Your message dated Fri, 18 Apr 2025 11:47:08 +0000
with message-id <[email protected]>
and subject line Bug#1099955: fixed in graphicsmagick 1.4+really1.3.40-4+deb12u1
has caused the Debian Bug report #1099955,
regarding graphicsmagick: CVE-2025-27795
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1099955: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099955
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphicsmagick
Version: 1.4+really1.3.45-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for graphicsmagick.

CVE-2025-27795[0]:
| ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image
| dimension resource limits.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-27795
    https://www.cve.org/CVERecord?id=CVE-2025-27795
[1] 
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: graphicsmagick
Source-Version: 1.4+really1.3.40-4+deb12u1
Done: Salvatore Bonaccorso <[email protected]>

We believe that the bug you reported is fixed in the latest version of
graphicsmagick, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated graphicsmagick 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 11 Apr 2025 22:49:23 +0200
Source: graphicsmagick
Architecture: source
Version: 1.4+really1.3.40-4+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 1099955
Changes:
 graphicsmagick (1.4+really1.3.40-4+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Carlos Henrique Lima Melara ]
   * d/p/CVE-2025-27795.patch: fix CVE-2025-27795 by adding image dimension
     resource limits. (Closes: #1099955)
 .
   [ Salvatore Bonaccorso ]
   * ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale
     matte (CVE-2025-32460)
Checksums-Sha1: 
 709320c81fc6f8a85d93fa8e9066c226fb5937c2 3395 
graphicsmagick_1.4+really1.3.40-4+deb12u1.dsc
 ac7f65860500a538906a5762c3011e8d42409fb3 5507792 
graphicsmagick_1.4+really1.3.40.orig.tar.xz
 7059a5523bf2209325d6e1d29668c46beeb79535 228 
graphicsmagick_1.4+really1.3.40.orig.tar.xz.asc
 4802b4f7d2587ccf190c4c189e19643e0beb97c1 160596 
graphicsmagick_1.4+really1.3.40-4+deb12u1.debian.tar.xz
Checksums-Sha256: 
 1b19a2190f1980b94fc0c3c9896a8afc849d1fbbedaad698808f112aeb0a7839 3395 
graphicsmagick_1.4+really1.3.40-4+deb12u1.dsc
 97dc1a9d4e89c77b25a3b24505e7ff1653b88f9bfe31f189ce10804b8efa7746 5507792 
graphicsmagick_1.4+really1.3.40.orig.tar.xz
 e397c2159d7be8d83174b9757d52475a35ade41d857350e390d16a710c57e29a 228 
graphicsmagick_1.4+really1.3.40.orig.tar.xz.asc
 d0f877ad86874f1fea15b59fd140a3a6fadd46aee548c13c5f19e9da035818a4 160596 
graphicsmagick_1.4+really1.3.40-4+deb12u1.debian.tar.xz
Files: 
 6360be123f061608074082670afe8acb 3395 graphics optional 
graphicsmagick_1.4+really1.3.40-4+deb12u1.dsc
 eb8395be198a661352dafb98eff5e35c 5507792 graphics optional 
graphicsmagick_1.4+really1.3.40.orig.tar.xz
 4daa7f467ec0228bf41cf1048b2dae4c 228 graphics optional 
graphicsmagick_1.4+really1.3.40.orig.tar.xz.asc
 cacc629b79bfb7d8781b98a243599347 160596 graphics optional 
graphicsmagick_1.4+really1.3.40-4+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmf5g/FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EdI4P/18TR8npR2CPnasov0HxyB49vQHL1QRH
OidMrTGNEj4JVakkz+ilIKJ4zM4aXjq1kb/KtMFhZVtiye2XtJOmS3uYM+NM0qR/
RUBGdKr+Kn1AAsXwGp+fq6jf/3qe/F8GMe+MZ5KfQ0N/p5pl/JKX7TDwxtrYLak5
LAbYD487Tg2c9Ug+VZQwHfACeRv16O5REPm5dJin37i8NcBCkmnKBOVWu9txnPYj
8BT5exZ8KHF5oJ29KLF1Lms6IEFYdJiBw7oNP3lfrdv5eKSN5HeoKyOm6X4mnYlO
iqWPhDXhoBcrBjGUkGykzO63Xzr3hvnM9eAG6oOCwqbCUMorsePAH2TI9Of0ZE9N
rW+wyAPGqnZJa35rLzKm50KgHHMnJ7mjLHkhkGjAGn9N6hm9rFWq9gZdUDwUAxCz
X14GzRIUN1npubfTIBJhXrQndagtwQVfOmjwsADvJQjp0p2YXxgaCwIdTNUVUZqx
ABQMeyDZZss1J1HpMCIJ5i5fyYOhzPr0xlfoS6KT5gtyLWz6ME2aXrvUXMghDSOZ
ds+OVij+KQUDBH+ywF3MeooRYqM04HIfgDFUWjszZMt8hl5IcQjLvxJ2EURECc6L
sXKkO27wz7w+vhSxpqXJLstqMWfGA3HJTI8ev3R3c5DnXH/vNMWrVVXHJr9IqRIb
1MOO7zrQhV9d
=Cs6G
-----END PGP SIGNATURE-----

Attachment: pgpAPFwa6Idp7.pgp
Description: PGP signature


--- End Message ---

Reply via email to