Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b4dc666c by Salvatore Bonaccorso at 2025-09-11T20:14:33+02:00
Move two CVEs out of intersected list for CVEs
As they only affect trixie, move them out of the DSA list as workaround
and only track the trixie version as fixed in the CVE list. The advisory
still references all CVEs which is fine.
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9224,12 +9224,14 @@ CVE-2025-55154 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/14234b2d3be45af1f71ffafd260532bbd8f81d39
(6.9.13-27)
CVE-2025-55005 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111102)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
[bookworm] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
[bullseye] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57
(7.1.2-1)
CVE-2025-55004 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111101)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
[bookworm] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
[bullseye] - imagemagick <not-affected> (Vulnerable code not present,
specific to IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
[12 Sep 2025] DSA-5997-1 imagemagick - security update
- {CVE-2025-55004 CVE-2025-55005 CVE-2025-55154 CVE-2025-55212
CVE-2025-55298 CVE-2025-57803 CVE-2025-57807}
+ {CVE-2025-55154 CVE-2025-55212 CVE-2025-55298 CVE-2025-57803
CVE-2025-57807}
[bookworm] - imagemagick 6.9.11.60+dfsg-1.6+deb12u4
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
[10 Sep 2025] DSA-5996-1 chromium - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dc666c5eb4585efccb85d114a8901d766819d2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dc666c5eb4585efccb85d114a8901d766819d2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
