[Git][security-tracker-team/security-tracker][master] Update notes for VE-2025-54349, CVE-2025-54350 and CVE-2025-54351
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Aug 5 11:17:08 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4ec35611 by Salvatore Bonaccorso at 2025-08-05T12:16:16+02:00
Update notes for VE-2025-54349, CVE-2025-54350 and CVE-2025-54351
Mark issues as to be fixed via point release.
CVE-2025-54349 requires SSL authentication enabled to be exploited.
CVE-2025-54350, samewise but will be before authentication.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -329,16 +329,23 @@ CVE-2025-54955 (OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Ed
- opennebula <removed>
CVE-2025-54351 (In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-cop ...)
- iperf3 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0001.txt.asc
NOTE: Introduced with: https://github.com/esnet/iperf/commit/daea2dc307cb2b1e2c76ebe4d00659d321e13442 (3.19)
NOTE: Fixed by: https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0 (master)
NOTE: Fixed by: https://github.com/esnet/iperf/commit/c9af85a384859365b7184be173da4876437aaf40 (3.19.1)
CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion fail ...)
- iperf3 3.19.1-1 (bug #1110376)
+ [trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
+ [bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
+ NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0002.txt.asc
NOTE: Introduced with https://github.com/esnet/iperf/commit/a51045de196f762fb74c86184b03da148c4e8f07 (3.2rc1)
NOTE: Fixed by: https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a (master)
NOTE: Fixed by: https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1 (3.19.1)
CVE-2025-54349 (In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resul ...)
- iperf3 3.19.1-1 (bug #1110376)
+ [trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
+ [bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
+ NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0003.txt.asc
NOTE: Introduced with https://github.com/esnet/iperf/commit/a51045de196f762fb74c86184b03da148c4e8f07 (3.2rc1)
NOTE: Fixed by: https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf (master)
NOTE: Fixed by: https://github.com/esnet/iperf/commit/42280d2292ed5f213bfcb33b2206ebcdb151ae66 (3.19.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec35611c3f50d35e169107760d3e71682ca0600
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec35611c3f50d35e169107760d3e71682ca0600
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250805/4d5c2803/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list