[Git][security-tracker-team/security-tracker][master] 2 commits: Update status for CVE-2025-29479

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 12 19:42:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91ab357f by Salvatore Bonaccorso at 2025-04-12T20:36:29+02:00
Update status for CVE-2025-29479

- - - - -
5cde7201 by Salvatore Bonaccorso at 2025-04-12T20:40:27+02:00
Take popper for bookworm in dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1809,11 +1809,8 @@ CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local att
 CVE-2025-29480 (Buffer Overflow vulnerability in gdal 3.10.2 allows a local attacker t ...)
 	- gdal <unfixed>
 	NOTE: https://github.com/lmarch2/poc/blob/main/gdal/gdal.md
-CVE-2025-29479 (Buffer Overflow in hiredis 1.2.0 allows a local attacker to cause a de ...)
-	- hiredis <unfixed> (bug #1102412; unimportant)
-	NOTE: https://github.com/lmarch2/poc/blob/main/hiredis/hiredis.md
-	NOTE: Disputed upstream: https://github.com/redis/hiredis/issues/1293
-	NOTE: Not considered a bug upstream; fuzzer code creating false positives
+CVE-2025-29479
+	REJECTED
 CVE-2025-29478 (An issue in fluent-bit v.3.7.2 allows a local attacker to cause a deni ...)
 	NOT-FOR-US: fluent-bit
 CVE-2025-29087 (Sqlite 3.49.0 is susceptible to integer overflow through the concat fu ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ opennds
 --
 pagure
 --
+poppler (carnil)
+--
 php-laravel-framework
 --
 python-django



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd8edb4a45c8e30e828256bb3893ea7a2c917865...5cde7201dc8cf52eb724f21fa6be2d96a99ecc44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cd8edb4a45c8e30e828256bb3893ea7a2c917865...5cde7201dc8cf52eb724f21fa6be2d96a99ecc44
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250412/4022ba83/attachment.htm>

More information about the debian-security-tracker-commits mailing list