Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker
/ security-tracker
Commits:
a456a053 by Carlos Henrique Lima Melara at 2025-03-29T15:36:51-03:00
Update CVE-2025-27795/graphicsmagick - does not affect bullseye
Support for jpeg-XL was only introduced in version 1.3.38 (de5b3c1ea727).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6472,6 +6472,7 @@ CVE-2025-27796 (ReadWPGImage in WPG in GraphicsMagick
before 1.3.46 mishandles p
NOTE:
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
CVE-2025-27795 (ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks
image dimens ...)
- graphicsmagick 1.4+really1.3.45+hg17689-1 (bug #1099955)
+ [bullseye] - graphicsmagick <not-affected> (Vulnerable code only
introduced in 1.3.38)
NOTE:
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
CVE-2025-27598 (ImageSharp is a 2D graphics API. An Out-of-bounds Write
vulnerability ...)
NOT-FOR-US: ImageSharp
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a456a053eae8078269d0e1f947590ce690862aaa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a456a053eae8078269d0e1f947590ce690862aaa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
