[Git][security-tracker-team/security-tracker][master] 2 commits: Move ImageMagick6 fix to the correct CVE

Adrian Bunk (@bunk) Fri, 25 Apr 2025 06:01:22 -0700


Adrian Bunk pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
abd48329 by Adrian Bunk at 2025-04-25T15:47:19+03:00
Move ImageMagick6 fix to the correct CVE

- - - - -
ab524b92 by Adrian Bunk at 2025-04-25T16:00:12+03:00
CVE-2025-46393/imagemagick does not affect bookworm or bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -468,8 +468,10 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR 
archive can have filenam
        NOTE: https://www.openwall.com/lists/oss-security/2025/04/23/1
 CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 
7.1.1-44, ...)
        - imagemagick 8:7.1.1.46+dfsg1-1
+       [bookworm] - imagemagick <not-affected> (Vulnerable code introduced 
later)
+       [bullseye] - imagemagick <not-affected> (Vulnerable code introduced 
later)
+       NOTE: Introduced by: 
https://github.com/ImageMagick/ImageMagick/commit/8fbf695f3ebe89058d3444c6440405a085a47a29
 (7.1.0-30)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/81ac8a0d2eb21739842ed18c48c7646b7eef65b8
 (7.1.1-44)
-       NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a
 (6.9.13-22)
 CVE-2025-45429 (In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, 
there i ...)
        NOT-FOR-US: Tenda
 CVE-2025-45428 (In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the 
rebootTime par ...)
@@ -479,6 +481,7 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware 
V15.03.05.14_multi, the security
 CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image 
depth i ...)
        - imagemagick 8:7.1.1.46+dfsg1-1
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9
 (7.1.1-44)
+       NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a
 (6.9.13-22)
 CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk 
Managemen ...)
        NOT-FOR-US: Ivanti
 CVE-2025-42605 (This vulnerability exists in Meon Bidding Solutions due to 
improper au ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0c66527fbbee3fceded2a509fa1f96fa5f7abca...ab524b920567a8c992c2566224a5b5d9773d6b58

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0c66527fbbee3fceded2a509fa1f96fa5f7abca...ab524b920567a8c992c2566224a5b5d9773d6b58
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Move ImageMagick6 fix to the correct CVE

Reply via email to