Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02423526 by Bastien Roucariès at 2026-03-16T01:37:29+01:00
CVE-2026-25966
Document that bookworm and bullseye not affected
This is policy bug for hardened policy, these policies are not shipped before
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8471,9 +8471,13 @@ CVE-2026-25967 (ImageMagick is free and open-source
software used for editing an
CVE-2026-25966 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
+ [bookworm] - imagemagick <not-affected> (vulnerable code introduced
later)
+ [bullseye] - imagemagick <not-affected> (vulnerable code introduced
later)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xwc6-v6g8-pw2h
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/8d4c67a90ae458fb36393a05c0069e9123ac174c
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/2c2f87de5330cd895fab9ea6228577b30acd1c7a
(6.9.13-39)
+ NOTE: Policy introduced by
https://github.com/ImageMagick/ImageMagick6/commit/ba3905764b8f995706dcea915ea587fb79dbd490
(6.9.12-94)
+ NOTE: Only one default policy before 6.9.12-94
CVE-2026-25965 (ImageMagick is free and open-source software used for editing
and mani ...)
{DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0242352654ad44afa4500bac597e4120a856f5a7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0242352654ad44afa4500bac597e4120a856f5a7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
