[Git][security-tracker-team/security-tracker][master] Reserve DLA-4429-1 for imagemagick

Wed Dec 31 14:18:58 GMT 2025


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96b25696 by Bastien Roucariès at 2025-12-31T15:18:39+01:00
Reserve DLA-4429-1 for imagemagick

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5155,7 +5155,6 @@ CVE-2025-7047 (Missing Authorization vulnerability in Utarit Informatics Service
 CVE-2025-68469 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:6.9.12.98+dfsg1-2
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
-	[bullseye] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fff3-4rp7-px97
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ac1f7ca1d88e14d30e5ae9bd30aad150bdbec20e (7.1.1-13)
@@ -9328,7 +9327,6 @@ CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or con
 	- imagemagick 8:7.1.2.12+dfsg1-1 (bug #1122584)
 	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
-	[bullseye] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bdae0681ad1e572defe62df85834218f01e6d670 (7.1.2-10)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7779f1ff772dfabe545c67fb2f3bfa8f7a845a2d (6.9.13-35)
@@ -13883,7 +13881,6 @@ CVE-2025-65955 (ImageMagick is free and open-source software used for editing an
 	- imagemagick 8:7.1.2.12+dfsg1-1 (bug #1122827)
 	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
-	[bullseye] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
 	NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 (7.0.1-0)
 	NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/389ba19fa12920416a02f05abf11e40f3d44b4da (6.9.4-0)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Dec 2025] DLA-4429-1 imagemagick - security update
+	{CVE-2025-65955 CVE-2025-66628 CVE-2025-68469 CVE-2025-68618 CVE-2025-68950 CVE-2025-69204}
+	[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u8
 [30 Dec 2025] DLA-4428-1 mediawiki - security update
 	{CVE-2025-67475 CVE-2025-67478 CVE-2025-67479 CVE-2025-67480 CVE-2025-67481 CVE-2025-67482 CVE-2025-67484}
 	[bullseye] - mediawiki 1:1.35.13-1+deb11u6


=====================================
data/dla-needed.txt
=====================================
@@ -186,10 +186,6 @@ hdf5
   NOTE: 20251128: A priori there are no current CVEs to fix within the new limited support status,
   NOTE: 20251128: so let's drop this when the d-s-s MR is merged. (Beuc)
 --
-imagemagick
-  NOTE: 20251229: Added by Front-Desk (Beuc)
-  NOTE: 20251229: Requested by maintainer (rouca) to sync with upcoming SPU, cf. #1118414 (Beuc/front-desk)
---
 jackson-core (Markus Koschany)
   NOTE: 20250707: Added by Front-Desk (apo)
   NOTE: 20251016: A single patch is not possible to apply to fix the CVE. I'm working on backporting more than one.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96b256960d011a9dfb32953c88029df6689bda2a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96b256960d011a9dfb32953c88029df6689bda2a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251231/9640f34e/attachment-0001.htm>
