Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8205e318 by Salvatore Bonaccorso at 2026-01-20T09:35:56+01:00
Add CVE-2026-22770/imagemagick
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,7 +52,9 @@ CVE-2026-23844 (Whisper Money is a personal finance
application. Versions prior
CVE-2026-23837 (MyTube is a self-hosted downloader and player for several
video websit ...)
TODO: check
CVE-2026-22770 (ImageMagick is free and open-source software used for editing
and mani ...)
- TODO: check
+ - imagemagick <unfixed>
+ NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c
+ NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e
(7.1.2-13)
CVE-2026-22219 (Chainlit versions prior to 2.9.4 contain a server-side request
forgery ...)
TODO: check
CVE-2026-22218 (Chainlit versions prior to 2.9.4 contain an arbitrary file
read vulner ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8205e3180210079fd3b9ecfdc4a0eb66f3672e19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8205e3180210079fd3b9ecfdc4a0eb66f3672e19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
