[Git][security-tracker-team/security-tracker][master] Add three new imagemagick issues

Tue Dec 30 20:33:00 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d430cc6 by Salvatore Bonaccorso at 2025-12-30T21:32:34+01:00
Add three new imagemagick issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,7 +10,10 @@ CVE-2025-69256 (The Serverless Framework is a framework for using AWS Lambda and
 CVE-2025-69210 (FacturaScripts is open-source enterprise resource planning and account ...)
 	TODO: check
 CVE-2025-69204 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.12+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e (7.1.2-12)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c46bc2a29d0712499173c6ffda1d38d7dc8861f5 (6.9.13-37)
 CVE-2025-69093 (Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for- ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-69092 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -126,11 +129,17 @@ CVE-2025-68975 (Authorization Bypass Through User-Controlled Key vulnerability i
 CVE-2025-68974 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68950 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.12+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec (7.1.2-12)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540 (6.9.13-37)
 CVE-2025-68926 (RustFS is a distributed object storage system built in Rust. In versio ...)
 	TODO: check
 CVE-2025-68618 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick 8:7.1.2.12+dfsg1-1
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb (7.1.2-12)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e (6.9.13-37)
 CVE-2025-66848 (JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r ...)
 	TODO: check
 CVE-2025-66835 (TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d430cc6f2bfcab3b1a597f38b7c2052baba0065

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d430cc6f2bfcab3b1a597f38b7c2052baba0065
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/923d582f/attachment.htm>
