Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6162f9d7 by Moritz Muehlenhoff at 2026-06-12T09:03:01+02:00
trixie / imagemagick triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -77,10 +77,14 @@ CVE-2026-53634 (Sharp is a content management framework
built for Laravel as a p
NOT-FOR-US: Sharp
CVE-2026-53465 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
+ [bookworm] - imagemagick <not-affected> (SF3 support added in IM7)
+ [bullseye] - imagemagick <not-affected> (SF3 support added in IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e8a61457c90fcc632217cf5504da5c31e4b8d95c
(7.1.2-25)
CVE-2026-53464 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
+ [bookworm] - imagemagick <not-affected> (Vulnerable code not present)
+ [bullseye] - imagemagick <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/310e325e65f5171f35ec6305c9c21ec253d80852
(7.1.2-25)
CVE-2026-53463 (ImageMagick is free and open-source software used for editing
and mani ...)
@@ -156,6 +160,8 @@ CVE-2026-48733 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/1a59a4f31acca06f90a1f83424ef991a60f76b61
(6.9.13-49)
CVE-2026-48724 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.24+dfsg1-1
+ [bookworm] - imagemagick <not-affected> (Vulnerable code not present,
introduced in IM7)
+ [bullseye] - imagemagick <not-affected> (Vulnerable code not present,
introduced in IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/017c7efe4d63b953b35ab96fc0939ba3620e4739
(7.1.2-24)
CVE-2026-48547 (KanaDojo contains a command injection vulnerability that
allows an att ...)
@@ -433,6 +439,7 @@ CVE-2026-10143 (kafka-python prior to 2.3.2 contains a
denial-of-service vulnera
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
CVE-2026-6893 (A flaw was found in dracut. A remote attacker on the adjacent
network ...)
- dracut <unfixed> (bug #1139725)
+ [trixie] - dracut <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2459963
NOTE: https://github.com/dracut-ng/dracut/pull/2469
CVE-2026-53472
@@ -64386,7 +64393,7 @@ CVE-2026-26981 (OpenEXR provides the specification and
reference implementation
NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8
(v3.3.7-rc)
CVE-2026-26331 (yt-dlp is a command-line audio/video downloader. Starting in
version 2 ...)
- yt-dlp 2026.02.21-1
- [trixie] - yt-dlp <no-dsa> (Minor issue)
+ [trixie] - yt-dlp <ignored> (Minor issue)
[bookworm] - yt-dlp <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
NOTE: Introduced with:
https://github.com/yt-dlp/yt-dlp/commit/db3ad8a67661d7b234a6954d9c6a4a9b1749f5eb
(2023.06.21)
=====================================
data/dsa-needed.txt
=====================================
@@ -34,6 +34,8 @@ firebird3.0
--
firebird4.0
--
+imagemagick
+--
jetty9
--
jetty12
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6162f9d7f266ebbb4a51c804d0d00082ba096b5a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6162f9d7f266ebbb4a51c804d0d00082ba096b5a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits