Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f8b40f1f by Moritz Muehlenhoff at 2025-08-19T11:09:35+02:00
imagemagick triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1579,17 +1579,28 @@ CVE-2025-55163 (Netty is an asynchronous, event-driven
network application frame
- netty <unfixed> (bug #1111105)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
CVE-2025-55160 (ImageMagick is free and open-source software used for editing
and mani ...)
- - imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111104)
- NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
+ - imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111104; unimportant)
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da
(7.1.2-1)
+ NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
(6.9.13-27)
+ NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/986bddf243da88768e8198ee07c758768c098108
+ NOTE: Negligible security impact
CVE-2025-55154 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111103)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337
(7.1.2-1)
+ NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/14234b2d3be45af1f71ffafd260532bbd8f81d39
(6.9.13-27)
CVE-2025-55005 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111102)
+ [bookworm] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
+ [bullseye] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57
(7.1.2-1)
CVE-2025-55004 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111101)
+ [bookworm] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
+ [bullseye] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
+ NOTE:
https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa
(7.1.2-1)
CVE-2025-54809 (F5 Access for Android before version 3.1.2 which uses HTTPS
does not v ...)
NOT-FOR-US: F5 Access for Android
CVE-2025-54791 (OMERO.web provides a web based client and plugin
infrastructure. Prior ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ gh/oldstable
--
guix
--
+imagemagick
+--
intel-microcode (carnil)
Expose fixes first in unstable, evaluate with maintainer proposed-updates or
DSA
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8b40f1fc9bb73ba28ec3c2183761e833de88a44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8b40f1fc9bb73ba28ec3c2183761e833de88a44
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
