[Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: add libsndfile

Daniel Leidert (@dleidert) dleidert at debian.org
Sun Aug 24 21:22:53 BST 2025 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8833640 by Daniel Leidert at 2025-08-24T21:32:27+02:00
dla-needed: add libsndfile

- - - - -
09e2297a by Daniel Leidert at 2025-08-24T21:37:10+02:00
lts: triage CVE-2022-33064/libsndfile for Bullseye

Upstream issue shows multiple reports that this is a false-positive.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -287307,6 +287307,8 @@ CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in
 	[bullseye] - libsndfile <no-dsa> (Minor issue)
 	[buster] - libsndfile <no-dsa> (Minor issue)
 	NOTE: https://github.com/libsndfile/libsndfile/issues/832
+	NOTE: Upstream disputes issue as possible false-positive:
+	NOTE: https://github.com/libsndfile/libsndfile/issues/832#issuecomment-1702253852 ff
 CVE-2022-33063
 	RESERVED
 CVE-2022-33062


=====================================
data/dla-needed.txt
=====================================
@@ -211,6 +211,10 @@ libphp-adodb (abhijith)
   NOTE: 20250807: Added by Front-Desk (rouca)
   NOTE: 20250807: Fix other CVEs and try to propose a PU (rouca)
 --
+libsndfile
+  NOTE: 20250824: Added by Front-Desk (dleidert)
+  NOTE: 20250824: Follow OSPU (#1111987) and update Bullseye and fix open no-dsa (dleidert/FD)
+--
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0252158ddccfbbe1bdb40a937166c61ef4dffec...09e2297abceb43c9055bd61aafb0b0cd007719c0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0252158ddccfbbe1bdb40a937166c61ef4dffec...09e2297abceb43c9055bd61aafb0b0cd007719c0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250824/9b65a47a/attachment.htm>

More information about the debian-security-tracker-commits mailing list