Your message dated Tue, 11 Mar 2025 17:35:34 +0000
with message-id <[email protected]>
and subject line Bug#1099954: fixed in graphicsmagick 1.4+really1.3.45+hg17689-1
has caused the Debian Bug report #1099954,
regarding graphicsmagick: CVE-2025-27796
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1099954: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099954
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphicsmagick
Version: 1.4+really1.3.45-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for graphicsmagick.
CVE-2025-27796[0]:
| ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles
| palette buffer allocation, resulting in out-of-bounds access to heap
| memory in ReadBlob.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-27796
https://www.cve.org/CVERecord?id=CVE-2025-27796
[1]
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.4+really1.3.45+hg17689-1
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated graphicsmagick
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Mar 2025 17:32:20 +0100
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.45+hg17689-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1099954 1099955
Changes:
graphicsmagick (1.4+really1.3.45+hg17689-1) unstable; urgency=high
.
* Mercurial snapshot, fixing the following security issues:
- CVE-2025-27795: ReadJXLImage(): Apply image dimension resource limits
(closes: #1099955),
- CVE-2025-27796: ReadWPGImage(): Assure that palette buffer is allocated
and the current size (closes: #1099954).
* Update Standards-Version to 4.7.2 .
Checksums-Sha1:
bb99780d5a75caf63a918ad3110f49eefd97feeb 3322
graphicsmagick_1.4+really1.3.45+hg17689-1.dsc
a330c1da590fda3f350c6b2a42e08f2aac106cc6 9012244
graphicsmagick_1.4+really1.3.45+hg17689.orig.tar.xz
6de3f105f2abfd2fc7c30818552b1795052804cc 228
graphicsmagick_1.4+really1.3.45+hg17689.orig.tar.xz.asc
49728112caeb72723b9352714241a47567cd576b 157372
graphicsmagick_1.4+really1.3.45+hg17689-1.debian.tar.xz
Checksums-Sha256:
f7b5023afad8a275cdda3bdb88a571469541bfb2ac2bb9887c2ef68dde4f6480 3322
graphicsmagick_1.4+really1.3.45+hg17689-1.dsc
c6179d451d3157fbb4c6841abe36788359a62410997c87dc094d495822673417 9012244
graphicsmagick_1.4+really1.3.45+hg17689.orig.tar.xz
f5e5b5bbd37b27b25708483c22b8323b89af72bd293e76d16213208dcb02b325 228
graphicsmagick_1.4+really1.3.45+hg17689.orig.tar.xz.asc
9db018bc8e8f05b523127f9ec0a637531baee615a603ac1466229e029cb2748e 157372
graphicsmagick_1.4+really1.3.45+hg17689-1.debian.tar.xz
Files:
75d8805a5dfc13e7bff9d76f94147da5 3322 graphics optional
graphicsmagick_1.4+really1.3.45+hg17689-1.dsc
2cca0b3c0700626dc539d480b21185cb 9012244 graphics optional
graphicsmagick_1.4+really1.3.45+hg17689.orig.tar.xz
323d4263ea5f5149cdf8600a6ef31ea2 228 graphics optional
graphicsmagick_1.4+really1.3.45+hg17689.orig.tar.xz.asc
91d794d3d6e34debe874f4f52399629c 157372 graphics optional
graphicsmagick_1.4+really1.3.45+hg17689-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmfQbzgACgkQ3OMQ54ZM
yL+drQ//XULohICrGbrdXO4Mm0iHqO2GQ/edn9RC9oGesQ28igH4+rEaVIvfOkAF
427UA7nnEsBCrvuLSXOvn2Gt/myvEk6koZPCejVVgT3vkDPSFxGqhhaocfiJGJ3o
xQVjFthMWGm3vzoaef28t1ML48DZ2hOMEAkcizp19WfaNkaCeQXqPIUWRGlvZEHN
Tqmg7G8jI6KhPeriulSjLIvDQEzK0abYjbOD/uFIBKMbgNINDEf6OHmlMe407svm
2i4PjMrbPeX5xUAwMsQitUKfw8Pxoo9u7AFBtsQM78OI4tOESRU0SvqpUpY9ZuJq
BT1BmuMl/q6igJ4ETwIfNHpgr+Tm4Vt4LaB0RsiKGkWQtmpXd+iBeopsdwJvkGQX
CNtWOjQD5FNAtGb5ibqdS8kg/XDGAtCNszDd1U4e4gRj8O+CuZpWeXlOwG+W3/56
Vz8XL4/l3dRdkTcgB75+iMXvj23QbczuRgUWEx1KyZ78RdSj7VWEkab8sRJb/Ij6
W7ymp99TjFZHwNsCgKj+QXnA8NIcjMqNWPGHZ2nIwEivGhl1FeDRVawuJ0V3K+dD
EKr7D0eLQ/PZ6C6AvuMwX2njMpXahFbx3gdNTt4eQN66gkvaD1CrYbzQtTCPJWn7
5dr4ZpJnJ0E8gITlGrepQXTsyl1gQIh40b7xCVlP2NfLgCeF+pg=
=XASD
-----END PGP SIGNATURE-----
pgpBGgaML8Fpq.pgp
Description: PGP signature
--- End Message ---
