[Git][security-tracker-team/security-tracker][master] Reserve DLA-4134-1 for fig2dev
Adrian Bunk (@bunk)
bunk at debian.org
Mon Apr 21 12:26:15 BST 2025
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6e288cff by Adrian Bunk at 2025-04-21T14:26:01+03:00
Reserve DLA-4134-1 for fig2dev
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8530,19 +8530,16 @@ CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an attacker to ...)
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
- [bullseye] - fig2dev <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/184/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/ff9aba206a30288f456dfc91584a52ba9927b438/
CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
- [bullseye] - fig2dev <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/186/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c8a87d22036e62bac0c6f7836078d8103caa6457/
CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an attacke ...)
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
- [bullseye] - fig2dev <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/185/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/da8992f44b84a337b4edaa67fc8b36b55eaef696/
CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Apr 2025] DLA-4134-1 fig2dev - security update
+ {CVE-2025-31162 CVE-2025-31163 CVE-2025-31164}
+ [bullseye] - fig2dev 1:3.2.8-3+deb11u2
[21 Apr 2025] DLA-4133-1 wget - security update
{CVE-2024-38428}
[bullseye] - wget 1.21-1+deb11u2
=====================================
data/dla-needed.txt
=====================================
@@ -76,10 +76,6 @@ espeak-ng
fastdds
NOTE: 20250303: Added by Front-Desk (rouca)
--
-fig2dev (Adrian Bunk)
- NOTE: 20250404: Added by Front-Desk (Beuc)
- NOTE: 20250404: Sync with transfig/jessie WIP (Beuc/front-desk)
---
firmware-nonfree
NOTE: 20241011: Added by Front-Desk (pochu)
NOTE: 20241011: Update to bookworm version, possibly coordinate upload of
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e288cff76fd6ef0a1c8086aea4b7af8e5a40e44
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6e288cff76fd6ef0a1c8086aea4b7af8e5a40e44
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/63885731/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list