Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1f608341 by Moritz Muehlenhoff at 2025-08-29T09:30:40+02:00
various assimp issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -42329,13 +42329,13 @@ CVE-2025-3549 (A vulnerability, which was classified
as critical, was found in O
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6070
CVE-2025-3548 (A vulnerability, which was classified as critical, has been
found in O ...)
- - assimp <unfixed> (bug #1103443)
+ - assimp 6.0.2+ds-1 (bug #1103443)
[trixie] - assimp <no-dsa> (Minor issue)
[bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6068
NOTE: https://github.com/assimp/assimp/pull/6073
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a
(v6.0.0)
CVE-2025-3547 (A vulnerability classified as critical was found in frdel
Agent-Zero 0 ...)
NOT-FOR-US: frdel Agent-Zero
CVE-2025-3546 (A vulnerability was found in H3C Magic NX15, Magic NX30 Pro,
Magic NX4 ...)
@@ -45100,11 +45100,12 @@ CVE-2025-3198 (A vulnerability has been found in GNU
Binutils 2.43/2.44 and clas
CVE-2025-3197 (Versions of the package expand-object from 0.0.0 are vulnerable
to Pro ...)
NOT-FOR-US: expand-object Nodejs module
CVE-2025-3196 (A vulnerability, which was classified as critical, was found in
Open A ...)
- - assimp <unfixed> (bug #1102207)
+ - assimp 6.0.2+ds-1 (bug #1102207)
[trixie] - assimp <no-dsa> (Minor issue)
[bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <postponed> (Minor issue, no upstream patch)
NOTE: https://github.com/assimp/assimp/issues/6069
+ NOTE:
https://github.com/assimp/assimp/commit/7eb6b0c3dbc2ee59b58c98f43e5ac438cc7f6883
(v6.0.0)
CVE-2025-3195 (A vulnerability, which was classified as critical, has been
found in i ...)
NOT-FOR-US: itsourcecode System
CVE-2025-3194 (Versions of the package bigint-buffer from 0.0.0 are vulnerable
to Buf ...)
@@ -45242,27 +45243,28 @@ CVE-2025-3162 (A vulnerability was found in InternLM
LMDeploy up to 0.7.1. It ha
CVE-2025-3161 (A vulnerability was found in Tenda AC10 16.03.10.13 and
classified as ...)
NOT-FOR-US: Tenda
CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library
Assimp 5.4 ...)
- - assimp <unfixed> (bug #1102206)
+ - assimp 6.0.2+ds-1 (bug #1102206)
[trixie] - assimp <no-dsa> (Minor issue)
[bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <postponed> (Minor issue, DoS)
NOTE: https://github.com/assimp/assimp/issues/6025
NOTE: https://github.com/assimp/assimp/pull/6049
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/4b8f55cc0008af43a8a50b91f0134e2f4e80142e
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/4b8f55cc0008af43a8a50b91f0134e2f4e80142e
(v6.0.0)
CVE-2025-3159 (A vulnerability, which was classified as critical, was found in
Open A ...)
- - assimp <unfixed> (bug #1102205)
+ - assimp 6.0.2+ds-1 (bug #1102205)
[trixie] - assimp <no-dsa> (Minor issue)
[bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <postponed> (Minor issue, OOB read)
NOTE: https://github.com/assimp/assimp/issues/6024
NOTE: https://github.com/assimp/assimp/pull/6051
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b
(v6.0.0)
CVE-2025-3158 (A vulnerability, which was classified as critical, has been
found in O ...)
- - assimp <unfixed> (bug #1102204)
+ - assimp 6.0.2+ds-1 (bug #1102204)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, OOB read)
NOTE: https://github.com/assimp/assimp/issues/6023
+ NOTE:
https://github.com/assimp/assimp/commit/357b5baabbd0af01cbe712c6506ee1d06d2da8de
(v6.0.2)
CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01.
It has ...)
NOT-FOR-US: Intelbras WRN
CVE-2025-3155 (A flaw was found in Yelp. The Gnome user help application
allows the h ...)
@@ -46939,7 +46941,7 @@ CVE-2025-3018 (A vulnerability, which was classified as
critical, was found in S
CVE-2025-3017 (A vulnerability, which was classified as critical, has been
found in T ...)
