Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 091ae512 by Salvatore Bonaccorso at 2025-07-20T20:47:17+02:00 Revert tracking of fixed version for trixie for imagemagick Release team does not agree that the fix should go via trixie-proposed-updates since there was some discussion already on the state of imagemagick in https://bugs.debian.org/1109572#12 and the earlier https://bugs.debian.org/1104632#29 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1480,21 +1480,18 @@ CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make NOT-FOR-US: Shopify extension CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...) - imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339) - [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 [bookworm] - imagemagick <no-dsa> (Minor issue) [bullseye] - imagemagick <postponed> (Minor issue; OOB write through CLI parameters) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9 NOTE: https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 (7.1.2-0) CVE-2025-53019 (ImageMagick is free and open-source software used for editing and mani ...) - imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339) - [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 [bookworm] - imagemagick <no-dsa> (Minor issue) [bullseye] - imagemagick <postponed> (Minor issue; memory leak) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c (7.1.2-0) CVE-2025-53015 (ImageMagick is free and open-source software used for editing and mani ...) - imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339) - [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 [bookworm] - imagemagick <not-affected> (Vulnerable code introduced later) [bullseye] - imagemagick <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g @@ -1503,7 +1500,6 @@ CVE-2025-53015 (ImageMagick is free and open-source software used for editing an NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/fc4f67bb1b8eb1b61ae70e401482844086949721 (7.1.1-7) CVE-2025-53014 (ImageMagick is free and open-source software used for editing and mani ...) - imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339) - [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 [bookworm] - imagemagick <no-dsa> (Minor issue) [bullseye] - imagemagick <postponed> (Minor issue; OOB read in CLI) NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f @@ -26799,7 +26795,6 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenam NOTE: Proposed patch: https://lists.busybox.net/pipermail/busybox/2025-April/091461.html CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 7.1.1-44, ...) - imagemagick 8:7.1.1.46+dfsg1-1 - [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 [bookworm] - imagemagick <not-affected> (Vulnerable code introduced later) [bullseye] - imagemagick <not-affected> (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8fbf695f3ebe89058d3444c6440405a085a47a29 (7.1.0-30) @@ -26813,7 +26808,6 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...) {DLA-4139-1} - imagemagick 8:7.1.1.46+dfsg1-1 - [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1 [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3 NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 (7.1.1-44) NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a (6.9.13-22) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091ae51218ac5023a81de10f4c76fd0f9f6fcf29 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/091ae51218ac5023a81de10f4c76fd0f9f6fcf29 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
