Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e1d0d2b by Moritz Muehlenhoff at 2025-02-27T22:28:08+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4892,8 +4892,9 @@ CVE-2025-23020 (An issue was discovered in Kwik before
0.10.1. A hash collision
CVE-2025-21355 (Missing Authentication for Critical Function in Microsoft Bing
allows ...)
NOT-FOR-US: Microsoft
CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0
to 4.4.3 ...)
- - wireshark 4.4.4-1
+ - wireshark 4.4.4-1 (unimportant)
[bullseye] - wireshark <not-affected> (Vulnerable dissector not present)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-01.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
NOTE: CBOR Object Signing and Encryption (COSE) dissector introduced in
3.6.0rc0
@@ -5132,8 +5133,8 @@ CVE-2025-25468 (FFmpeg git-master before commit d5873b
was discovered to contain
NOTE: https://trac.ffmpeg.org/ticket/11415
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd
CVE-2025-25467 (Insufficient tracking and releasing of allocated used memory
in libx26 ...)
- - x264 <unfixed>
- [bullseye] - x264 <postponed> (Reevaluate once issue fixed upstream)
+ - x264 <unfixed> (unimportant)
+ NOTE: Negligible security impact, usually only used for short-lived
processes
NOTE: https://code.videolan.org/videolan/x264/-/issues/75
CVE-2025-25054 (Movable Type contains a reflected cross-site scripting
vulnerability i ...)
- movabletype-opensource <removed>
@@ -5141,6 +5142,7 @@ CVE-2025-24841 (Movable Type contains a stored cross-site
scripting vulnerabilit
- movabletype-opensource <removed>
CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to
contain a seg ...)
- ffmpeg <unfixed>
+ [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57q
CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit
4bf784c a ...)
@@ -22853,6 +22855,7 @@ CVE-2024-53144 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc2)
CVE-2025-1713 [deadlock potential with VT-d and legacy PCI device pass-through]
- xen <unfixed>
+ [bookworm] - xen <postponed> (Minor issue, can be fixed along with next
update)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
NOTE: https://xenbits.xen.org/xsa/advisory-467.html
CVE-2024-53241 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
@@ -218187,6 +218190,7 @@ CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n
2.6.13 routers are vulnerable t
NOT-FOR-US: SmartRG
CVE-2022-37660 (In hostapd 2.10 and earlier, the PKEX code remains active even
after a ...)
- wpa <unfixed>
+ [bookworm] - wpa <no-dsa> (Minor issue)
NOTE: https://link.springer.com/article/10.1007/s10207-025-00988-3
NOTE: Fixed by:
https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4
(hostap_2_11)
CVE-2022-37659
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e1d0d2bfd3d4cfe1755fdbc6bac72116389e8d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e1d0d2bfd3d4cfe1755fdbc6bac72116389e8d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
