[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Apr 20 09:49:01 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e8760cd by Moritz Muehlenhoff at 2025-04-20T10:48:51+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56031,6 +56031,7 @@ CVE-2024-50614 (TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/1
 	NOTE: https://github.com/leethomason/tinyxml2/issues/996
 CVE-2024-50613 (libsndfile through 1.2.2 has a reachable assertion, that may lead to a ...)
 	- libsndfile <unfixed> (bug #1088691)
+	[trixie] - libsndfile <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libsndfile <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsndfile <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/1034
@@ -63168,9 +63169,9 @@ CVE-2024-36474 (An integer overflow vulnerability exists in the Compound Documen
 CVE-2024-34535 (In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setti ...)
 	- mastodon <itp> (bug #859741)
 CVE-2024-0125 (NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in  ...)
-	- nvidia-cuda-toolkit <unfixed> (bug #1084054)
-	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
+	- nvidia-cuda-toolkit <unfixed> (unimportant; bug #1084054)
 	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5577
+	NOTE: Crash in CLI tool, no security impact
 CVE-2024-0124 (NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in  ...)
 	- nvidia-cuda-toolkit <unfixed> (bug #1084054)
 	[bookworm] - nvidia-cuda-toolkit <no-dsa> (Non-free not supported)
@@ -172879,6 +172880,7 @@ CVE-2023-31568 (Podofo v0.10.0 was discovered to contain a heap buffer overflow
 	NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184
 CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...)
 	- libpodofo <unfixed> (bug #1036278)
+	[trixie] - libpodofo <no-dsa> (Minor issue)
 	[bookworm] - libpodofo <no-dsa> (Minor issue)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -172886,6 +172888,7 @@ CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow
 	NOTE: https://github.com/podofo/podofo/commit/8f514d69b4ac3c9aa9f725fa93486fe4b7876642 (0.10.1)
 CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...)
 	- libpodofo <unfixed> (bug #1036278)
+	[trixie] - libpodofo <no-dsa> (Minor issue)
 	[bookworm] - libpodofo <no-dsa> (Minor issue)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -248586,6 +248589,7 @@ CVE-2022-33065 (Multiple signed integers overflow in function au_read_header in
 	NOTE: https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c
 CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in Libsnd ...)
 	- libsndfile <unfixed> (bug #1051890)
+	[trixie] - libsndfile <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libsndfile <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	[buster] - libsndfile <no-dsa> (Minor issue)
@@ -257685,6 +257689,7 @@ CVE-2022-29979 (Simple Client Management System 1.0 is vulnerable to SQL Injecti
 	NOT-FOR-US: Sourcecodester Simple Client Management System
 CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize,  ...)
 	- libsixel <unfixed> (bug #1014527)
+	[trixie] - libsixel <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libsixel <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
@@ -257693,6 +257698,7 @@ CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_re
 	NOTE: Previously also reported in https://github.com/saitoha/libsixel/issues/166
 CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, stb_ima ...)
 	- libsixel <unfixed> (bug #1014526)
+	[trixie] - libsixel <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libsixel <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libsixel <no-dsa> (Minor issue)
 	[buster] - libsixel <no-dsa> (Minor issue)
@@ -328664,6 +328670,7 @@ CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory
 	NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998
 CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...)
 	- libpodofo <unfixed> (bug #986794)
+	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -328671,6 +328678,7 @@ CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow
 	NOTE: https://sourceforge.net/p/podofo/tickets/132/
 CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...)
 	- libpodofo <unfixed> (bug #986793)
+	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -328678,6 +328686,7 @@ CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call
 	NOTE: https://sourceforge.net/p/podofo/tickets/131/
 CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...)
 	- libpodofo <unfixed> (bug #986792)
+	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -328685,6 +328694,7 @@ CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call
 	NOTE: https://sourceforge.net/p/podofo/tickets/130/
 CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...)
 	- libpodofo <unfixed> (bug #986791)
+	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e8760cdeedb26de5bf1e44926e5eeb31e4b9bc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e8760cdeedb26de5bf1e44926e5eeb31e4b9bc4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250420/faf9f12d/attachment.htm>

More information about the debian-security-tracker-commits mailing list