[Git][security-tracker-team/security-tracker][master] Add first small batch of imagemagick issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f51018ba by Salvatore Bonaccorso at 2026-02-24T14:44:26+01:00
Add first small batch of imagemagick issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,7 +85,10 @@ CVE-2026-26981 (OpenEXR provides the specification and reference implementation
 CVE-2026-26331 (yt-dlp is a command-line audio/video downloader. Starting in version 2 ...)
 	TODO: check
 CVE-2026-26284 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wrhr-rf8j-r842
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0c9ffcf55763e5daf1b61dfed0deed1aa43e217f (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5204a166fd2463905025378303c7e3715163d0e7 (6.9.13-39)
 CVE-2026-26283 (ImageMagick is free and open-source software used for editing and mani ...)
 	TODO: check
 CVE-2026-26198 (Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0 ...)
@@ -161,11 +164,23 @@ CVE-2026-25545 (Astro is a web framework. Prior to version 9.5.4, Server-Side Re
 CVE-2026-25501 (free5GC SMF provides Session Management Function for free5GC, an open- ...)
 	TODO: check
 CVE-2026-24485 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50 (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5 (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/75904c39049ec0b8d81eb7131bb05c0b23ad3189 (6.9.13-39)
 CVE-2026-24484 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/f4525ad83d3876a9a07b74ef1fed4cb21a5332dd (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c47b28f700fc454e4f7c16e197a55149120697ea (6.9.13-39)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/151dcb4f0246d1285cbd756a1f32797894ad5da5 (6.9.13-39)
 CVE-2026-24481 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97 (7.1.2-14)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/38872ec2a70084813883ea152f18497911823c18 (6.9.13-39)
 CVE-2026-24314 (Under certain conditions SAP S/4HANA (Manage Payment Media) allows an  ...)
 	NOT-FOR-US: SAP
 CVE-2026-23694 (Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions pr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f51018bad734b241a28d6e9a3211618b96ad5381

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f51018bad734b241a28d6e9a3211618b96ad5381
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260224/51b08e27/attachment.htm>