NOT-FOR-US: TA-Lib
CVE-2025-3016 (A vulnerability classified as problematic was found in Open
Asset Impo ...)
- - assimp <unfixed> (bug #1102235)
+ - assimp 6.0.2+ds-1 (bug #1102235)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, OOM DoS)
@@ -46947,13 +46949,13 @@ CVE-2025-3016 (A vulnerability classified as
problematic was found in Open Asset
NOTE: https://github.com/assimp/assimp/pull/6046
NOTE:
https://github.com/assimp/assimp/commit/5d2a7482312db2e866439a8c05a07ce1e718bed1
CVE-2025-3015 (A vulnerability classified as critical has been found in Open
Asset Im ...)
- - assimp <unfixed> (bug #1102234)
+ - assimp 6.0.2+ds-1 (bug #1102234)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, OOB read)
NOTE: https://github.com/assimp/assimp/issues/6021
NOTE: https://github.com/assimp/assimp/pull/6045
- NOTE:
https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe
+ NOTE:
https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe
(v6.0.0)
CVE-2025-31697 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Drupal core and addons
CVE-2025-31696 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
@@ -49879,11 +49881,12 @@ CVE-2025-30118 (An issue was discovered on the Audi
Universal Traffic Recorder 2
CVE-2025-30091 (In Tiny MoxieManager PHP before 4.0.0, remote code execution
can occur ...)
NOT-FOR-US: Tiny MoxieManager PHP
CVE-2025-2757 (A vulnerability classified as critical was found in Open Asset
Import ...)
- - assimp <unfixed> (bug #1102228)
+ - assimp 6.0.2+ds-1 (bug #1102228)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6019
+ NOTE:
https://github.com/assimp/assimp/commit/5be336779d81b1d71b290bc004eb5d1593c328c5
(v6.0.2)
CVE-2025-2756 (A vulnerability classified as critical has been found in Open
Asset Im ...)
- assimp <unfixed> (bug #1102227)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -49977,17 +49980,19 @@ CVE-2025-2752 (A vulnerability was found in Open
Asset Import Library Assimp 5.4
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6013
CVE-2025-2751 (A vulnerability has been found in Open Asset Import Library
Assimp 5.4 ...)
- - assimp <unfixed> (bug #1101495)
+ - assimp 6.0.2+ds-1 (bug #1101495)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6012
+ NOTE:
https://github.com/assimp/assimp/commit/177797c77b027a6de080fb3bacbd8822617e11d8
(v6.0.2)
CVE-2025-2750 (A vulnerability, which was classified as critical, was found in
Open A ...)
- - assimp <unfixed> (bug #1101496)
+ - assimp 6.0.2+ds-1 (bug #1101496)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6011
+ NOTE:
https://github.com/assimp/assimp/commit/269987085fbeef43af877f5eab8945a872ded650
(v6.0.2)
CVE-2025-2744 (A vulnerability, which was classified as critical, was found in
zhijia ...)
NOT-FOR-US: ruoyi-vue-pro
CVE-2025-2743 (A vulnerability, which was classified as problematic, has been
found i ...)
@@ -50671,21 +50676,21 @@ CVE-2025-2597 (Reflected Cross-Site Scripting (XSS)
in ITIUM 6050 version 5.5.5.
CVE-2025-2593 (A vulnerability has been found in FastCMS up to 0.1.5 and
classified a ...)
NOT-FOR-US: FastCMS
CVE-2025-2592 (A vulnerability, which was classified as critical, has been
found in O ...)
- - assimp <unfixed> (bug #1102222)
+ - assimp 6.0.2+ds-1 (bug #1102222)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6010
NOTE: https://github.com/assimp/assimp/pull/6052
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743
(v6.0.0)
CVE-2025-2591 (A vulnerability classified as problematic was found in Open
Asset Impo ...)
- - assimp <unfixed> (bug #1102221)
+ - assimp 6.0.2+ds-1 (bug #1102221)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6009
NOTE: https://github.com/assimp/assimp/pull/6047
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/bcf11c252a9635af83c0f48b5ebdfad8e1ab5522
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/bcf11c252a9635af83c0f48b5ebdfad8e1ab5522
(v6.0.0)
CVE-2025-2590 (A vulnerability was found in code-projects Human Resource
Management S ...)
