[Git][security-tracker-team/security-tracker][master] openjdk-25, imagemagick DSAs

Sun May 3 15:50:18 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2fa2617 by Moritz Mühlenhoff at 2026-05-03T16:49:45+02:00
openjdk-25, imagemagick DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -35756,7 +35756,6 @@ CVE-2026-25982 (ImageMagick is free and open-source software used for editing an
 CVE-2026-25971 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DSA-6158-1 DLA-4539-1}
 	- imagemagick 8:7.1.2.15+dfsg1-1
-	[bookworm] - imagemagick <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8mpr-6xr2-chhc
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9313e530b37272b748898febd42b5949756f0179 (7.1.2-14)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/9795300c611926fc895dd4e02a34ce185d8ed651 (6.9.13-39)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[03 May 2026] DSA-6246-1 openjdk-25 - security update
+	{CVE-2026-22007 CVE-2026-22008 CVE-2026-22013 CVE-2026-22016 CVE-2026-22018 CVE-2026-22021 CVE-2026-34268 CVE-2026-34282}
+	[trixie] - openjdk-25 25.0.3+9-2~deb13u1
+[03 May 2026] DSA-6245-1 imagemagick - security update
+	{CVE-2026-25971 CVE-2026-33899 CVE-2026-33900 CVE-2026-33901 CVE-2026-33905 CVE-2026-33908 CVE-2026-34238 CVE-2026-40310 CVE-2026-40311}
+	[bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u9
 [02 May 2026] DSA-6244-1 incus - security update
 	{CVE-2026-40195 CVE-2026-40197 CVE-2026-40243 CVE-2026-40251 CVE-2026-41647 CVE-2026-41648 CVE-2026-41684 CVE-2026-41685}
 	[trixie] - incus 6.0.4-2+deb13u7


=====================================
data/dsa-needed.txt
=====================================
@@ -66,8 +66,6 @@ nghttp2
 --
 nodejs/oldstable (jmm)
 --
-openjdk-25/stable (jmm)
---
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2fa26171f84218fff8ba14a15b68fe69bdcb682

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2fa26171f84218fff8ba14a15b68fe69bdcb682
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260503/782450d5/attachment-0001.htm>
