Update status for CVE-2025-27796/graphicsmagick (!210) · Merge requests · Debian Security Tracker / security-tracker

Carlos Henrique Lima Melara requested to merge charles/security-tracker:graphicsmagick/CVE-2025-27796 into master Apr 01, 2025

Upstream was contacted and clarified which commit introduced the vulnerability (a2be6a9) and also which version was first affected (1.3.43).

I opened a MR since I'm touching data from the current stable version (security team's area) and sneaked the lts status update too (if you prefer 2 different commits, let me know). Please let me know if this workflow is ok for you or if you prefer a different one. @santiago was actually who suggested to contact upstream because the vulnerability wasn't obvious and the issue on upstream's issue tracker wasn't public, it worked (thanks!).

Edited Apr 06, 2025 by Carlos Henrique Lima Melara

Update status for CVE-2025-27796/graphicsmagick

Merge request reports