Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3698b66d by Moritz Muehlenhoff at 2025-07-16T08:56:47+02:00
two gnuplot issues fixed in sid
- - - - -
c69ab565 by Moritz Muehlenhoff at 2025-07-16T08:56:49+02:00
more gnuplot fixes
- - - - -
009d2d50 by Moritz Muehlenhoff at 2025-07-16T08:56:51+02:00
gnuplot commit references
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31107,6 +31107,8 @@ CVE-2025-3360 (A flaw was found in GLib. An integer
overflow and buffer under-re
CVE-2025-3359 (A flaw was found in GNUPlot. A segmentation fault via
IO_str_init_stat ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2357749
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2781/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-3353 (A vulnerability was found in PHPGurukul Men Salon Management
System 1. ...)
@@ -34692,6 +34694,8 @@ CVE-2025-21893 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2025-31177 (gnuplot is affected by a heap buffer overflow at function
utf8_copy_on ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355342
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2756/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-3019 (KNIME Business Hub is affected by several cross-site scripting
vulnera ...)
@@ -35272,26 +35276,36 @@ CVE-2024-56325 (Authentication Bypass Issue If the
path does not contain / and
CVE-2025-31181 (A flaw was found in gnuplot. The X11_graphics() function may
lead to a ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355338
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2753/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-31180 (A flaw was found in gnuplot. The CANVAS_text() function may
lead to a ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355339
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2755/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-31179 (A flaw was found in gnuplot. The xstrftime() function may lead
to a se ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355340
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2779/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-31178 (A flaw was found in gnuplot. The GetAnnotateString() function
may lead ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355341
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2754/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b78cc829a18e9436daaa859c96f3970157f3171e/
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-31176 (A flaw was found in gnuplot. The plot3d_points() function may
lead to ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355343
+ NOTE: https://sourceforge.net/p/gnuplot/bugs/2776/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2025-31141 (In JetBrains TeamCity before 2025.03 exception could lead to
credentia ...)
@@ -400049,8 +400063,9 @@ CVE-2020-25561 (SapphireIMS 5 utilized default
sapphire:ims credentials to conne
CVE-2020-25560 (In SapphireIMS 5.0, it is possible to use the hardcoded
credential in ...)
NOT-FOR-US: SapphireIMS
CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing
print_set_output ...)
- - gnuplot <unfixed> (unimportant)
+ - gnuplot 6.0.0+dfsg1-1 (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/052cbd17c3cbbc602ee080b2617d32a8417d7563/
(5.5)
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2020-25558
@@ -400355,8 +400370,9 @@ CVE-2020-25414 (A local file inclusion vulnerability
was discovered in the captc
CVE-2020-25413
RESERVED
CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an
out-of-bounds-write ...)
- - gnuplot <unfixed> (unimportant)
+ - gnuplot 6.0.0+dfsg1-1 (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a31c3b70d8d4f887f906afe35accbc9a59ebcd37
(5.5)
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to
NOTE: come from a trusted source, see README.Debian.security (added in
5.2.6).
CVE-2020-25411 (Projectworlds Online Examination System 1.0 is vulnerable to
CSRF, whi ...)
@@ -521417,27 +521433,27 @@ CVE-2018-19493 (An issue was discovered in GitLab
Community and Enterprise Editi
NOTE:
https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This
issue allo ...)
{DLA-1597-1 DLA-1595-1}
- - gnuplot <unfixed> (unimportant)
+ - gnuplot 5.4.0+dfsg1-1 (unimportant)
- gnuplot5 <removed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2089/
- NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
(5.4.rc1)
NOTE: No security impact, neutralised by toolchain hardening
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to come from a trusted source,
NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This
issue allow ...)
{DLA-1597-1 DLA-1595-1}
- - gnuplot <unfixed> (unimportant)
+ - gnuplot 5.4.0+dfsg1-1 (unimportant)
- gnuplot5 <removed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
- NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
(5.4.rc1)
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to come from a trusted source,
NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This
issue all ...)
{DLA-1597-1 DLA-1595-1}
- - gnuplot <unfixed> (unimportant)
+ - gnuplot 5.4.0+dfsg1-1 (unimportant)
- gnuplot5 <removed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
- NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
+ NOTE:
https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
(5.4.rc1)
NOTE: No security impact, gnuplot can execute arbitrary commands and
need to come from a trusted source,
NOTE: see README.Debian.security (added in 5.2.6)
CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to
cause a de ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ef69a6894ba09842c05a13b18d83b55843f848...009d2d506749fa4d4da3df50ee232b5f180f7ef8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ef69a6894ba09842c05a13b18d83b55843f848...009d2d506749fa4d4da3df50ee232b5f180f7ef8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
