Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8d430cc6 by Salvatore Bonaccorso at 2025-12-30T21:32:34+01:00
Add three new imagemagick issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10,7 +10,10 @@ CVE-2025-69256 (The Serverless Framework is a framework for
using AWS Lambda and
CVE-2025-69210 (FacturaScripts is open-source enterprise resource planning and
account ...)
TODO: check
CVE-2025-69204 (ImageMagick is free and open-source software used for editing
and mani ...)
- TODO: check
+ - imagemagick 8:7.1.2.12+dfsg1-1
+ NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e
(7.1.2-12)
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/c46bc2a29d0712499173c6ffda1d38d7dc8861f5
(6.9.13-37)
CVE-2025-69093 (Missing Authorization vulnerability in wpdesk ShopMagic
shopmagic-for- ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-69092 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -126,11 +129,17 @@ CVE-2025-68975 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2025-68974 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-68950 (ImageMagick is free and open-source software used for editing
and mani ...)
- TODO: check
+ - imagemagick 8:7.1.2.12+dfsg1-1
+ NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec
(7.1.2-12)
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540
(6.9.13-37)
CVE-2025-68926 (RustFS is a distributed object storage system built in Rust.
In versio ...)
TODO: check
CVE-2025-68618 (ImageMagick is free and open-source software used for editing
and mani ...)
- TODO: check
+ - imagemagick 8:7.1.2.12+dfsg1-1
+ NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb
(7.1.2-12)
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e
(6.9.13-37)
CVE-2025-66848 (JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000
(4.3.1.r ...)
TODO: check
CVE-2025-66835 (TrueConf Client 8.5.2 is vulnerable to DLL hijacking via
crafted wfapi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d430cc6f2bfcab3b1a597f38b7c2052baba0065
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d430cc6f2bfcab3b1a597f38b7c2052baba0065
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
