[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7f7938b8 by Moritz Muehlenhoff at 2026-01-04T23:22:07+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2219,6 +2219,8 @@ CVE-2025-69210 (FacturaScripts is open-source enterprise resource planning and a
 CVE-2025-69204 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DLA-4429-1}
 	- imagemagick 8:7.1.2.12+dfsg1-1
+	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e (7.1.2-12)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c46bc2a29d0712499173c6ffda1d38d7dc8861f5 (6.9.13-37)
@@ -2339,6 +2341,8 @@ CVE-2025-68974 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-68950 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DLA-4429-1}
 	- imagemagick 8:7.1.2.12+dfsg1-1
+	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec (7.1.2-12)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540 (6.9.13-37)
@@ -2347,6 +2351,8 @@ CVE-2025-68926 (RustFS is a distributed object storage system built in Rust. In
 CVE-2025-68618 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DLA-4429-1}
 	- imagemagick 8:7.1.2.12+dfsg1-1
+	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb (7.1.2-12)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e (6.9.13-37)
@@ -15763,6 +15769,8 @@ CVE-2025-66478
 	REJECTED
 CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written entirely  ...)
 	- rhino <unfixed> (bug #1121953)
+	[trixie] - rhino <no-dsa> (Minor issue)
+	[bookworm] - rhino <no-dsa> (Minor issue)
 	[bullseye] - rhino <postponed> (Minor issue)
 	NOTE: https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x
 	NOTE: Fixed by: https://github.com/mozilla/rhino/commit/b333c3ec7a86409d62b0aab315129584fe18cb9e (Rhino1_7_15_1_Release)
@@ -796757,8 +796765,7 @@ CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admi
 CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/ind ...)
 	- phplist <itp> (bug #612288)
 CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authenticatio ...)
-	- gimp <unfixed> (unimportant)
-	NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
+	NOTE: Bogus issue: The interface isn't designed or advertised to be secure
 CVE-2012-4244 (ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9. ...)
 	{DSA-2547-1}
 	- bind9 1:9.8.4.dfsg-1 (bug #693015)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7938b854017f2758285069e258d54d5196a11f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f7938b854017f2758285069e258d54d5196a11f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260104/f339b12f/attachment.htm>