[Git][security-tracker-team/security-tracker][master] Update CVE-2025-27795/graphicsmagick - does not affect bullseye
Carlos Henrique Lima Melara (@charles)
gitlab at salsa.debian.org
Sat Mar 29 18:37:15 GMT 2025
Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a456a053 by Carlos Henrique Lima Melara at 2025-03-29T15:36:51-03:00
Update CVE-2025-27795/graphicsmagick - does not affect bullseye
Support for jpeg-XL was only introduced in version 1.3.38 (de5b3c1ea727).
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6472,6 +6472,7 @@ CVE-2025-27796 (ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles p
NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/883ebf8cae6dfa5873d975fe3476b1a188ef3f9f
CVE-2025-27795 (ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimens ...)
- graphicsmagick 1.4+really1.3.45+hg17689-1 (bug #1099955)
+ [bullseye] - graphicsmagick <not-affected> (Vulnerable code only introduced in 1.3.38)
NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
CVE-2025-27598 (ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability ...)
NOT-FOR-US: ImageSharp
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a456a053eae8078269d0e1f947590ce690862aaa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a456a053eae8078269d0e1f947590ce690862aaa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250329/905187c1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list