[Git][security-tracker-team/security-tracker][master] imagemagick/twig DSAs

Fri, 29 May 2026 11:33:25 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9a89d95d by Moritz Mühlenhoff at 2026-05-29T20:31:38+02:00
imagemagick/twig DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6319,7 +6319,6 @@ CVE-2026-46627
        NOTE: Upstream change only clarifies the documentation
 CVE-2026-46635
        - php-twig 3.26.0-1
-       [trixie] - php-twig <no-dsa> (Minor issue)
        [bookworm] - php-twig <no-dsa> (Minor issue)
        NOTE: 
https://symfony.com/blog/cve-2026-46635-sandbox-property-allowlist-bypass-via-the-column-filter-array-column-on-objects
        NOTE: 
https://github.com/twigphp/Twig/security/advisories/GHSA-vcc8-phrv-43wj
@@ -18628,7 +18627,6 @@ CVE-2025-12993
 CVE-2026-42050 (ImageMagick is free and open-source software used for editing 
and mani ...)
        {DSA-6298-1}
        - imagemagick 8:7.1.2.21+dfsg1-1
-       [bookworm] - imagemagick <postponed> (Minor issue, fix along with 
future update)
        [bullseye] - imagemagick <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/25980041f145afc621233a1c050291231b627c48
 (7.1.2-20)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[29 May 2026] DSA-6311-1 php-twig - security update
+       {CVE-2026-24425 CVE-2026-46627 CVE-2026-46628 CVE-2026-46629 
CVE-2026-46633 CVE-2026-46634 CVE-2026-46635 CVE-2026-46636 CVE-2026-46637 
CVE-2026-46638 CVE-2026-46640 CVE-2026-47730 CVE-2026-47732 CVE-2026-48805}
+       [trixie] - php-twig 3.27.0-0+deb13u1
+[29 May 2026] DSA-6310-1 imagemagick - security update
+       {CVE-2026-42050 CVE-2026-42326 CVE-2026-45031 CVE-2026-45359 
CVE-2026-45624 CVE-2026-45664 CVE-2026-46520 CVE-2026-46521 CVE-2026-46522 
CVE-2026-46523 CVE-2026-46559 CVE-2026-46692 CVE-2026-46693 CVE-2026-47165 
CVE-2026-47166}
+       [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u10
 [29 May 2026] DSA-6309-1 exim4 - security update
        {CVE-2026-48840}
        [bookworm] - exim4 4.96-15+deb12u10


=====================================
data/dsa-needed.txt
=====================================
@@ -46,8 +46,6 @@ gh/oldstable
 --
 gst-plugins-good1.0 (jmm)
 --
-imagemagick/oldstable (jmm)
---
 inkscape/oldstable
 --
 isc-kea/oldstable
@@ -89,8 +87,7 @@ perl (carnil)
 --
 php-laravel-framework/oldstable
 --
-php-twig
-  Maintainer will prepare updates
+php-twig/oldstable (jmm)
 --
 prometheus
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a89d95dcdc3c213b419014b79d3996605e1ce85

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a89d95dcdc3c213b419014b79d3996605e1ce85
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to