<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: .875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;

}

body {

font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<h3 style="margin-top: 20px; margin-bottom: 10px;">

Salvatore Bonaccorso pushed to branch master at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Commits:

</h4>

<ul>

<li>

<strong style="font-weight: 600;"><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c684208eb36689950230176dd3b4dcfa4945ae6b">c684208e</a></strong>

<div>

<span> by Salvatore Bonaccorso </span> <i> at 2026-01-02T00:11:07+01:00 </i>

</div>

<pre class="commit-message" style='white-space: pre-wrap; display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; border-radius: 2px; margin: 0; padding: 8px 12px; border: 1px solid #dcdcde;'>Document required followup for CVE-2025-64512/pdfminer

Consider it unfixed in unstable, keep the original DSA association with

incomplete fix for the DSA and DLA as they will require DSA-6062-2 and

DLA-4374-2 accordingly with the proper fix.

The proper fix switches from pickle to JSON for the CMap storage and

needs to be backported to the older versions.

For unstable it might be more approriate to update to 20251230 with the

fix.

</pre>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

2 changed files:

</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

<li class="file-stats">

<a href="#922f24d99bcbb71f467600d4a765aa2ac5ee31f5">

data/dsa-needed.txt

</a>

</li>

</ul>

<h4 style="margin-top: 10px; margin-bottom: 10px;">

Changes:

</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c684208eb36689950230176dd3b4dcfa4945ae6b#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong style="font-weight: 600;">data/CVE/list</strong></a>

<hr style="overflow: hidden; border: 1px solid #dcdcde;">

No preview for this file type

<br>

</li>

<li id="922f24d99bcbb71f467600d4a765aa2ac5ee31f5">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c684208eb36689950230176dd3b4dcfa4945ae6b#922f24d99bcbb71f467600d4a765aa2ac5ee31f5"><strong style="font-weight: 600;">data/dsa-needed.txt</strong></a>

<hr style="overflow: hidden; border: 1px solid #dcdcde;">

<table class="code white" style="border-spacing: 0; border-collapse: collapse; width: auto; font-family: monospace; font-size: 90%;" bgcolor="#ffffff" width="100%" cellpadding="0" cellspacing="0">

<tr class="line_holder match" style="line-height: 1.6;">

<td class="diff-line-num unfold js-unfold old_line" data-linenumber="53" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="diff-line-num unfold js-unfold new_line" data-linenumber="53" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">...</td>

<td class="line_content match" style="color: rgba(5,5,6,.24); padding: inherit;" bgcolor="#fbfafd">@@ -53,6 +53,9 @@ netty</td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="53" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

53

</td>

<td class="new_line diff-line-num" data-linenumber="53" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

53

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span class="line" data-lang="plaintext">opennds/oldstable</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="54" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

54

</td>

<td class="new_line diff-line-num" data-linenumber="54" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

54

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span class="line" data-lang="plaintext">  pinged maintainer, but no reply yet. should most probably be bumped to 10.x</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="55" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

55

</td>

<td class="new_line diff-line-num" data-linenumber="55" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

55

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span class="line" data-lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="56" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="56" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

56

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span class="line" data-lang="plaintext">pdfminer</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="56" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="57" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

57

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span class="line" data-lang="plaintext">  Required followup for CVE-2025-64512 as original fix was incomplete.</span>

</pre></td>

</tr>

<tr class="line_holder new" style="line-height: 1.6;">

<td class="old_line diff-line-num new" data-linenumber="56" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

</td>

<td class="new_line diff-line-num new" data-linenumber="58" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #c7f0d2; border-right-style: solid; padding: inherit;" align="right" bgcolor="#ddfbe6">

58

</td>

<td class="line_content new" style="padding: inherit;" bgcolor="#ecfdf0"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'>+<span class="line" data-lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="56" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

56

</td>

<td class="new_line diff-line-num" data-linenumber="59" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

59

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span class="line" data-lang="plaintext">php8.2/oldstable (jmm)</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="57" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

57

</td>

<td class="new_line diff-line-num" data-linenumber="60" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

60

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span class="line" data-lang="plaintext">--</span>

</pre></td>

</tr>

<tr class="line_holder" style="line-height: 1.6;">

<td class="old_line diff-line-num" data-linenumber="58" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

58

</td>

<td class="new_line diff-line-num" data-linenumber="61" style="width: 35px; color: rgba(5,5,6,.24); border-right-width: 1px; border-right-color: #ececef; border-right-style: solid; padding: inherit;" align="right" bgcolor="#fbfafd">

61

</td>

<td class="line_content" style="padding: inherit;"><pre style='display: block; font-size: 14px; color: #3a383f; position: relative; font-family: "GitLab Mono", "JetBrains Mono", "Menlo", "DejaVu Sans Mono", "Liberation Mono", "Consolas", "Ubuntu Mono", "Courier New", "andale mono", "lucida console", monospace; font-variant-ligatures: none; word-break: break-all; word-wrap: break-word; background-color: inherit; border-radius: 2px; margin: 0; padding: 0; border: inherit solid #dcdcde;'> <span class="line" data-lang="plaintext">php-laravel-framework/oldstable</span>

</pre></td>

</tr>

</table>

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #626168;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c684208eb36689950230176dd3b4dcfa4945ae6b">View it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://salsa.debian.org">salsa.debian.org</a>. <a href="https://salsa.debian.org/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://salsa.debian.org/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<span style="color: transparent; font-size: 0; display: none; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0;">

Notification message regarding https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c684208eb36689950230176dd3b4dcfa4945ae6b at 1767309079

</span>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c684208eb36689950230176dd3b4dcfa4945ae6b"}}</script>

</p>

</div>

</body>

</html>