Version in base suite: 6.9.11.60+dfsg-1.6+deb12u2 Base version: imagemagick_6.9.11.60+dfsg-1.6+deb12u2 Target version: imagemagick_6.9.11.60+dfsg-1.6+deb12u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/imagemagick/imagemagick_6.9.11.60+dfsg-1.6+deb12u2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/i/imagemagick/imagemagick_6.9.11.60+dfsg-1.6+deb12u3.dsc changelog | 7 ++ patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch | 25 ++++++++++ patches/series | 1 3 files changed, 33 insertions(+) diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog imagemagick-6.9.11.60+dfsg/debian/changelog --- imagemagick-6.9.11.60+dfsg/debian/changelog 2024-07-11 10:48:47.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/changelog 2025-04-26 17:26:11.000000000 +0000 @@ -1,3 +1,10 @@ +imagemagick (8:6.9.11.60+dfsg-1.6+deb12u3) bookworm; urgency=medium + + * Non-maintainer upload. + * CVE-2025-43965: MIFF image depth mishandled after SetQuantumFormat + + -- Adrian Bunk Sat, 26 Apr 2025 20:26:11 +0300 + imagemagick (8:6.9.11.60+dfsg-1.6+deb12u2) bookworm; urgency=medium * CVE-2023-34151 fix was incomplete (Closes: #1070340) diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch --- imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch 1970-01-01 00:00:00.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/0001-Update-the-image-depth-after-this-has-been-changed-b.patch 2025-04-26 17:26:11.000000000 +0000 @@ -0,0 +1,25 @@ +From 64789006934b2974390aa060354ad318c34e0f6a Mon Sep 17 00:00:00 2001 +From: Dirk Lemstra +Date: Tue, 11 Feb 2025 22:34:41 +0100 +Subject: Update the image depth after this has been changed by + SetQuantumFormat. + +--- + coders/miff.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/coders/miff.c b/coders/miff.c +index 888be96a5..0703d4822 100644 +--- a/coders/miff.c ++++ b/coders/miff.c +@@ -1310,6 +1310,7 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, + if (quantum_format != UndefinedQuantumFormat) + { + status=SetQuantumFormat(image,quantum_info,quantum_format); ++ image->depth=GetImageQuantumDepth(image,MagickFalse); + if (status == MagickFalse) + ThrowMIFFException(ResourceLimitError,"MemoryAllocationFailed"); + } +-- +2.30.2 + diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/series imagemagick-6.9.11.60+dfsg/debian/patches/series --- imagemagick-6.9.11.60+dfsg/debian/patches/series 2024-07-11 10:48:47.000000000 +0000 +++ imagemagick-6.9.11.60+dfsg/debian/patches/series 2025-04-26 17:26:11.000000000 +0000 @@ -78,3 +78,4 @@ 0078-do-not-composite-SVG-to-avoid-possible-recursion.patch 0079-recursion-detection-framework.patch 0080-Fixed-memory-leak.patch +0001-Update-the-image-depth-after-this-has-been-changed-b.patch