[Git][security-tracker-team/security-tracker][master] Reserve DLA-4433-1 for ruby-rmagick

Mon Jan 5 19:44:43 GMT 2026


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b49a779 by Utkarsh Gupta at 2026-01-06T01:14:27+05:30
Reserve DLA-4433-1 for ruby-rmagick

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -240175,7 +240175,6 @@ CVE-2023-5349 (A memory leak flaw was found in ruby-magick, an interface between
 	{DLA-3625-1}
 	- ruby-rmagick 5.3.0-1
 	[bookworm] - ruby-rmagick <no-dsa> (Minor issue)
-	[bullseye] - ruby-rmagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/rmagick/rmagick/pull/1406
 	NOTE: https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a (RMagick_5-3-0)
 CVE-2023-5684 (A vulnerability was found in Byzoro Smart S85F Management Platform up  ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[06 Jan 2026] DLA-4433-1 ruby-rmagick - security update
+	{CVE-2023-5349}
+	[bullseye] - ruby-rmagick 2.16.0-7+deb11u1
 [04 Jan 2026] DLA-4432-1 curl - security update
 	{CVE-2025-9086}
 	[bullseye] - curl 7.74.0-1.3+deb11u16


=====================================
data/dla-needed.txt
=====================================
@@ -360,11 +360,6 @@ python3.9 (andrewsh)
   NOTE: 20251214: Another round of CVEs is due to be fixed (dleidert/front-desk)
   NOTE: 20260201: Consider fixing python3.11/bookworm and python3.13/trixie (Beuc/front-desk)
 --
-ruby-rmagick (Utkarsh)
-  NOTE: 20260103: Added by Front-Desk (Beuc)
-  NOTE: 20260103: Low priority
-  NOTE: 20260103: Follow DLA-3625-1/buster on later dists (1 CVE) (Beuc/front-desk)
---
 runc
   NOTE: 20251105: Added by Front-Desk (Beuc)
   NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b49a779e36a178c13540da0327b2f96f9249019

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b49a779e36a178c13540da0327b2f96f9249019
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260105/438eb4c0/attachment-0001.htm>
