[Git][security-tracker-team/security-tracker][master] Add some more imagemagick issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 10 16:11:42 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6b2f4d7c by Salvatore Bonaccorso at 2026-03-10T17:10:04+01:00
Add some more imagemagick issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,15 +153,21 @@ CVE-2026-28687 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by; https://github.com/ImageMagick/ImageMagick6/commit/0e328007d2eeefb9ae24bc3f4442b1a2469d772e (6.9.13-39)
 	TODO: check, possibly missing followup, as claimed to be fixed in 7.1.2-16 and 6.9.13-41
 CVE-2026-28686 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d622bd6023310d57cec1e8f265095a1979210371 (7.1.2-16)
 CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
 	TODO: check
 CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
 	TODO: check
 CVE-2026-28494 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a3f2f8680fa01cbce731191789322419efb5954a (7.1.2-16)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/f6cd30e0493635eb0b8a4e3dd93c1ac14a35a7e9 (6.9.13-41)
 CVE-2026-28493 (ImageMagick is free and open-source software used for editing and mani ...)
-	TODO: check
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
 CVE-2026-28433 (Misskey is an open source, federated social media platform. All Misske ...)
 	TODO: check
 CVE-2026-28432 (Misskey is an open source, federated social media platform. All Misske ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2f4d7c15ea7a1601a45e2484698f57cc87205f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b2f4d7c15ea7a1601a45e2484698f57cc87205f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260310/54bb1192/attachment.htm>

More information about the debian-security-tracker-commits mailing list