[Git][security-tracker-team/security-tracker][master] associate CVE-2025-29482 with libde265 and mark as fixed

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 29 18:58:59 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d9c429c by Moritz Muehlenhoff at 2025-04-29T19:58:31+02:00
associate CVE-2025-29482 with libde265 and mark as fixed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6375,12 +6375,10 @@ CVE-2025-29769 (libvips is a demand-driven, horizontally threaded image processi
 CVE-2025-29594 (A vulnerability exists in the errorpage.php file of the CS2-WeaponPain ...)
 	NOT-FOR-US: CS2-WeaponPaints-Website
 CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacke ...)
-	- libheif <unfixed> (bug #1103837)
-	[trixie] - libheif <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - libheif <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - libheif <postponed> (Minor issue)
+	- libde265 1.0.7-1 (bug #1103837)
 	NOTE: https://github.com/lmarch2/poc/blob/main/libheif/libheif.md
 	NOTE: https://github.com/strukturag/libde265/issues/472
+	NOTE: https://github.com/strukturag/libde265/commit/7db4e813947c479fe54453904d992071a7f58b2a (v1.0.5)
 CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker  ...)
 	- libbpf 1.5.0-3 (unimportant; bug #1102672)
 	NOTE: https://github.com/lmarch2/poc/blob/main/libbpf/libbpf.md



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9c429c927eaf9aad0f3c46e6cc7d7193a4e809

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d9c429c927eaf9aad0f3c46e6cc7d7193a4e809
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250429/63e9d72a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list