[Git][security-tracker-team/security-tracker][master] Postpone CVE-2025-52194/bullseye
Paride Legovini (@paride)
paride at debian.org
Sat Aug 30 16:28:12 BST 2025
Paride Legovini pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dcdd57c2 by Paride Legovini at 2025-08-30T17:24:47+02:00
Postpone CVE-2025-52194/bullseye
Follow Bookworm; crash does not reproduce with provided PoC file [1] on
a Bullseye system. This does not mean Bullseye is not-affected, but it
is an indicator that is _may_ be unaffected. Building the package with
ASAN instrumentation may be needed to reproduce the issue, see [1]. This
is not something users would normally be doing.
[1] https://github.com/libsndfile/libsndfile/issues/1082
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2527,6 +2527,7 @@ CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version 1.2
- libsndfile <unfixed> (bug #1111876)
[trixie] - libsndfile <no-dsa> (Minor issue)
[bookworm] - libsndfile <no-dsa> (Minor issue)
+ [bullseye] - libsndfile <postponed> (Minor issue, possibly not-affected)
NOTE: https://github.com/libsndfile/libsndfile/issues/1082
CVE-2025-51989 (HTML injection vulnerability in the registration interface in Evolutio ...)
NOT-FOR-US: HRmaster
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcdd57c26420911bfac84a0b7d4d89224875512c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcdd57c26420911bfac84a0b7d4d89224875512c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250830/8f702f80/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list