[Git][security-tracker-team/security-tracker][master] 2 commits: Move ImageMagick6 fix to the correct CVE

[Adrian Bunk (@bunk)]

Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
abd48329 by Adrian Bunk at 2025-04-25T15:47:19+03:00
Move ImageMagick6 fix to the correct CVE

- - - - -
ab524b92 by Adrian Bunk at 2025-04-25T16:00:12+03:00
CVE-2025-46393/imagemagick does not affect bookworm or bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -468,8 +468,10 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenam
 	NOTE: https://www.openwall.com/lists/oss-security/2025/04/23/1
 CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 7.1.1-44, ...)
 	- imagemagick 8:7.1.1.46+dfsg1-1
+	[bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
+	[bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8fbf695f3ebe89058d3444c6440405a085a47a29 (7.1.0-30)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/81ac8a0d2eb21739842ed18c48c7646b7eef65b8 (7.1.1-44)
-	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a (6.9.13-22)
 CVE-2025-45429 (In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there i ...)
 	NOT-FOR-US: Tenda
 CVE-2025-45428 (In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime par ...)
@@ -479,6 +481,7 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security
 CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...)
 	- imagemagick 8:7.1.1.46+dfsg1-1
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 (7.1.1-44)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a (6.9.13-22)
 CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk Managemen ...)
 	NOT-FOR-US: Ivanti
 CVE-2025-42605 (This vulnerability exists in Meon Bidding Solutions due to improper au ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0c66527fbbee3fceded2a509fa1f96fa5f7abca...ab524b920567a8c992c2566224a5b5d9773d6b58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b0c66527fbbee3fceded2a509fa1f96fa5f7abca...ab524b920567a8c992c2566224a5b5d9773d6b58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250425/af5ead5e/attachment.htm>