NOT-FOR-US: code-projects
CVE-2025-2589 (A vulnerability was found in code-projects Human Resource
Management S ...)
@@ -54034,20 +54039,21 @@ CVE-2025-2153 (A vulnerability, which was classified
as critical, was found in H
[bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5329
CVE-2025-2152 (A vulnerability, which was classified as critical, has been
found in O ...)
- - assimp <unfixed> (bug #1100438)
+ - assimp 6.0.2+ds-1 (bug #1100438)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6027
+ NOTE:
https://github.com/assimp/assimp/commit/9182879e1f2cb6e64f158ee935f0e0a68a9a8104
(v6.0.0)
CVE-2025-2151 (A vulnerability classified as critical was found in Open Asset
Import ...)
- - assimp <unfixed> (bug #1100439)
+ - assimp 6.0.2+ds-1 (bug #1100439)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6016
NOTE: https://github.com/assimp/assimp/issues/6026
NOTE:
https://github.com/sae-as-me/Crashes/raw/refs/heads/main/assimp/assimp_crash_1
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28
(v6.0.0)
CVE-2025-2149 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been
rated as ...)
- pytorch <unfixed> (bug #1102220)
[trixie] - pytorch <no-dsa> (Minor issue)
@@ -87256,13 +87262,13 @@ CVE-2024-53426 (A heap-buffer-overflow vulnerability
has been identified in ntop
NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/ntop/ntopng/issues/8793
CVE-2024-53425 (A heap-buffer-overflow vulnerability was discovered in the
SkipSpacesA ...)
- - assimp <unfixed> (bug #1088187)
+ - assimp 6.0.2+ds-1 (bug #1088187)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5860
NOTE: https://github.com/assimp/assimp/pull/5921
- NOTE: Fixed by:
https://github.com/assimp/assimp/commit/ecc8a1c8695560df108d6adc00b3d7b1ba15df9f
+ NOTE: Fixed by:
https://github.com/assimp/assimp/commit/ecc8a1c8695560df108d6adc00b3d7b1ba15df9f
(v6.0.0)
CVE-2024-53335 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer
Overflo ...)
NOT-FOR-US: TOTOLINK
CVE-2024-53334 (TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer
Overflo ...)
@@ -96424,25 +96430,27 @@ CVE-2024-48426 (A segmentation fault (SEGV) was
detected in the SortByPTypeProce
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5789
CVE-2024-48425 (A segmentation fault (SEGV) was detected in the
Assimp::SplitLargeMesh ...)
- - assimp <unfixed> (bug #1086044)
+ - assimp 6.0.2+ds-1 (bug #1086044)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5791
- NOTE:
https://github.com/assimp/assimp/commit/ecdf8d24b85367b22ba353b4f82299d4af7f1f97
+ NOTE:
https://github.com/assimp/assimp/commit/ecdf8d24b85367b22ba353b4f82299d4af7f1f97
(v6.0.0)
NOTE: https://github.com/assimp/assimp/pull/5799
CVE-2024-48424 (A heap-buffer-overflow vulnerability has been identified in
the OpenDD ...)
- - assimp <unfixed> (bug #1086045)
+ - assimp 6.0.2+ds-1 (bug #1086045)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5787
+ NOTE:
https://github.com/assimp/assimp/commit/2b773f0f5a726c38dda72307b5311c14fc3a76ae
(v6.0.0)
CVE-2024-48423 (An issue in assimp v.5.4.3 allows a local attacker to execute
arbitrar ...)
- - assimp <unfixed> (bug #1086046)
+ - assimp 6.0.2+ds-1 (bug #1086046)
[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/5788
+ NOTE:
https://github.com/assimp/assimp/commit/4024726eca89331503bdab33d0b9186e901bbc45
(v6.0.0)
CVE-2024-9692 (VIMESA VHF/FM Transmitter Blue Plus is suffering from a
Denial-of-Serv ...)
NOT-FOR-US: VIMESA VHF/FM Transmitter Blue Plus
CVE-2024-9650 (The WP Recipe Maker plugin for WordPress is vulnerable to
Stored Cross ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6083418f451dafc8fa5f6a9923856dea1beec0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1f6083418f451dafc8fa5f6a9923856dea1beec0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
