[Git][security-tracker-team/security-tracker][master] Triage openjpeg2 issues for bookworm and trixie

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Aug 10 11:58:52 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3f74d6e by Salvatore Bonaccorso at 2025-08-10T12:58:12+02:00
Triage openjpeg2 issues for bookworm and trixie

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -367,6 +367,7 @@ CVE-2025-51533 (An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_
 	NOT-FOR-US: Sage DPW
 CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference  ...)
 	- openjpeg2 2.5.3-1
+	[bookworm] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/uclouvain/openjpeg/issues/1505
 	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 (v2.5.1)
 CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file ...)
@@ -5787,6 +5788,7 @@ CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download vulne
 	NOT-FOR-US: OA EKP
 CVE-2025-54874 (OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earl ...)
 	- openjpeg2 <unfixed> (bug #1110443)
+	[trixie] - openjpeg2 <no-dsa> (Minor issue; can be fixed in point release)
 	[bookworm] - openjpeg2 <not-affected> (Vulnerable code introduced later)
 	[bullseye] - openjpeg2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/uclouvain/openjpeg/pull/1573



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3f74d6e4663b0d6c9d3259bebc4879a57669f3e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3f74d6e4663b0d6c9d3259bebc4879a57669f3e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250810/f253a5c2/attachment.htm>

More information about the debian-security-tracker-commits mailing list