[Debian-med-packaging] Bug#1112133: biosig: CVE-2025-54494 CVE-2025-54493 CVE-2025-54492 CVE-2025-54491 CVE-2025-54490 CVE-2025-54489 CVE-2025-54488 CVE-2025-54487 CVE-2025-54486 CVE-2025-54485 CVE-2025-54484 CVE-2025-54483 CVE-2025-54482 CVE-2025-54481 CVE-2025-54480 CVE-2025-54462 CVE-2025-53853 CVE-2025-53557 CVE-2025-53518 CVE-2025-53511 CVE-2025-52581 CVE-2025-52461 CVE-2025-48005 CVE-2025-46411
Alois Schlögl
alois.schloegl at gmail.com
Tue Dec 2 12:45:25 GMT 2025
Am 02.12.25 um 11:52 AM schrieb Andreas Tille:
> Hi Alois,
>
> Am Sun, Aug 31, 2025 at 11:27:12PM +0200 schrieb Alois Schlögl:
>> Attached are patches to fix a number of security vulnerabilities on biosig
>> 3.9.0 [1,2]. The numbers indicate the last 20 patches from upstream [3,4].
>> Only those patches relevant for these CVE's are discussed here:
>> ...
> I've seen you released version 3.9.1. I injected the new source into
> Salsa. Are those patches included into this new version and would this
> version close this bug?
>
> Kind regards
> Andreas.
>
Hi Andreas,
release v3.9.1 addresses are number of the reported CVE but not all.
Some MFER parsing issues are only addressed at some later commits.
The other CVE's (related to GDF, NEX, ABF, RHS2000, BrainVision) are
addressed by v3.9.1.
I've planning to release 3.9.2 within the next 5 weeks, this will fix
the other known security issues as well as a number of other bugs.
Again, the ABI will not change. If 5 weeks is to much, I can check
whether I can push this forward.
Kind regards,
Alois
More information about the Debian-med-packaging
mailing list