[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-2849/upx-ucl: bullseye postponed

Wed, 09 Apr 2025 06:51:59 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c521fb7 by Sylvain Beucler at 2025-04-09T15:36:02+02:00
CVE-2025-2849/upx-ucl: bullseye postponed

- - - - -
bae5431b by Sylvain Beucler at 2025-04-09T15:51:23+02:00
dla: add curl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5122,6 +5122,7 @@ CVE-2025-2852 (A vulnerability has been found in 
SourceCodester Food Ordering Ma
        NOT-FOR-US: SourceCodester
 CVE-2025-2849 (A vulnerability, which was classified as problematic, was found 
in UPX ...)
        - upx-ucl <unfixed> (bug #1101500)
+       [bullseye] - upx-ucl <postponed> (Minor issue, local DoS)
        NOTE: https://github.com/upx/upx/issues/898
        NOTE: 
https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2
 CVE-2025-2847 (A vulnerability, which was classified as critical, has been 
found in C ...)


=====================================
data/dla-needed.txt
=====================================
@@ -44,6 +44,10 @@ ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
 --
+curl
+  NOTE: 20250409: Added by Front-Desk (Beuc)
+  NOTE: 20250409: Follow fixes from bookworm 12.10 (CVE-2024-11053)
+--
 dcmtk
   NOTE: 20250220: Added by Front-Desk (Beuc)
   NOTE: 20250220: Previous DLA introduced another regression, this is 
CVE-2024-47796.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e00f04860cb210a38b393b9817e99c1c0948aa56...bae5431b7b4d419a62f1d2fc33850f3536320e1e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e00f04860cb210a38b393b9817e99c1c0948aa56...bae5431b7b4d419a62f1d2fc33850f3536320e1e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to