[Git][security-tracker-team/security-tracker][master] imagemagick/twig DSAs

Fri May 29 19:33:14 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a89d95d by Moritz Mühlenhoff at 2026-05-29T20:31:38+02:00
imagemagick/twig DSAs

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -6319,7 +6319,6 @@ CVE-2026-46627
 	NOTE: Upstream change only clarifies the documentation
 CVE-2026-46635
 	- php-twig 3.26.0-1
-	[trixie] - php-twig <no-dsa> (Minor issue)
 	[bookworm] - php-twig <no-dsa> (Minor issue)
 	NOTE: https://symfony.com/blog/cve-2026-46635-sandbox-property-allowlist-bypass-via-the-column-filter-array-column-on-objects
 	NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-vcc8-phrv-43wj
@@ -18628,7 +18627,6 @@ CVE-2025-12993
 CVE-2026-42050 (ImageMagick is free and open-source software used for editing and mani ...)
 	{DSA-6298-1}
 	- imagemagick 8:7.1.2.21+dfsg1-1
-	[bookworm] - imagemagick <postponed> (Minor issue, fix along with future update)
 	[bullseye] - imagemagick <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7mxf-ff4f-jj7p
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/25980041f145afc621233a1c050291231b627c48 (7.1.2-20)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[29 May 2026] DSA-6311-1 php-twig - security update
+	{CVE-2026-24425 CVE-2026-46627 CVE-2026-46628 CVE-2026-46629 CVE-2026-46633 CVE-2026-46634 CVE-2026-46635 CVE-2026-46636 CVE-2026-46637 CVE-2026-46638 CVE-2026-46640 CVE-2026-47730 CVE-2026-47732 CVE-2026-48805}
+	[trixie] - php-twig 3.27.0-0+deb13u1
+[29 May 2026] DSA-6310-1 imagemagick - security update
+	{CVE-2026-42050 CVE-2026-42326 CVE-2026-45031 CVE-2026-45359 CVE-2026-45624 CVE-2026-45664 CVE-2026-46520 CVE-2026-46521 CVE-2026-46522 CVE-2026-46523 CVE-2026-46559 CVE-2026-46692 CVE-2026-46693 CVE-2026-47165 CVE-2026-47166}
+	[bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u10
 [29 May 2026] DSA-6309-1 exim4 - security update
 	{CVE-2026-48840}
 	[bookworm] - exim4 4.96-15+deb12u10


=====================================
data/dsa-needed.txt
=====================================
@@ -46,8 +46,6 @@ gh/oldstable
 --
 gst-plugins-good1.0 (jmm)
 --
-imagemagick/oldstable (jmm)
---
 inkscape/oldstable
 --
 isc-kea/oldstable
@@ -89,8 +87,7 @@ perl (carnil)
 --
 php-laravel-framework/oldstable
 --
-php-twig
-  Maintainer will prepare updates
+php-twig/oldstable (jmm)
 --
 prometheus
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a89d95dcdc3c213b419014b79d3996605e1ce85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a89d95dcdc3c213b419014b79d3996605e1ce85
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/5eaf0653/attachment-0001.htm>
