[Git][security-tracker-team/security-tracker][master] CVE-2026-25966
Bastien Roucariès (@rouca)
rouca at debian.org
Mon Mar 16 00:38:28 GMT 2026
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02423526 by Bastien Roucariès at 2026-03-16T01:37:29+01:00
CVE-2026-25966
Document that bookworm and bullseye not affected
This is policy bug for hardened policy, these policies are not shipped before
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8471,9 +8471,13 @@ CVE-2026-25967 (ImageMagick is free and open-source software used for editing an
CVE-2026-25966 (ImageMagick is free and open-source software used for editing and mani ...)
{DSA-6158-1}
- imagemagick 8:7.1.2.15+dfsg1-1
+ [bookworm] - imagemagick <not-affected> (vulnerable code introduced later)
+ [bullseye] - imagemagick <not-affected> (vulnerable code introduced later)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xwc6-v6g8-pw2h
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8d4c67a90ae458fb36393a05c0069e9123ac174c (7.1.2-14)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/2c2f87de5330cd895fab9ea6228577b30acd1c7a (6.9.13-39)
+ NOTE: Policy introduced by https://github.com/ImageMagick/ImageMagick6/commit/ba3905764b8f995706dcea915ea587fb79dbd490 (6.9.12-94)
+ NOTE: Only one default policy before 6.9.12-94
CVE-2026-25965 (ImageMagick is free and open-source software used for editing and mani ...)
{DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0242352654ad44afa4500bac597e4120a856f5a7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0242352654ad44afa4500bac597e4120a856f5a7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/e304afde/attachment.htm>
More information about the debian-security-tracker-commits
mailing list