Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f501641f by Moritz Muehlenhoff at 2025-05-26T19:38:26+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67876,7 +67876,8 @@ CVE-2024-10011 (The BuddyPress plugin for WordPress is
vulnerable to Directory T
NOT-FOR-US: WordPress plugin
CVE-2024-48426 (A segmentation fault (SEGV) was detected in the
SortByPTypeProcess::Ex ...)
- assimp <unfixed> (bug #1086043)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5789
CVE-2024-48425 (A segmentation fault (SEGV) was detected in the
Assimp::SplitLargeMesh ...)
@@ -67888,11 +67889,13 @@ CVE-2024-48425 (A segmentation fault (SEGV) was
detected in the Assimp::SplitLar
NOTE: https://github.com/assimp/assimp/pull/5799
CVE-2024-48424 (A heap-buffer-overflow vulnerability has been identified in
the OpenDD ...)
- assimp <unfixed> (bug #1086045)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5787
CVE-2024-48423 (An issue in assimp v.5.4.3 allows a local attacker to execute
arbitrar ...)
- assimp <unfixed> (bug #1086046)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5788
@@ -75850,6 +75853,7 @@ CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0
and 9.5.x <= 9.5.8 fail to
- mattermost-server <itp> (bug #823556)
CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the
MD5Importer::Lo ...)
- assimp <unfixed> (bug #1082857)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/5771
@@ -245063,7 +245067,8 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered
to contain a heap-buffer o
NOTE:
https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was
discovered to co ...)
- assimp <unfixed> (bug #1021018)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <no-dsa> (Minor issue)
[buster] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/4662
@@ -399135,6 +399140,7 @@ CVE-2020-18972 (Exposure of Sensitive Information to
an Unauthorized Actor in Po
NOTE: Negligible security impact
CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers
to cause ...)
- libpodofo <unfixed> (bug #1014858)
+ [trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
@@ -471449,6 +471455,7 @@ CVE-2019-12215 (A full path disclosure vulnerability
was discovered in Matomo v3
NOTE: https://github.com/matomo-org/matomo/issues/14464
CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of
mishand ...)
- freeimage <unfixed> (bug #947478)
+ [trixie] - freeimage <postponed> (Revisit when upstream fixes are
available)
[bookworm] - freeimage <postponed> (Revisit when upstream fixes are
available)
[bullseye] - freeimage <postponed> (Revisit when upstream fixes are
available)
[buster] - freeimage <postponed> (Revisit when upstream fixes are
available)
@@ -471467,6 +471474,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special
TIFF file, the TIFFReadDir
NOTE: https://sourceforge.net/p/freeimage/svn/1825/
CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the
StreamCalcIFDSize ...)
- freeimage <unfixed> (bug #947477)
+ [trixie] - freeimage <postponed> (Revisit when upstream fixes are
available)
[bookworm] - freeimage <postponed> (Revisit when upstream fixes are
available)
[bullseye] - freeimage <postponed> (Revisit when upstream fixes are
available)
[buster] - freeimage <postponed> (Revisit when upstream fixes are
available)
@@ -536994,6 +537002,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to
2.6.1, is susceptible to a direc
NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in
PdfPar ...)
- libpodofo <unfixed> (low; bug #892557)
+ [trixie] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - libpodofo <no-dsa> (Minor issue)
[buster] - libpodofo <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f501641ff59214f6e21d89def0dee2d53277eb82
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f501641ff59214f6e21d89def0dee2d53277eb82
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
