[Git][security-tracker-team/security-tracker][master] Reserve DLA-4424-1 for openjpeg2
Bastien Roucariès (@rouca)
rouca at debian.org
Mon Dec 29 14:52:31 GMT 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
658e3e55 by Bastien Roucariès at 2025-12-29T15:52:13+01:00
Reserve DLA-4424-1 for openjpeg2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -50895,7 +50895,6 @@ CVE-2025-51533 (An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_
CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference ...)
- openjpeg2 2.5.3-1
[bookworm] - openjpeg2 2.5.0-2+deb12u2
- [bullseye] - openjpeg2 <postponed> (Minor issue)
NOTE: https://github.com/uclouvain/openjpeg/issues/1505
NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 (v2.5.1)
CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Dec 2025] DLA-4424-1 openjpeg2 - security update
+ {CVE-2025-50952}
+ [bullseye] - openjpeg2 2.4.0-3+deb11u2
[28 Dec 2025] DLA-4423-1 kodi - security update
{CVE-2023-23082 CVE-2023-30207}
[bullseye] - kodi 2:19.1+dfsg2-2+deb11u2
=====================================
data/dla-needed.txt
=====================================
@@ -312,11 +312,6 @@ opencryptoki
NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in all dists (Beuc/front-desk)
--
-openjpeg2 (rouca)
- NOTE: 20251206: Added by Front-Desk (rouca)
- NOTE: 20251206: Avoid regression from buster: CVE-2025-50952 (rouca/front-desk)
- NOTE: 20251206: Fix postponed CVE and do dsa/PU work if needed (rouca/front-desk)
---
osslsigncode (abhijith)
NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658e3e55ec31094b0bc5206fae20f6bbecb3317b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658e3e55ec31094b0bc5206fae20f6bbecb3317b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251229/74404e09/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list