Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c764baf by Salvatore Bonaccorso at 2025-07-19T07:49:41+02:00
Track imagemagick fixes via trixie
Those CVEs could not be anymore be fixed via unstable unless doing a
revert, which was not desirable here. So targeted fixes are going via
trixie without risk of beeing superseeded by the upper version directly
via testing migration. Track those fixes.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1168,14 +1168,17 @@ CVE-2025-53623 (The Job Iteration API is an an
extension for ActiveJob that make
NOT-FOR-US: Shopify extension
CVE-2025-53101 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
(7.1.2-0)
CVE-2025-53019 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c
(7.1.2-0)
CVE-2025-53015 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
[bookworm] - imagemagick <not-affected> (Vulnerable code introduced
later)
[bullseye] - imagemagick <not-affected> (Vulnerable code introduced
later)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
@@ -1184,6 +1187,7 @@ CVE-2025-53015 (ImageMagick is free and open-source
software used for editing an
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick/commit/fc4f67bb1b8eb1b61ae70e401482844086949721
(7.1.1-7)
CVE-2025-53014 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03
(7.1.2-0)
CVE-2025-52363 (Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root
password h ...)
@@ -26473,6 +26477,7 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR
archive can have filenam
NOTE: Proposed patch:
https://lists.busybox.net/pipermail/busybox/2025-April/091461.html
CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before
7.1.1-44, ...)
- imagemagick 8:7.1.1.46+dfsg1-1
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
[bookworm] - imagemagick <not-affected> (Vulnerable code introduced
later)
[bullseye] - imagemagick <not-affected> (Vulnerable code introduced
later)
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick/commit/8fbf695f3ebe89058d3444c6440405a085a47a29
(7.1.0-30)
@@ -26486,6 +26491,7 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware
V15.03.05.14_multi, the security
CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image
depth i ...)
{DLA-4139-1}
- imagemagick 8:7.1.1.46+dfsg1-1
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
[bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9
(7.1.1-44)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a
(6.9.13-22)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c764baf03ba444184f8954f2ec23f9e9a3775e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c764baf03ba444184f8954f2ec23f9e9a3775e9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
