[Git][security-tracker-team/security-tracker][master] 2 commits: assimp: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Thu Apr 10 10:25:59 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76deb781 by Sylvain Beucler at 2025-04-10T11:25:51+02:00
assimp: bullseye postponed

- - - - -
3dc5a351 by Sylvain Beucler at 2025-04-10T11:25:51+02:00
dla: add hdf5

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2105,6 +2105,7 @@ CVE-2025-3197 (Versions of the package expand-object from 0.0.0 are vulnerable t
 CVE-2025-3196 (A vulnerability, which was classified as critical, was found in Open A ...)
 	- assimp <unfixed> (bug #1102207)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue, no upstream patch)
 	NOTE: https://github.com/assimp/assimp/issues/6069
 	TODO: fixed upstream in master, need to identify upstream commit
 CVE-2025-3195 (A vulnerability, which was classified as critical, has been found in i ...)
@@ -2246,18 +2247,21 @@ CVE-2025-3161 (A vulnerability was found in Tenda AC10 16.03.10.13 and classifie
 CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
 	- assimp <unfixed> (bug #1102206)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/assimp/assimp/issues/6025
 	NOTE: https://github.com/assimp/assimp/pull/6049
 	NOTE: Fixed by: https://github.com/assimp/assimp/commit/4b8f55cc0008af43a8a50b91f0134e2f4e80142e
 CVE-2025-3159 (A vulnerability, which was classified as critical, was found in Open A ...)
 	- assimp <unfixed> (bug #1102205)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue, OOB read)
 	NOTE: https://github.com/assimp/assimp/issues/6024
 	NOTE: https://github.com/assimp/assimp/pull/6051
 	NOTE: Fixed by: https://github.com/assimp/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b
 CVE-2025-3158 (A vulnerability, which was classified as critical, has been found in O ...)
 	- assimp <unfixed> (bug #1102204)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue, OOB read)
 	NOTE: https://github.com/assimp/assimp/issues/6023
 CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has ...)
 	NOT-FOR-US: Intelbras WRN
@@ -3826,12 +3830,14 @@ CVE-2025-3017 (A vulnerability, which was classified as critical, has been found
 CVE-2025-3016 (A vulnerability classified as problematic was found in Open Asset Impo ...)
 	- assimp <unfixed> (bug #1102235)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue, OOM DoS)
 	NOTE: https://github.com/assimp/assimp/issues/6022
 	NOTE: https://github.com/assimp/assimp/pull/6046
 	NOTE: https://github.com/assimp/assimp/commit/5d2a7482312db2e866439a8c05a07ce1e718bed1
 CVE-2025-3015 (A vulnerability classified as critical has been found in Open Asset Im ...)
 	- assimp <unfixed> (bug #1102234)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue, OOB read)
 	NOTE: https://github.com/assimp/assimp/issues/6021
 	NOTE: https://github.com/assimp/assimp/pull/6045
 	NOTE: https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe


=====================================
data/dla-needed.txt
=====================================
@@ -106,6 +106,10 @@ grub2
   NOTE: 20250105: high-profile package but not enough details yet. (apo)
   NOTE: 20250219: New batch of 21 CVEs, with fixes (Beuc/front-desk)
 --
+hdf5
+  NOTE: 20250410: Added by Front-Desk (Beuc)
+  NOTE: 20250410: >50 CVEs piled-up during stable/oldstable/lts (Beuc/front-desk)
+--
 ipmctl
   NOTE: 20250112: Added by Front-Desk (ta)
   NOTE: 20250217: I wasn't able to determine a patch for CVE-2023-27517 for any of the series (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7eac468c69b8848ad31e81f77cee3e877c91b4c...3dc5a3518b4d507d3b236b21ac196f26844351f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7eac468c69b8848ad31e81f77cee3e877c91b4c...3dc5a3518b4d507d3b236b21ac196f26844351f7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/62c455f7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list