Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1c01ac2e by Moritz Mühlenhoff at 2026-07-07T22:57:51+02:00
imagemagick DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3135,7 +3135,6 @@ CVE-2026-56399 (Open WebUI before 0.6.27 contains a 
server-side request forgery
        NOT-FOR-US: Open WebUI
 CVE-2026-56377 (ImageMagick before 7.1.2-24 contains an incorrect policy check 
that al ...)
        - imagemagick 8:7.1.2.24+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm48-c7f2-v67p
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/3705205e1424d379c2fc46c026c8560ccea0509e
 (7.1.2-24)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/a2aa44ce71f0950522a104bbd4daa7b8a0b6709c
 (6.9.13-49)
@@ -3145,25 +3144,21 @@ CVE-2026-56369 (ImageMagick before 7.1.2-22 contains an 
information disclosure v
        NOTE: Fixed by documentation upgrade 
https://github.com/ImageMagick/ImageMagick/issues/8837#event-27569522488
 CVE-2026-56365 (ImageMagick before 7.1.2-19 contains a memory leak 
vulnerability in th ...)
        - imagemagick 8:7.1.2.19+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-x928-4434-crqj
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/ca761f220bbf0470e2e7967639bcfb5be305ad28
 (7.1.2-19)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/28ed1c9993fe437a44c00bee2ee20d58f7e0204c
 (6.9.13-44)
 CVE-2026-56364 (ImageMagick before 7.1.2-13 contains a memory leak 
vulnerability in Lo ...)
        - imagemagick 8:7.1.2.13+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp59-x883-77qv
        NOTE: Fixed by [1/2]: 
https://github.com/ImageMagick/ImageMagick/commit/951f6b0940224afc469f6a72503d6e011c688d02
 (7.1.2-13)
        NOTE: Fixed by [2/2]: 
https://github.com/ImageMagick/ImageMagick/commit/5fd4e5ad05a986b00e1519fa308ca3c5cf3d09d8
 (7.1.2-14)
 CVE-2026-56363 (ImageMagick before 7.1.2-22 contains a division by zero 
vulnerability  ...)
        - imagemagick 8:7.1.2.23+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vf33-6r7x-66xx
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/d67eef71764cfeca07b4edf8a8ae922180f5f2e4
 (7.1.2-22)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/7a48e0b3107608c7d87a172473cfd5294bc9e81f
 (6.9.13-47)
 CVE-2026-56361 (ImageMagick before 7.1.2-19 contains an off-by-one error in 
morphology ...)
        - imagemagick 8:7.1.2.19+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q8h3-jv9v-57qx
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/a6bfb1bb7b4017ec52f5a957641d83ce29b63286
 (7.1.2-19)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/cb02de6a5b527edc51982408ad719d76c6699d78
 (6.9.13-44)
@@ -9306,13 +9301,11 @@ CVE-2026-56761 (hono before 4.12.14 contains an html 
injection vulnerability in
        NOT-FOR-US: Hono
 CVE-2026-56370 (ImageMagick before 7.1.2-19 contains an out-of-bounds access 
vulnerabi ...)
        - imagemagick 8:7.1.2.19+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmpg-6pww-fg6q
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/2ab24d74865ab92faeeefe0fec890abf1e88e57c
 (7.1.2-19)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/60b4e60841b429d719c59144e2505c8b0135367d
 (6.9.13-44)
 CVE-2026-56368 (ImageMagick before 7.1.2-15 contains a memory leak 
vulnerability in mu ...)
        - imagemagick 8:7.1.2.15+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wfx3-6g53-9fgc
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/fe0a49a58ac5b7a18ff2618b6207dcad71123e43
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/eeab39181be971c1b5871dbb82a3d2a666454772
 (6.9.13-39)
@@ -11133,13 +11126,11 @@ CVE-2026-56379 (ImageMagick before 7.1.2-15 and 
6.9.13-40 contains a command inj
        NOTE: trixie fixed by backporting svg/msl to 7.1.2-16
 CVE-2026-56376 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap 
use-after-fr ...)
        - imagemagick 8:7.1.2.15+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2gq3-ww97-wfjm
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/f5049954f12c6fcf090a776767526d2a4708d58b
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/94062bdf70dacc9714f2ff46a5920ceac63836cf
 (6.9.13-39)
 CVE-2026-56371 (ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory 
leak in co ...)
        - imagemagick 8:7.1.2.15+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3q5f-gmjc-38r8
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/073e3e31bb8f3646db365994cf618e998853bef7
 (6.9.13-39)
@@ -12297,13 +12288,11 @@ CVE-2025-71348 (picklescan before 0.0.28 fails to 
detect malicious pickle files
        NOT-FOR-US: picklescan
 CVE-2026-56367 (ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40 
contains an int ...)
        - imagemagick 8:7.1.2.15+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/f4976eb8efe87009eec7cb12f62a3abd1cef4881
 (6.9.13-39)
 CVE-2026-56378 (ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) 
contains a heap ...)
        - imagemagick 8:7.1.2.15+dfsg1-1
-       [trixie] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
 (7.1.2-14)
 CVE-2026-52911 (In the Linux kernel, the following vulnerability has been 
resolved:  k ...)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Jul 2026] DSA-6383-1 imagemagick - security update
+       {CVE-2026-53466 CVE-2026-53467 CVE-2026-55577 CVE-2026-55594 
CVE-2026-55597 CVE-2026-55628 CVE-2026-56361 CVE-2026-56363 CVE-2026-56364 
CVE-2026-56365 CVE-2026-56367 CVE-2026-56368 CVE-2026-56370 CVE-2026-56371 
CVE-2026-56376 CVE-2026-56377 CVE-2026-56378}
+       [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u11
 [07 Jul 2026] DSA-6382-1 postfix - security update
        [trixie] - postfix 3.10.12-0+deb13u2
 [05 Jul 2026] DSA-6381-1 linux - security update


=====================================
data/dsa-needed.txt
=====================================
@@ -42,9 +42,6 @@ hplip
 icinga2
   Maintainers contacted for updates
 --
-imagemagick
-  Bastien Roucaries will prepare an update
---
 jackson-databind
 --
 jetty9



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c01ac2eb95d8da31e6dfde1784a08d5dc0b1b31

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c01ac2eb95d8da31e6dfde1784a08d5dc0b1b31
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to