[Git][security-tracker-team/security-tracker][master] 4 commits: dla: add mediawiki
Daniel Leidert (@dleidert)
dleidert at debian.org
Fri Dec 12 09:23:44 GMT 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00849d56 by Daniel Leidert at 2025-12-12T10:22:29+01:00
dla: add mediawiki
- - - - -
0771a9da by Daniel Leidert at 2025-12-12T10:22:29+01:00
lts: triage CVE-2025-13912/wolfssl for Bullseye
- - - - -
22832bc9 by Daniel Leidert at 2025-12-12T10:22:30+01:00
Add patch links for complete patches for CVE-2025-54480..CVE-2025-54494
The original patches seems to have been incomplete. Release 3.9.2 is supposed
to contain a full patchset. See also #1112133.
- - - - -
bad27e0a by Daniel Leidert at 2025-12-12T10:22:32+01:00
lts: triage CVE-2025-66043..CVE-2025-66048/biosig and add patch links
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -338,38 +338,50 @@ CVE-2025-66048 (Several stack-based buffer overflow vulnerabilities exists in th
- biosig <unfixed>
[trixie] - biosig <no-dsa> (Minor issue)
[bookworm] - biosig <no-dsa> (Minor issue)
+ [bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59271419/
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-66047 (Several stack-based buffer overflow vulnerabilities exists in the MFER ...)
- biosig <unfixed>
[trixie] - biosig <no-dsa> (Minor issue)
[bookworm] - biosig <no-dsa> (Minor issue)
+ [bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59271419/
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-66046 (Several stack-based buffer overflow vulnerabilities exists in the MFER ...)
- biosig <unfixed>
[trixie] - biosig <no-dsa> (Minor issue)
[bookworm] - biosig <no-dsa> (Minor issue)
+ [bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59271419/
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-66045 (Several stack-based buffer overflow vulnerabilities exists in the MFER ...)
- biosig <unfixed>
[trixie] - biosig <no-dsa> (Minor issue)
[bookworm] - biosig <no-dsa> (Minor issue)
+ [bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59271419/
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-66044 (Several stack-based buffer overflow vulnerabilities exists in the MFER ...)
- biosig <unfixed>
[trixie] - biosig <no-dsa> (Minor issue)
[bookworm] - biosig <no-dsa> (Minor issue)
+ [bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59271419/
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-66043 (Several stack-based buffer overflow vulnerabilities exists in the MFER ...)
- biosig <unfixed>
[trixie] - biosig <no-dsa> (Minor issue)
[bookworm] - biosig <no-dsa> (Minor issue)
+ [bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59271419/
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2296
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-65474 (An arbitrary file rename vulnerability in the /admin/manager.php compo ...)
NOT-FOR-US: EasyImages
CVE-2025-65473 (An arbitrary file rename vulnerability in the /admin/filer.php compone ...)
@@ -596,6 +608,7 @@ CVE-2025-13912 (Multiple constant-time implementations in wolfSSL before version
- wolfssl 5.8.4-1
[trixie] - wolfssl <no-dsa> (Minor issue)
[bookworm] - wolfssl <no-dsa> (Minor issue)
+ [bullseye] - wolfssl <postponed> (Minor issue)
NOTE: https://github.com/wolfSSL/wolfssl/pull/9148
NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/234ba7780ad3b7c8c1509973accdc43ed6c328b3 (v5.8.4-stable)
CVE-2025-13780 (pgAdmin versions up to 9.10 are affected by a Remote Code Execution (R ...)
@@ -38376,6 +38389,8 @@ CVE-2025-54493 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54492 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38383,6 +38398,8 @@ CVE-2025-54492 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54491 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38390,6 +38407,8 @@ CVE-2025-54491 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54490 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38397,6 +38416,8 @@ CVE-2025-54490 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54489 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38404,6 +38425,8 @@ CVE-2025-54489 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54488 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38411,6 +38434,8 @@ CVE-2025-54488 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54487 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38418,6 +38443,8 @@ CVE-2025-54487 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54486 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38425,6 +38452,8 @@ CVE-2025-54486 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54485 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38432,6 +38461,8 @@ CVE-2025-54485 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54484 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38439,6 +38470,8 @@ CVE-2025-54484 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54483 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38446,6 +38479,8 @@ CVE-2025-54483 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54482 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38453,6 +38488,8 @@ CVE-2025-54482 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54481 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38460,6 +38497,8 @@ CVE-2025-54481 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing ...)
NOT-FOR-US: PHPOffice
CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image Decoding fun ...)
@@ -38604,6 +38643,8 @@ CVE-2025-54480 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-54494 (A stack-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
@@ -38611,6 +38652,8 @@ CVE-2025-54494 (A stack-based buffer overflow vulnerability exists in the MFER p
[bullseye] - biosig <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
NOTE: https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/7d1dccb1080c7b9baf23676da4184d76f3c886b2/
+ NOTE: https://sourceforge.net/p/biosig/code/ci/1d9af2b1747f8fd1a632c71bc78925c38359b315/
CVE-2025-53557 (A heap-based buffer overflow vulnerability exists in the MFER parsing ...)
- biosig <unfixed> (bug #1112133)
[trixie] - biosig <no-dsa> (Minor issue)
=====================================
data/dla-needed.txt
=====================================
@@ -249,6 +249,10 @@ linux (Ben Hutchings)
mbedtls
NOTE: 20251102: Added by Front-Desk (apo)
--
+mediawiki
+ NOTE: 20251212: Added by Front-Desk (dleidert)
+ NOTE: 20251212: Follow DSA when released (dleidert/front-desk)
+--
mimetex
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1a1e4a39e0f64102f8ea288ad2e2c4f82ca5d0...bad27e0a5479a62bf131436b5ca82368afd20f7a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/cf1a1e4a39e0f64102f8ea288ad2e2c4f82ca5d0...bad27e0a5479a62bf131436b5ca82368afd20f7a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251212/438514b7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list