[Git][security-tracker-team/security-tracker][master] imagemagick DSA

Sun Jun 21 14:59:08 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c5327476 by Moritz Mühlenhoff at 2026-06-21T15:58:49+02:00
imagemagick DSA

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2675,6 +2675,7 @@ CVE-2026-36849 [Denial of Service via large SamplesPerPixel tag]
 	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eedba405d3695b52faae65994c5904f228eca0bf
 CVE-2026-XXXX [default policy.xml HTTP/HTTPS/URL delegate rules are no-ops]
 	- imagemagick 8:7.1.2.25+dfsg1-2 (bug #1140176)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u10
 CVE-2026-9507 (A session fixation vulnerability has been identified in osTicket v1.18 ...)
 	- osticket <itp> (bug #998157)
 CVE-2026-9307 (A sensitive information disclosure security issue exists within the af ...)
@@ -286602,7 +286603,7 @@ CVE-2024-27005 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/de1bf25b6d771abdb52d43546cf57ad775fb68a1 (6.9-rc5)
 CVE-2024-27004 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	{DSA-5681-1 DSA-5680-1 DLA-3842-1}
-	- linux 6.8.9-1
+	- hinux 6.8.9-1
 	NOTE: https://git.kernel.org/linus/e581cf5d216289ef292d1a4036d53ce90e122469 (6.9-rc5)
 CVE-2024-27003 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	{DSA-5680-1}


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jun 2026] DSA-6356-1 imagemagick - security update
+	{CVE-2026-48724 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218 CVE-2026-49219 CVE-2026-53460 CVE-2026-53461 CVE-2026-53463 CVE-2026-53464}
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u10
 [21 Jun 2026] DSA-6355-1 linux - security update
 	{CVE-2025-22069 CVE-2025-68251 CVE-2025-68768 CVE-2025-71289 CVE-2026-23247 CVE-2026-23272 CVE-2026-23346 CVE-2026-23394 CVE-2026-23469 CVE-2026-31420 CVE-2026-31486 CVE-2026-31560 CVE-2026-31613 CVE-2026-31663 CVE-2026-31717 CVE-2026-43116 CVE-2026-43219 CVE-2026-43245 CVE-2026-43303 CVE-2026-43331 CVE-2026-45838 CVE-2026-45839 CVE-2026-45840 CVE-2026-45841 CVE-2026-45842 CVE-2026-45843 CVE-2026-45844 CVE-2026-45845 CVE-2026-45846 CVE-2026-45850 CVE-2026-45930 CVE-2026-46117 CVE-2026-46137 CVE-2026-46158 CVE-2026-46160 CVE-2026-46170 CVE-2026-46203 CVE-2026-46216 CVE-2026-46244 CVE-2026-46274 CVE-2026-46275 CVE-2026-46315 CVE-2026-46316 CVE-2026-46319 CVE-2026-46320 CVE-2026-46321 CVE-2026-46322 CVE-2026-46323 CVE-2026-46331 CVE-2026-52908 CVE-2026-52909 CVE-2026-52910 CVE-2026-52911}
 	[trixie] - linux 6.12.94-1


=====================================
data/dsa-needed.txt
=====================================
@@ -40,9 +40,6 @@ gst-plugins-bad1.0
 --
 gst-plugins-good1.0 (jmm)
 --
-imagemagick
-  Bastien Roucaries will prepare updates
---
 jetty9
 --
 jetty12



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5327476b8e3f7009fa58c8f918689030cef4498

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c5327476b8e3f7009fa58c8f918689030cef4498
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260621/7e5b1acb/attachment-0001.htm>
