[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Dec 23 14:15:56 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2a421d55 by Moritz Muehlenhoff at 2025-12-23T15:15:46+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20282,12 +20282,13 @@ CVE-2025-53702 (Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Ser
CVE-2025-53701 (Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-sit ...)
NOT-FOR-US: Vilar VS-IPC1002 IP cameras
CVE-2025-50951 (FontForge v20230101 was discovered to contain a memory leak via the ut ...)
- - fontforge <unfixed> (bug #1118749)
+ - fontforge <unfixed> (unimportant; bug #1118749)
[trixie] - fontforge <no-dsa> (Minor issue)
[bookworm] - fontforge <no-dsa> (Minor issue)
[bullseye] - fontforge <postponed> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/pull/5495
NOTE: Fixed by: https://github.com/fontforge/fontforge/commit/dcb6efb85030c4bee2f18c6e46c20561d1c77a2b (20251009)
+ NOTE: Negligible security impact
CVE-2025-50950 (Audiofile v0.3.7 was discovered to contain a NULL pointer dereference ...)
- audiofile <unfixed> (bug #1118940)
[trixie] - audiofile <no-dsa> (Minor issue)
@@ -20295,12 +20296,13 @@ CVE-2025-50950 (Audiofile v0.3.7 was discovered to contain a NULL pointer derefe
[bullseye] - audiofile <postponed> (Minor issue)
NOTE: https://github.com/mpruett/audiofile/issues/66
CVE-2025-50949 (FontForge v20230101 was discovered to contain a memory leak via the co ...)
- - fontforge <unfixed> (bug #1118748)
+ - fontforge <unfixed> (unimportant; bug #1118748)
[trixie] - fontforge <no-dsa> (Minor issue)
[bookworm] - fontforge <no-dsa> (Minor issue)
[bullseye] - fontforge <postponed> (Minor issue)
NOTE: https://github.com/fontforge/fontforge/pull/5491
NOTE: Fixed by: https://github.com/fontforge/fontforge/commit/da98987fa8c896fce9a7813923f4f1c75b0d8cd3 (20251009)
+ NOTE: Negligible security impact
CVE-2025-48430 (Uncaught Exception (CWE-248) in the Command Centre Server allows an Au ...)
NOT-FOR-US: Gallagher
CVE-2025-48428 (Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher ...)
@@ -84316,8 +84318,8 @@ CVE-2025-3550 (A vulnerability has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde
NOT-FOR-US: wowjoy Internet Doctor Workstation System
CVE-2025-3549 (A vulnerability, which was classified as critical, was found in Open A ...)
- assimp <unfixed> (bug #1103444)
- [trixie] - assimp <no-dsa> (Minor issue)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6070
CVE-2025-3548 (A vulnerability, which was classified as critical, has been found in O ...)
@@ -86001,26 +86003,26 @@ CVE-2025-3410 (A vulnerability classified as critical was found in mymagicpower
NOT-FOR-US: mymagicpower AIAS
CVE-2025-3409 (A vulnerability classified as critical has been found in Nothings stb ...)
- libstb <unfixed> (bug #1103631)
- [trixie] - libstb <no-dsa> (Minor issue)
- [bookworm] - libstb <no-dsa> (Minor issue)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1771
CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has been r ...)
- libstb <unfixed> (bug #1103632)
- [trixie] - libstb <no-dsa> (Minor issue)
- [bookworm] - libstb <no-dsa> (Minor issue)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1770
CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has been d ...)
- libstb <unfixed> (bug #1103633)
- [trixie] - libstb <no-dsa> (Minor issue)
- [bookworm] - libstb <no-dsa> (Minor issue)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1769
CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has been c ...)
- libstb <unfixed> (bug #1103634)
- [trixie] - libstb <no-dsa> (Minor issue)
- [bookworm] - libstb <no-dsa> (Minor issue)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1772
CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27 ...)
@@ -201959,168 +201961,168 @@ CVE-2024-28715 (Cross Site Scripting vulnerability in DOraCMS v.2.18 and before
NOT-FOR-US: DOraCMS
CVE-2024-28584 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/385/
CVE-2024-28583 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/384/
CVE-2024-28582 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/383/
CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/382/
CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/381/
CVE-2024-28579 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/380/
CVE-2024-28578 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/379/
CVE-2024-28577 (Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/378/
CVE-2024-28576 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/377/
CVE-2024-28575 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/376/
CVE-2024-28574 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/375/
CVE-2024-28573 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/374/
CVE-2024-28572 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/373/
CVE-2024-28571 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/372/
CVE-2024-28570 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/371/
CVE-2024-28569 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/370/
CVE-2024-28568 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/369/
CVE-2024-28567 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/368/
CVE-2024-28566 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/367/
CVE-2024-28565 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/366/
CVE-2024-28564 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
NOTE: https://sourceforge.net/p/freeimage/bugs/365/
CVE-2024-28563 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
- [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
- [bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream, low severity DoS in user interactive software)
NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a421d5555cb258207ba78992cfb5103a6309bb7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a421d5555cb258207ba78992cfb5103a6309bb7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251223/7991a774/attachment.htm>
More information about the debian-security-tracker-commits
mailing list