[Git][security-tracker-team/security-tracker][master] imagemagick DSA

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jan 27 07:11:57 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1475aeb4 by Moritz Mühlenhoff at 2026-01-27T08:11:33+01:00
imagemagick DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2942,6 +2942,7 @@ CVE-2026-23837 (MyTube is a self-hosted downloader and player for several video
 	NOT-FOR-US: MyTube
 CVE-2026-22770 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.13+dfsg1-1 (bug #1126074)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u5
 	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[26 Jan 2026] DSA-6111-1 imagemagick - security update
+	{CVE-2026-23874 CVE-2026-23876 CVE-2026-23952}
+	[bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u6
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u5
 [25 Jan 2026] DSA-6110-1 openjdk-17 - security update
 	{CVE-2026-21925 CVE-2026-21932 CVE-2026-21933 CVE-2026-21945}
 	[bookworm] - openjdk-17 17.0.18+8-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -31,9 +31,6 @@ gimp (jmm)
 --
 git-lfs
 --
-imagemagick (jmm)
-  Bastien will prepare updates
---
 jackson-core
 --
 libreswan/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1475aeb433f059f22a489a5a4c467b0ee789935d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1475aeb433f059f22a489a5a4c467b0ee789935d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/f6703df1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list