[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-2849/upx-ucl: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Wed Apr 9 14:51:49 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c521fb7 by Sylvain Beucler at 2025-04-09T15:36:02+02:00
CVE-2025-2849/upx-ucl: bullseye postponed

- - - - -
bae5431b by Sylvain Beucler at 2025-04-09T15:51:23+02:00
dla: add curl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5122,6 +5122,7 @@ CVE-2025-2852 (A vulnerability has been found in SourceCodester Food Ordering Ma
 	NOT-FOR-US: SourceCodester
 CVE-2025-2849 (A vulnerability, which was classified as problematic, was found in UPX ...)
 	- upx-ucl <unfixed> (bug #1101500)
+	[bullseye] - upx-ucl <postponed> (Minor issue, local DoS)
 	NOTE: https://github.com/upx/upx/issues/898
 	NOTE: https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2
 CVE-2025-2847 (A vulnerability, which was classified as critical, has been found in C ...)


=====================================
data/dla-needed.txt
=====================================
@@ -44,6 +44,10 @@ ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
 --
+curl
+  NOTE: 20250409: Added by Front-Desk (Beuc)
+  NOTE: 20250409: Follow fixes from bookworm 12.10 (CVE-2024-11053)
+--
 dcmtk
   NOTE: 20250220: Added by Front-Desk (Beuc)
   NOTE: 20250220: Previous DLA introduced another regression, this is CVE-2024-47796.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e00f04860cb210a38b393b9817e99c1c0948aa56...bae5431b7b4d419a62f1d2fc33850f3536320e1e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e00f04860cb210a38b393b9817e99c1c0948aa56...bae5431b7b4d419a62f1d2fc33850f3536320e1e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250409/cb36825d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list