[Git][security-tracker-team/security-tracker][master] imagemagick triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8b40f1f by Moritz Muehlenhoff at 2025-08-19T11:09:35+02:00
imagemagick triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1579,17 +1579,28 @@ CVE-2025-55163 (Netty is an asynchronous, event-driven network application frame
 	- netty <unfixed> (bug #1111105)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
 CVE-2025-55160 (ImageMagick is free and open-source software used for editing and mani ...)
-	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111104)
-	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x
+	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111104; unimportant)
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da (7.1.2-1)
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x (6.9.13-27)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/986bddf243da88768e8198ee07c758768c098108
+	NOTE: Negligible security impact
 CVE-2025-55154 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111103)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337 (7.1.2-1)
+	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/14234b2d3be45af1f71ffafd260532bbd8f81d39 (6.9.13-27)
 CVE-2025-55005 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111102)
+	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
+	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 (7.1.2-1)
 CVE-2025-55004 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111101)
+	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
+	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw
+	NOTE: https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa (7.1.2-1)
 CVE-2025-54809 (F5 Access for Android before version 3.1.2 which uses HTTPS does not v ...)
 	NOT-FOR-US: F5 Access for Android
 CVE-2025-54791 (OMERO.web provides a web based client and plugin infrastructure. Prior ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ gh/oldstable
 --
 guix
 --
+imagemagick
+--
 intel-microcode (carnil)
   Expose fixes first in unstable, evaluate with maintainer proposed-updates or DSA
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8b40f1fc9bb73ba28ec3c2183761e833de88a44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8b40f1fc9bb73ba28ec3c2183761e833de88a44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250819/70124662/attachment-0001.htm>