[Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed imagemagick update via trixie-pu

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab26a0d9 by Salvatore Bonaccorso at 2025-08-09T12:17:03+02:00
Track proposed imagemagick update via trixie-pu

- - - - -
786c07aa by Salvatore Bonaccorso at 2025-08-09T12:19:18+02:00
Mark imagemagick issues as no-dsa for trixie

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6582,18 +6582,21 @@ CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make
 	NOT-FOR-US: Shopify extension
 CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <postponed> (Minor issue; OOB write through CLI parameters)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 (7.1.2-0)
 CVE-2025-53019 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <postponed> (Minor issue; memory leak)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c (7.1.2-0)
 CVE-2025-53015 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
@@ -6602,6 +6605,7 @@ CVE-2025-53015 (ImageMagick is free and open-source software used for editing an
 	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/fc4f67bb1b8eb1b61ae70e401482844086949721 (7.1.1-7)
 CVE-2025-53014 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
+	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <postponed> (Minor issue; OOB read in CLI)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
@@ -31957,6 +31961,7 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenam
 	NOTE: Proposed patch: https://lists.busybox.net/pipermail/busybox/2025-April/091461.html
 CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 7.1.1-44, ...)
 	- imagemagick 8:7.1.1.46+dfsg1-1
+	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8fbf695f3ebe89058d3444c6440405a085a47a29 (7.1.0-30)
@@ -31970,6 +31975,7 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security
 CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...)
 	{DLA-4139-1}
 	- imagemagick 8:7.1.1.46+dfsg1-1
+	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 (7.1.1-44)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a (6.9.13-22)


=====================================
data/next-point-update.txt
=====================================
@@ -0,0 +1,12 @@
+CVE-2025-53014
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
+CVE-2025-53015
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
+CVE-2025-53019
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
+CVE-2025-53101
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
+CVE-2025-43965
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
+CVE-2025-46393
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f0732608e86ecb7b61fab71a26f21145c7ad56c...786c07aa59655462bf4101312e6b37692a0ddbaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f0732608e86ecb7b61fab71a26f21145c7ad56c...786c07aa59655462bf4101312e6b37692a0ddbaf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250809/6ed0088c/attachment-0001.htm>