Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a43501e by Bastien Roucariès at 2026-07-05T17:05:23+02:00
CVE-2026-56369
Add a note about this CVE:
To avoid keystream reuse and the resulting information leaks, users would need
to
supply a different passphrase for every image, which is impractical and still
does
not meet modern cryptographic expectations. ImageMagick’s encipher feature
is therefore suitable only for casual obfuscation, not for security‑sensitive
encryption.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2210,7 +2210,7 @@ CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an
information disclosure v
- imagemagick 8:7.1.2.23+dfsg1-1
[trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qv2q-c278-pch5
- TODO: check fixing commit in 7.1.2-22
+ NOTE: Fixed by documentation upgrade
https://github.com/ImageMagick/ImageMagick/issues/8837#event-27569522488
CVE-2026-56365 (ImageMagick before 7.1.2-19 contains a memory leak
vulnerability in th ...)
- imagemagick 8:7.1.2.19+dfsg1-1
[trixie] - imagemagick <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a43501ee868674ad7c702ca01aaa699248fd646
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a43501ee868674ad7c702ca01aaa699248fd646
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits