[Git][security-tracker-team/security-tracker][master] Reserve DLA-4297-1 for imagemagick

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4903f363 by Bastien Roucariès at 2025-09-10T22:14:48+02:00
Reserve DLA-4297-1 for imagemagick

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17297,7 +17297,6 @@ CVE-2025-53101 (ImageMagick is free and open-source software used for editing an
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
 	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
-	[bullseye] - imagemagick <postponed> (Minor issue; OOB write through CLI parameters)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 (7.1.2-0)
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e (6.9.13-26)
@@ -17305,7 +17304,6 @@ CVE-2025-53019 (ImageMagick is free and open-source software used for editing an
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
 	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
-	[bullseye] - imagemagick <postponed> (Minor issue; memory leak)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c (7.1.2-0)
 CVE-2025-53015 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -17321,7 +17319,6 @@ CVE-2025-53014 (ImageMagick is free and open-source software used for editing an
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
 	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
-	[bullseye] - imagemagick <postponed> (Minor issue; OOB read in CLI)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 (7.1.2-0)
 CVE-2025-52363 (Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password h ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[10 Sep 2025] DLA-4297-1 imagemagick - security update
+	{CVE-2025-53014 CVE-2025-53019 CVE-2025-53101 CVE-2025-55154 CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807}
+	[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u6
 [08 Sep 2025] DLA-4296-1 qemu - security update
 	{CVE-2024-7409}
 	[bullseye] - qemu 1:5.2+dfsg-11+deb11u5


=====================================
data/dla-needed.txt
=====================================
@@ -181,10 +181,6 @@ icingaweb2
   NOTE: 20250603: I also saw in the release log that multiple issues were fixed without mentioning any CVE (dleidert)
   NOTE: 20250603: upstream should be asked about the patches for CVE 2025-* (dleidert)
 --
-imagemagick (rouca)
-  NOTE: 20250821: Added by Front-Desk (dleidert)
-  NOTE: 20250821: on the DSA list, PU (#1109572), new issues; coordinate with rouca (dleidert)
---
 intel-microcode
   NOTE: 20250813: Added by Front-Desk (lamby)
   NOTE: 20250821: DSA/PU planned; wait for DSA/PU and coordinate with maintainer (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4903f363aa3e0eac35ad06fdae7abbded656b8c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4903f363aa3e0eac35ad06fdae7abbded656b8c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250910/43671581/attachment-0001.htm>