Fix CVE-2026-23952 with patch provided by Debian from fixed version. Link: https://security-tracker.debian.org/tracker/CVE-2026-23952
Signed-off-by: Bhabu Bindu <[email protected]> --- .../imagemagick/CVE-2026-23952.patch | 57 +++++++++++++++++++ .../imagemagick/imagemagick_7.1.1.bb | 1 + 2 files changed, 58 insertions(+) create mode 100644 meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch diff --git a/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch new file mode 100644 index 0000000000..d8eb44b44d --- /dev/null +++ b/meta-oe/recipes-support/imagemagick/imagemagick/CVE-2026-23952.patch @@ -0,0 +1,57 @@ +From 1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d Mon Sep 17 00:00:00 2001 +From: Cristy <[email protected]> +Date: Thu, 15 Jan 2026 17:34:46 -0500 +Subject: [PATCH] + https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5vx3-wx4q-6cj8 + +CVE: CVE-2026-23952 +Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/1eefab41bc0ab1c6c2c1fd3e4a49e3ee1849751d] +Signed-off-by: Bhabu Bindu <[email protected]> +--- + PerlMagick/quantum/quantum.pm | 2 +- + coders/msl.c | 12 ++++++++++++ + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/PerlMagick/quantum/quantum.pm b/PerlMagick/quantum/quantum.pm +index 1dd5921fa8e..74cc8168f37 100644 +--- a/PerlMagick/quantum/quantum.pm ++++ b/PerlMagick/quantum/quantum.pm +@@ -6,7 +6,7 @@ package Image::Magick::Q16HDRI; + # You may not use this file except in compliance with the License. You may + # obtain a copy of the License at + # +-# https://imagemagick.org/script/license.php ++# https://imagemagick.org/license/ + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, +diff --git a/coders/msl.c b/coders/msl.c +index fa29764563b..5b182b5922f 100644 +--- a/coders/msl.c ++++ b/coders/msl.c +@@ -7088,6 +7088,12 @@ static void MSLEndElement(void *context,const xmlChar *tag) + { + if (LocaleCompare((const char *) tag,"comment") == 0 ) + { ++ if (msl_info->image[n] == (Image *) NULL) ++ { ++ ThrowMSLException(OptionError,"NoImagesDefined", ++ (const char *) tag); ++ break; ++ } + (void) DeleteImageProperty(msl_info->image[n],"comment"); + if (msl_info->content == (char *) NULL) + break; +@@ -7137,6 +7143,12 @@ static void MSLEndElement(void *context,const xmlChar *tag) + { + if (LocaleCompare((const char *) tag,"label") == 0 ) + { ++ if (msl_info->image[n] == (Image *) NULL) ++ { ++ ThrowMSLException(OptionError,"NoImagesDefined", ++ (const char *) tag); ++ break; ++ } + (void) DeleteImageProperty(msl_info->image[n],"label"); + if (msl_info->content == (char *) NULL) + break; diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb index abad1fe5d1..3917eed92e 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb @@ -28,6 +28,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://CVE-2026-22770.patch \ file://CVE-2026-23874.patch \ file://CVE-2026-23876.patch \ + file://CVE-2026-23952.patch \ " SRCREV = "82572afc879b439cbf8c9c6f3a9ac7626adf98fb" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124438): https://lists.openembedded.org/g/openembedded-devel/message/124438 Mute This Topic: https://lists.openembedded.org/mt/117853385/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
