @@
  # PSD format
  for type in ${check_types}
  do
+Index: GraphicsMagick-1.3.47/coders/msl.c
+===================================================================
+--- GraphicsMagick-1.3.47.orig/coders/msl.c
++++ GraphicsMagick-1.3.47/coders/msl.c
+@@ -4319,6 +4319,7 @@ RegisterMSLImage(void)
+   entry->description="Magick Scripting Language";
+   entry->module="MSL";
+   entry->extension_treatment=IgnoreExtensionTreatment;
++  entry->coder_class=BrokenCoderClass;
+   (void) RegisterMagickInfo(entry);
+ #endif /* defined(HasXML) */
+ }
 

Reply via email to