[Git][security-tracker-team/security-tracker][master] trixie / imagemagick triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 12 08:04:09 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6162f9d7 by Moritz Muehlenhoff at 2026-06-12T09:03:01+02:00
trixie / imagemagick triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,10 +77,14 @@ CVE-2026-53634 (Sharp is a content management framework built for Laravel as a p
 	NOT-FOR-US: Sharp
 CVE-2026-53465 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
+	[bookworm] - imagemagick <not-affected> (SF3 support added in IM7)
+	[bullseye] - imagemagick <not-affected> (SF3 support added in IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e8a61457c90fcc632217cf5504da5c31e4b8d95c (7.1.2-25)
 CVE-2026-53464 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
+	[bookworm] - imagemagick <not-affected> (Vulnerable code not present)
+	[bullseye] - imagemagick <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/310e325e65f5171f35ec6305c9c21ec253d80852 (7.1.2-25)
 CVE-2026-53463 (ImageMagick is free and open-source software used for editing and mani ...)
@@ -156,6 +160,8 @@ CVE-2026-48733 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/1a59a4f31acca06f90a1f83424ef991a60f76b61 (6.9.13-49)
 CVE-2026-48724 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.24+dfsg1-1
+	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, introduced in IM7)
+	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, introduced in IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/017c7efe4d63b953b35ab96fc0939ba3620e4739 (7.1.2-24)
 CVE-2026-48547 (KanaDojo contains a command injection vulnerability that allows an att ...)
@@ -433,6 +439,7 @@ CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service vulnera
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
 CVE-2026-6893 (A flaw was found in dracut. A remote attacker on the adjacent network  ...)
 	- dracut <unfixed> (bug #1139725)
+	[trixie] - dracut <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2459963
 	NOTE: https://github.com/dracut-ng/dracut/pull/2469
 CVE-2026-53472
@@ -64386,7 +64393,7 @@ CVE-2026-26981 (OpenEXR provides the specification and reference implementation
 	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/d2be382758adc3e9ab83a3de35138ec28d93ebd8 (v3.3.7-rc)
 CVE-2026-26331 (yt-dlp is a command-line audio/video downloader. Starting in version 2 ...)
 	- yt-dlp 2026.02.21-1
-	[trixie] - yt-dlp <no-dsa> (Minor issue)
+	[trixie] - yt-dlp <ignored> (Minor issue)
 	[bookworm] - yt-dlp <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-g3gw-q23r-pgqm
 	NOTE: Introduced with: https://github.com/yt-dlp/yt-dlp/commit/db3ad8a67661d7b234a6954d9c6a4a9b1749f5eb (2023.06.21)


=====================================
data/dsa-needed.txt
=====================================
@@ -34,6 +34,8 @@ firebird3.0
 --
 firebird4.0
 --
+imagemagick
+--
 jetty9
 --
 jetty12



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6162f9d7f266ebbb4a51c804d0d00082ba096b5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6162f9d7f266ebbb4a51c804d0d00082ba096b5a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/21c25e64/attachment.htm>

More information about the debian-security-tracker-commits mailing list