Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1c01ac2e by Moritz Mühlenhoff at 2026-07-07T22:57:51+02:00
imagemagick DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3135,7 +3135,6 @@ CVE-2026-56399 (Open WebUI before 0.6.27 contains a
server-side request forgery
NOT-FOR-US: Open WebUI
CVE-2026-56377 (ImageMagick before 7.1.2-24 contains an incorrect policy check
that al ...)
- imagemagick 8:7.1.2.24+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/3705205e1424d379c2fc46c026c8560ccea0509e
(7.1.2-24)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/a2aa44ce71f0950522a104bbd4daa7b8a0b6709c
(6.9.13-49)
@@ -3145,25 +3144,21 @@ CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an
information disclosure v
NOTE: Fixed by documentation upgrade
https://github.com/ImageMagick/ImageMagick/issues/8837#event-27569522488
CVE-2026-56365 (ImageMagick before 7.1.2-19 contains a memory leak
vulnerability in th ...)
- imagemagick 8:7.1.2.19+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/ca761f220bbf0470e2e7967639bcfb5be305ad28
(7.1.2-19)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/28ed1c9993fe437a44c00bee2ee20d58f7e0204c
(6.9.13-44)
CVE-2026-56364 (ImageMagick before 7.1.2-13 contains a memory leak
vulnerability in Lo ...)
- imagemagick 8:7.1.2.13+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
NOTE: Fixed by [1/2]:
https://github.com/ImageMagick/ImageMagick/commit/951f6b0940224afc469f6a72503d6e011c688d02
(7.1.2-13)
NOTE: Fixed by [2/2]:
https://github.com/ImageMagick/ImageMagick/commit/5fd4e5ad05a986b00e1519fa308ca3c5cf3d09d8
(7.1.2-14)
CVE-2026-56363 (ImageMagick before 7.1.2-22 contains a division by zero
vulnerability ...)
- imagemagick 8:7.1.2.23+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/d67eef71764cfeca07b4edf8a8ae922180f5f2e4
(7.1.2-22)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7a48e0b3107608c7d87a172473cfd5294bc9e81f
(6.9.13-47)
CVE-2026-56361 (ImageMagick before 7.1.2-19 contains an off-by-one error in
morphology ...)
- imagemagick 8:7.1.2.19+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a6bfb1bb7b4017ec52f5a957641d83ce29b63286
(7.1.2-19)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/cb02de6a5b527edc51982408ad719d76c6699d78
(6.9.13-44)
@@ -9306,13 +9301,11 @@ CVE-2026-56761 (hono before 4.12.14 contains an html
injection vulnerability in
NOT-FOR-US: Hono
CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access
vulnerabi ...)
- imagemagick 8:7.1.2.19+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/2ab24d74865ab92faeeefe0fec890abf1e88e57c
(7.1.2-19)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/60b4e60841b429d719c59144e2505c8b0135367d
(6.9.13-44)
CVE-2026-56368 (ImageMagick before 7.1.2-15 contains a memory leak
vulnerability in mu ...)
- imagemagick 8:7.1.2.15+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/fe0a49a58ac5b7a18ff2618b6207dcad71123e43
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/eeab39181be971c1b5871dbb82a3d2a666454772
(6.9.13-39)
@@ -11133,13 +11126,11 @@ CVE-2026-56379 (ImageMagick before 7.1.2-15 and
6.9.13-40 contains a command inj
NOTE: trixie fixed by backporting svg/msl to 7.1.2-16
CVE-2026-56376 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap
use-after-fr ...)
- imagemagick 8:7.1.2.15+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/94062bdf70dacc9714f2ff46a5920ceac63836cf
(6.9.13-39)
CVE-2026-56371 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory
leak in co ...)
- imagemagick 8:7.1.2.15+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/073e3e31bb8f3646db365994cf618e998853bef7
(6.9.13-39)
@@ -12297,13 +12288,11 @@ CVE-2025-71348 (picklescan before 0.0.28 fails to
detect malicious pickle files
NOT-FOR-US: picklescan
CVE-2026-56367 (ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40
contains an int ...)
- imagemagick 8:7.1.2.15+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/f4976eb8efe87009eec7cb12f62a3abd1cef4881
(6.9.13-39)
CVE-2026-56378 (ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40)
contains a heap ...)
- imagemagick 8:7.1.2.15+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
(7.1.2-14)
CVE-2026-52911 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Jul 2026] DSA-6383-1 imagemagick - security update
+ {CVE-2026-53466 CVE-2026-53467 CVE-2026-55577 CVE-2026-55594
CVE-2026-55597 CVE-2026-55628 CVE-2026-56361 CVE-2026-56363 CVE-2026-56364
CVE-2026-56365 CVE-2026-56367 CVE-2026-56368 CVE-2026-56370 CVE-2026-56371
CVE-2026-56376 CVE-2026-56377 CVE-2026-56378}
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u11
[07 Jul 2026] DSA-6382-1 postfix - security update
[trixie] - postfix 3.10.12-0+deb13u2
[05 Jul 2026] DSA-6381-1 linux - security update
=====================================
data/dsa-needed.txt
=====================================
@@ -42,9 +42,6 @@ hplip
icinga2
Maintainers contacted for updates
--
-imagemagick
- Bastien Roucaries will prepare an update
---
jackson-databind
--
jetty9
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c01ac2eb95d8da31e6dfde1784a08d5dc0b1b31
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c01ac2eb95d8da31e6dfde1784a08d5dc0b1b31
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits