[Git][security-tracker-team/security-tracker][master] Remove CVEs which initially were assigned for fig2dev issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e37ab262 by Salvatore Bonaccorso at 2025-04-30T22:26:25+02:00
Remove CVEs which initially were assigned for fig2dev issues

They were not security issues so the CVE rejected and the fixes count as
just to be bugfixes (and still worth applying in stable update).

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1373,33 +1373,12 @@ CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include ss
 	NOT-FOR-US: Picklescan
 CVE-2025-46400
 	REJECTED
-	{DLA-4147-1}
-	- fig2dev 1:3.2.9a-3
-	[bookworm] - fig2dev <no-dsa> (Minor issue)
-	NOTE: https://sourceforge.net/p/mcj/tickets/187/
-	NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
-	NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
 CVE-2025-46399
 	REJECTED
-	{DLA-4147-1}
-	- fig2dev 1:3.2.9a-4
-	[bookworm] - fig2dev <no-dsa> (Minor issue)
-	NOTE: https://sourceforge.net/p/mcj/tickets/190/
-	NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/2bd6c0b210916d0d3ca81f304535b5af0849aa93/
 CVE-2025-46398
 	REJECTED
-	{DLA-4147-1}
-	- fig2dev 1:3.2.9a-4
-	[bookworm] - fig2dev <no-dsa> (Minor issue)
-	NOTE: https://sourceforge.net/p/mcj/tickets/191/
-	NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
 CVE-2025-46397
 	REJECTED
-	{DLA-4147-1}
-	- fig2dev 1:3.2.9a-4
-	[bookworm] - fig2dev <no-dsa> (Minor issue)
-	NOTE: https://sourceforge.net/p/mcj/tickets/192/
-	NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/dfa8b661b506a463a669754ed635b0a8eb67580e/
 CVE-2025-46381
 	REJECTED
 CVE-2025-46380


=====================================
data/DLA/list
=====================================
@@ -2,7 +2,6 @@
 	{CVE-2025-29769}
 	[bullseye] - vips 8.10.5-2+deb11u1
 [30 Apr 2025] DLA-4147-1 fig2dev - security update
-	{CVE-2025-46397 CVE-2025-46398 CVE-2025-46399 CVE-2025-46400}
 	[bullseye] - fig2dev 1:3.2.8-3+deb11u3
 [30 Apr 2025] DLA-4146-1 libxml2 - security update
 	{CVE-2025-32414 CVE-2025-32415}


=====================================
data/next-point-update.txt
=====================================
@@ -150,14 +150,6 @@ CVE-2023-28755
 	[bookworm] - rubygems 3.3.15-2+deb12u1
 CVE-2025-32728
 	[bookworm] - openssh 1:9.2p1-2+deb12u6
-CVE-2025-46397
-	[bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2025-46398
-	[bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2025-46399
-	[bookworm] - fig2dev 1:3.2.8b-3+deb12u2
-CVE-2025-46400
-	[bookworm] - fig2dev 1:3.2.8b-3+deb12u2
 CVE-2025-32776
 	[bookworm] - openrazer 3.5.1+dfsg-2+deb12u1
 CVE-2023-34872



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e37ab262193e1e30363380e33db5aad25dffad32

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e37ab262193e1e30363380e33db5aad25dffad32
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/59407487/attachment-0001.htm>