Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package GraphicsMagick for openSUSE:Factory checked in at 2026-06-25 10:49:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/GraphicsMagick (Old) and /work/SRC/openSUSE:Factory/.GraphicsMagick.new.2088 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "GraphicsMagick" Thu Jun 25 10:49:53 2026 rev:106 rq:1361542 version:1.3.47 Changes: -------- --- /work/SRC/openSUSE:Factory/GraphicsMagick/GraphicsMagick.changes 2026-06-13 18:46:17.502823472 +0200 +++ /work/SRC/openSUSE:Factory/.GraphicsMagick.new.2088/GraphicsMagick.changes 2026-06-25 10:51:39.265843771 +0200 @@ -1,0 +2,10 @@ +Wed Jun 24 06:35:57 UTC 2026 - Petr Gajdos <[email protected]> + +- added patches + CVE-2026-46523: heap-use-after-free via a crafted MSL image [bsc#1268125] + * GraphicsMagick-CVE-2026-46523.patch +- modified patches + * GraphicsMagick-disable-insecure-coders.patch (disable MSL + to align with ImageMagick) + +------------------------------------------------------------------- New: ---- GraphicsMagick-CVE-2026-46523.patch ----------(New B)---------- New: CVE-2026-46523: heap-use-after-free via a crafted MSL image [bsc#1268125] * GraphicsMagick-CVE-2026-46523.patch - modified patches ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ GraphicsMagick.spec ++++++ --- /var/tmp/diff_new_pack.3P9OYY/_old 2026-06-25 10:51:40.489886162 +0200 +++ /var/tmp/diff_new_pack.3P9OYY/_new 2026-06-25 10:51:40.497886439 +0200 @@ -35,6 +35,8 @@ Patch1: GraphicsMagick-disable-insecure-coders.patch # CVE-2026-42050: Stack buffer overflow in XTileImage [bsc#1265048] Patch7: GraphicsMagick-CVE-2026-42050.patch +# CVE-2026-46523: heap-use-after-free via a crafted MSL image [bsc#1268125] +Patch8: GraphicsMagick-CVE-2026-46523.patch BuildRequires: cups-client BuildRequires: dcraw BuildRequires: gcc-c++ ++++++ GraphicsMagick-CVE-2026-46523.patch ++++++ Index: GraphicsMagick-1.3.47/coders/msl.c =================================================================== --- GraphicsMagick-1.3.47.orig/coders/msl.c +++ GraphicsMagick-1.3.47/coders/msl.c @@ -4316,6 +4316,7 @@ RegisterMSLImage(void) entry=SetMagickInfo("MSL"); entry->decoder=(DecoderHandler) ReadMSLImage; entry->encoder=(EncoderHandler) WriteMSLImage; + entry->blob_support=MagickFalse; entry->description="Magick Scripting Language"; entry->module="MSL"; entry->extension_treatment=IgnoreExtensionTreatment; ++++++ GraphicsMagick-disable-insecure-coders.patch ++++++ --- /var/tmp/diff_new_pack.3P9OYY/_old 2026-06-25 10:51:40.561888655 +0200 +++ /var/tmp/diff_new_pack.3P9OYY/_new 2026-06-25 10:51:40.565888794 +0200 @@ -323,4 +323,16 @@ # PSD format for type in ${check_types} do +Index: GraphicsMagick-1.3.47/coders/msl.c +=================================================================== +--- GraphicsMagick-1.3.47.orig/coders/msl.c ++++ GraphicsMagick-1.3.47/coders/msl.c +@@ -4319,6 +4319,7 @@ RegisterMSLImage(void) + entry->description="Magick Scripting Language"; + entry->module="MSL"; + entry->extension_treatment=IgnoreExtensionTreatment; ++ entry->coder_class=BrokenCoderClass; + (void) RegisterMagickInfo(entry); + #endif /* defined(HasXML) */ + }
