[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-23016/libfcgi
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Apr 14 20:19:44 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2ec92782 by Salvatore Bonaccorso at 2025-04-14T21:19:13+02:00
Track fixed version for CVE-2025-23016/libfcgi
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31329,7 +31329,7 @@ CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cf
NOTE: Bogus fuzzing report for a seven year old copy of FreeType
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312
CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...)
- - libfcgi <unfixed> (bug #1092774)
+ - libfcgi 2.4.5-0.1 (bug #1092774)
[bookworm] - libfcgi <no-dsa> (Minor issue)
[bullseye] - libfcgi <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/FastCGI-Archives/fcgi2/issues/67
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec9278241448ac7a0fd6f14c6c74c961f939c1f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2ec9278241448ac7a0fd6f14c6c74c961f939c1f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250414/d50111f1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list