[Debian-med-packaging] Bug#1112133: biosig: CVE-2025-54494 CVE-2025-54493 CVE-2025-54492 CVE-2025-54491 CVE-2025-54490 CVE-2025-54489 CVE-2025-54488 CVE-2025-54487 CVE-2025-54486 CVE-2025-54485 CVE-2025-54484 CVE-2025-54483 CVE-2025-54482 CVE-2025-54481 CVE-2025-54480 CVE-2025-54462 CVE-2025-53853 CVE-2025-53557 CVE-2025-53518 CVE-2025-53511 CVE-2025-52581 CVE-2025-52461 CVE-2025-48005 CVE-2025-46411
Andreas Tille
tille at debian.org
Tue Dec 2 19:03:39 GMT 2025
Hi Alois,
Am Tue, Dec 02, 2025 at 01:45:25PM +0100 schrieb Alois Schlögl:
> release v3.9.1 addresses are number of the reported CVE but not all.
> Some MFER parsing issues are only addressed at some later commits.
> The other CVE's (related to GDF, NEX, ABF, RHS2000, BrainVision) are
> addressed by v3.9.1.
Thank you for the confirmation.
> I've planning to release 3.9.2 within the next 5 weeks, this will fix the
> other known security issues as well as a number of other bugs.
> Again, the ABI will not change. If 5 weeks is to much, I can check whether I
> can push this forward.
I personally have no pressure, just stumbled upon a bug that could / should
be fixed with the effort of a simple upgrade to latest upstream.
Just ping on the Debian Med list + this bug once you have released the
next version and whether it might fix this bug.
Kind regards
Andreas.
--
https://fam-tille.de
More information about the Debian-med-packaging
mailing list