[Git][security-tracker-team/security-tracker][master] Track fixed version for various imagemagick issues fixed via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 11 04:46:55 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8591b2f1 by Salvatore Bonaccorso at 2026-03-11T05:46:24+01:00
Track fixed version for various imagemagick issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -543,29 +543,29 @@ CVE-2026-31802 (node-tar is a full-featured Tar for Node.js. Prior to version 7.
NOTE: https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e
NOTE: https://github.com/isaacs/node-tar/commit/e9a1ddb821b29ddee75b9470dd511066148c8070
CVE-2026-30937 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpg4-j99f-8xcg
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/134f1c17d5dafc565182f9b00304fc08cfa3184e (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/42e5a37eeb60ca4fdede5060c0aa60802c2dc701 (6.9.13-41)
CVE-2026-30936 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5ggv-92r5-cp4p
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ffbbd7201e0ba08707849c0053aa703e076bf86e (7.1.2-16)
NOTE: IM6 appears to be unfixed
CVE-2026-30935 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
[bookworm] - imagemagick <not-affected> (BilateralBlurImage introduced in IM7)
[bullseye] - imagemagick <not-affected> (BilateralBlurImage introduced in IM7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cqw9-w2m7-r2m2
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ed448e879285db99d2c1207393822713acb510f2 (7.1.2-16)
CVE-2026-30931 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
[bookworm] - imagemagick <not-affected> (UHDR support introduced in IM7)
[bullseye] - imagemagick <not-affected> (UHDR support introduced in IM7)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h95r-c8c7-mrwx
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/7fe4dbabe5d50057513d5d16eb9cbfa0734b4848 (7.1.2-16)
CVE-2026-30929 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rqq8-jh93-f4vg
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/adf831c442b7dc37da04d73331aba26e388eeb9a (7.1.2-16)
CVE-2026-30927 (Admidio is an open-source user management solution. Prior to 5.0.6, in ...)
@@ -593,7 +593,7 @@ CVE-2026-30887 (OneUptime is a solution for monitoring and managing online servi
CVE-2026-30885 (WWBN AVideo is an open source video platform. Prior to 25.0, the /obje ...)
NOT-FOR-US: WWBN AVideo
CVE-2026-30883 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qmw5-2p58-xvrc
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5897fb65d173a57729026321d5067c9ddca5c56f (7.1.2-16)
CVE-2026-30870 (PowerSync Service is the server-side component of the PowerSync sync e ...)
@@ -609,46 +609,46 @@ CVE-2026-2364 (If a legitimate user confirms a self-update prompt or initiate an
CVE-2026-29773 (Kubewarden is a policy engine for Kubernetes. Kubewarden cluster opera ...)
NOT-FOR-US: Kubewarden
CVE-2026-28693 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hffp-q43q-qq76
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/33375f93a866830bbaf72f86314fbc3014b9e4c4 (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/50a0c0d7ebbac39d9eef9d1ef13262861945451c (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c54e9b365118972f939b0efcdd5087e106eb8945 (6.9.13-41)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/b13562f805d36de13c7c66c5fca6a6505495aae1 (6.9.13-41)
CVE-2026-28692 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mrmj-x24c-wwcv
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/cb6cc0611baa4dac59add6439fa1d8af33fc5927 (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28691 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wj8w-pjxf-9g4f
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/87f619bcd066a3c8e8fae4addb99f15d496ae881 (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28690 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7h7q-j33q-hvpf
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e6e874875e48dd9838acca3bd22c14a4d2f1b3ca (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/6a602fb36f181a0089848344a3b0d79fc6155a2b (6.9.13-41) (jumbo security patch for multiple issues)
CVE-2026-28689 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-493f-jh8w-qhx3
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3eb11260cfe84fddbdcb8d2ed47f92703d1b2987 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/753ffb699934331b31028d4e271f2f6d6db85074 (7.1.2-16)
CVE-2026-28688 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xxw5-m53x-j38c
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/40cfaa7b38729eb6a2808c9b94d6baa2fae6219b (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e2d5b4ff0fb6abf2370af4b3dc483934b4dd63ff (7.1.2-14)
TODO: check if fixes in 7.1.2-14 are yet incomplte because claimed to be fixed in 7.1.2-16
CVE-2026-28687 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fpvf-frm6-625q
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3392b4bba6ce076f4d88f5653a42d97b7e4f6970 (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0e328007d2eeefb9ae24bc3f4442b1a2469d772e (6.9.13-39)
TODO: check, possibly missing followup, as claimed to be fixed in 7.1.2-16 and 6.9.13-41
CVE-2026-28686 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-467j-76j7-5885
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d622bd6023310d57cec1e8f265095a1979210371 (7.1.2-16)
CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
@@ -656,12 +656,12 @@ CVE-2026-28513 (Pocket ID is an OIDC provider that allows users to authenticate
CVE-2026-28512 (Pocket ID is an OIDC provider that allows users to authenticate with t ...)
NOT-FOR-US: Pocket ID OIDC provider
CVE-2026-28494 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-932h-jw47-73jm
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a3f2f8680fa01cbce731191789322419efb5954a (7.1.2-16)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/f6cd30e0493635eb0b8a4e3dd93c1ac14a35a7e9 (6.9.13-41)
CVE-2026-28493 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick 8:7.1.2.16+dfsg1-1
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r39q-jr8h-gcq2
CVE-2026-28433 (Misskey is an open source, federated social media platform. All Misske ...)
NOT-FOR-US: Misskey
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8591b2f13096ba53147630588718011958c64846
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8591b2f13096ba53147630588718011958c64846
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/608a298d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list