[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-59529,avahi: bullseye is postponed

Markus Koschany (@apo) apo at debian.org
Fri Dec 26 10:13:00 GMT 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31c884de by Markus Koschany at 2025-12-26T11:10:57+01:00
CVE-2025-59529,avahi: bullseye is postponed

revisit when fixed upstream

- - - - -
83cf07dc by Markus Koschany at 2025-12-26T11:12:28+01:00
CVE-2025-68617,fluidsynth: bullseye is not affected

Native DLS support was added later. fluid_dls.cpp, the native DLS parser, was
only added recently in 2025.

- - - - -
62b966a3 by Markus Koschany at 2025-12-26T11:12:44+01:00
CVE-2025-65955,CVE-2025-66628,CVE-2025-68469,imagemagick: postponed

Mark bullseye as postponed. Minor issues.

- - - - -
bd722536 by Markus Koschany at 2025-12-26T11:12:45+01:00
CVE-2025-68615,net-snmp: link to upstream issue

I requested more information about fixing commits for CVE-2025-68615.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1879,6 +1879,7 @@ CVE-2025-68664 (LangChain is a framework for building agents and LLM-powered app
 	NOT-FOR-US: LangChain
 CVE-2025-68617 (FluidSynth is a software synthesizer based on the SoundFont 2 specific ...)
 	- fluidsynth 2.5.2+dfsg-1 (bug #1123964)
+	[bullseye] - fluidsynth <not-affected> (Native DLS support was added later)
 	NOTE: https://github.com/FluidSynth/fluidsynth/security/advisories/GHSA-ffw2-xvvp-39ch
 	NOTE: https://github.com/FluidSynth/fluidsynth/issues/1717
 	NOTE: https://github.com/FluidSynth/fluidsynth/issues/1728
@@ -2378,6 +2379,7 @@ CVE-2021-47713 (Hasura GraphQL 1.3.3 contains a denial of service vulnerability
 CVE-2025-68615 (net-snmp is a SNMP application library, tools and daemon. Prior to ver ...)
 	- net-snmp <unfixed> (bug #1123861)
 	NOTE: https://github.com/net-snmp/net-snmp/security/advisories/GHSA-4389-rwqf-q9gq
+	NOTE: https://github.com/net-snmp/net-snmp/issues/1037
 CVE-2025-8460 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	NOT-FOR-US: Centreon
 CVE-2025-68645 (A Local File Inclusion (LFI) vulnerability exists in the Webmail Class ...)
@@ -2945,6 +2947,7 @@ CVE-2025-59529 (Avahi is a system which facilitates service discovery on a local
 	- avahi <unfixed> (bug #1123671)
 	[trixie] - avahi <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - avahi <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - avahi <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/avahi/avahi/security/advisories/GHSA-73wf-3xmj-x82q
 	NOTE: https://github.com/avahi/avahi/pull/808
 CVE-2025-53710 (Due to a product misconfiguration in certain deployment types, it was  ...)
@@ -3035,6 +3038,7 @@ CVE-2025-7047 (Missing Authorization vulnerability in Utarit Informatics Service
 CVE-2025-68469 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:6.9.12.98+dfsg1-2
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
+	[bullseye] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fff3-4rp7-px97
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ac1f7ca1d88e14d30e5ae9bd30aad150bdbec20e (7.1.1-13)
@@ -7044,6 +7048,7 @@ CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or con
 	- imagemagick <unfixed> (bug #1122584)
 	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
+	[bullseye] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bdae0681ad1e572defe62df85834218f01e6d670 (7.1.2-10)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7779f1ff772dfabe545c67fb2f3bfa8f7a845a2d (6.9.13-35)
@@ -11463,6 +11468,7 @@ CVE-2025-65955 (ImageMagick is free and open-source software used for editing an
 	- imagemagick <unfixed> (bug #1122827)
 	[trixie] - imagemagick <no-dsa> (Minor issue)
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
+	[bullseye] - imagemagick <postponed> (Minor issue)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
 	NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 (7.0.1-0)
 	NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/389ba19fa12920416a02f05abf11e40f3d44b4da (6.9.4-0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f25e27687cf2323cdd6c489a51ada58cab83939d...bd722536f40e49c383d884f7cdefd6fb6e3d6430

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f25e27687cf2323cdd6c489a51ada58cab83939d...bd722536f40e49c383d884f7cdefd6fb6e3d6430
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251226/824dc7e0/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list