[Git][security-tracker-team/security-tracker][master] Move two CVEs out of intersected list for CVEs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Sep 11 19:15:41 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4dc666c by Salvatore Bonaccorso at 2025-09-11T20:14:33+02:00
Move two CVEs out of intersected list for CVEs

As they only affect trixie, move them out of the DSA list as workaround
and only track the trixie version as fixed in the CVE list. The advisory
still references all CVEs which is fine.

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9224,12 +9224,14 @@ CVE-2025-55154 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/14234b2d3be45af1f71ffafd260532bbd8f81d39 (6.9.13-27)
 CVE-2025-55005 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111102)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
 	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp
 	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 (7.1.2-1)
 CVE-2025-55004 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.1+dfsg1-1 (bug #1111101)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
 	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw


=====================================
data/DSA/list
=====================================
@@ -1,5 +1,5 @@
 [12 Sep 2025] DSA-5997-1 imagemagick - security update
-	{CVE-2025-55004 CVE-2025-55005 CVE-2025-55154 CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807}
+	{CVE-2025-55154 CVE-2025-55212 CVE-2025-55298 CVE-2025-57803 CVE-2025-57807}
 	[bookworm] - imagemagick 6.9.11.60+dfsg-1.6+deb12u4
 	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u2
 [10 Sep 2025] DSA-5996-1 chromium - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dc666c5eb4585efccb85d114a8901d766819d2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4dc666c5eb4585efccb85d114a8901d766819d2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250911/a892c90c/attachment.htm>

More information about the debian-security-tracker-commits mailing list