[Git][security-tracker-team/security-tracker][master] new imagemagick issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b24f78bd by Moritz Muehlenhoff at 2026-05-21T13:48:23+02:00
new imagemagick issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,28 @@
+CVE-2026-46523
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5r4x-w6p5-222q
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4d92249c84536a20e9723376ec016b4950dcb454 (7.1.2-23)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5ad5fdcc45871bdeeca414a883acb880532accce (6.9.13-48)
+CVE-2026-46559
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-533m-3wf6-c33v
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ff2f155f2874737380a80195c5849a2f06cb6ff7 (7.1.2-23)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7d68aec1d02aaaeb513a1778e9702fa0d9ba9dcd (6.9.13-48)
+CVE-2026-46557
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rcr6-g7jc-f57g
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/06fb1aa7589f4eec363b33c2bbda5986a92bb259 (7.1.2-23)
+	NOTE: Fix for IM6 seems missing
+CVE-2026-47166
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6gxq-f64p-5w6f
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70 (7.1.2-23)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/2ca87784a434899067b8408e5f8a7f0165a8f884 (6.9.13-48)
+CVE-2026-47165
+	- imagemagick <unfixed>
+	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2rgj-gx5x-f62w
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bb79e91155127dd6c3c18a01c8761e9c2ea82d70 (7.1.2-23)
+	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/2ca87784a434899067b8408e5f8a7f0165a8f884 (6.9.13-48)
 CVE-2026-43494 [net/rds: reset op_nents when zerocopy page pin fails]
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/e174929793195e0cd6a4adb0cad731b39f9019b4 (7.1-rc4)


=====================================
data/dsa-needed.txt
=====================================
@@ -42,6 +42,8 @@ gh/oldstable
 --
 haproxy (carnil)
 --
+imagemagick
+--
 isc-kea/oldstable
 --
 jackson-core (apo)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24f78bd0cfd594a1493743cb4957e467263826d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b24f78bd0cfd594a1493743cb4957e467263826d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260521/843a9ec5/attachment-0001.htm>