[Git][security-tracker-team/security-tracker][master] aiohttp, imagemagick DSAs

Fri May 1 16:21:19 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0ce2f92 by Moritz Mühlenhoff at 2026-05-01T17:20:47+02:00
aiohttp, imagemagick DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18417,14 +18417,12 @@ CVE-2026-33631 (ClearanceKit intercepts file-system access events on macOS and e
 CVE-2026-33536 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DSA-6210-1 DLA-4539-1}
 	- imagemagick 8:7.1.2.18+dfsg1-1
-	[trixie] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8793-7xv6-82cf
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ee4468a8ab0635fcaa9c561e583c56ada3b1b721 (7.1.2-18)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/3ed2120f70ee9ff0c6cac2375e5821c52c381b4c (6.9.13-43)
 CVE-2026-33535 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DSA-6210-1 DLA-4539-1}
 	- imagemagick 8:7.1.2.18+dfsg1-1
-	[trixie] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mw3m-pqr2-qv7c
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d3af057fb9d3666762ca3731c2360f544f607f88 (7.1.2-18)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/3bdfa6a73a6c0ba5f2d0986cd2a1892c37f796f3 (6.9.13-43)
@@ -24014,7 +24012,6 @@ CVE-2026-32638 (StudioCMS is a server-side-rendered, Astro native, headless cont
 CVE-2026-32636 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DSA-6210-1 DLA-4539-1}
 	- imagemagick 8:7.1.2.18+dfsg1-1
-	[trixie] - imagemagick <no-dsa> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gc62-2v5p-qpmp
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/361b42c91d173cfb4bd8f39898c599feef6a1e55 (7.1.2-17)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/a04a9a514c70c9533ccb9f6ff80102a1b9a6445b (6.9.13-42)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[01 May 2026] DSA-6241-1 python-aiohttp - security update
+	{CVE-2025-69223 CVE-2025-69224 CVE-2025-69225 CVE-2025-69226 CVE-2025-69227 CVE-2025-69228 CVE-2025-69229}
+	[trixie] - python-aiohttp 3.11.16-1+deb13u1
+[01 May 2026] DSA-6240-1 imagemagick - security update
+	{CVE-2026-32636 CVE-2026-33535 CVE-2026-33536 CVE-2026-33899 CVE-2026-33900 CVE-2026-33901 CVE-2026-33902 CVE-2026-33905 CVE-2026-33908 CVE-2026-34238 CVE-2026-40169 CVE-2026-40183 CVE-2026-40310 CVE-2026-40311 CVE-2026-40312}
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u8
 [01 May 2026] DSA-6197-3 dovecot - regression update
 	[bookworm] - dovecot 1:2.3.19.1+dfsg1-2.1+deb12u4
 [01 May 2026] DSA-6239-1 chromium - security update


=====================================
data/dsa-needed.txt
=====================================
@@ -35,8 +35,6 @@ git-lfs/oldstable
 --
 gnutls28
 --
-imagemagick (jmm)
---
 incus/stable (jmm)
 --
 isc-kea/oldstable
@@ -83,7 +81,7 @@ php-laravel-framework/oldstable
 pyjwt
   Jochen Sprickerhof posted debdiffs for review
 --
-python-aiohttp
+python-aiohttp/oldstable
 --
 redis
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0ce2f9254c6f044f67adcf94f5cea52ab90dc86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0ce2f9254c6f044f67adcf94f5cea52ab90dc86
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/8acf1e0a/attachment-0001.htm>
