[Git][security-tracker-team/security-tracker][master] bookworm triage

Thu Feb 27 21:28:20 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e1d0d2b by Moritz Muehlenhoff at 2025-02-27T22:28:08+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4892,8 +4892,9 @@ CVE-2025-23020 (An issue was discovered in Kwik before 0.10.1. A hash collision
 CVE-2025-21355 (Missing Authentication for Critical Function in Microsoft Bing allows  ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 ...)
-	- wireshark 4.4.4-1
+	- wireshark 4.4.4-1  (unimportant)
 	[bullseye] - wireshark <not-affected> (Vulnerable dissector not present)
+	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-01.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
 	NOTE: CBOR Object Signing and Encryption (COSE) dissector introduced in 3.6.0rc0
@@ -5132,8 +5133,8 @@ CVE-2025-25468 (FFmpeg git-master before commit d5873b was discovered to contain
 	NOTE: https://trac.ffmpeg.org/ticket/11415
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd
 CVE-2025-25467 (Insufficient tracking and releasing of allocated used memory in libx26 ...)
-	- x264 <unfixed>
-	[bullseye] - x264 <postponed> (Reevaluate once issue fixed upstream)
+	- x264 <unfixed> (unimportant)
+	NOTE: Negligible security impact, usually only used for short-lived processes
 	NOTE: https://code.videolan.org/videolan/x264/-/issues/75
 CVE-2025-25054 (Movable Type contains a reflected cross-site scripting vulnerability i ...)
 	- movabletype-opensource <removed>
@@ -5141,6 +5142,7 @@ CVE-2025-24841 (Movable Type contains a stored cross-site scripting vulnerabilit
 	- movabletype-opensource <removed>
 CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a seg ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://trac.ffmpeg.org/ticket/11393
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57q
 CVE-2025-22920 (A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c a ...)
@@ -22853,6 +22855,7 @@ CVE-2024-53144 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/b25e11f978b63cb7857890edb3a698599cddb10e (6.12-rc2)
 CVE-2025-1713 [deadlock potential with VT-d and legacy PCI device pass-through]
 	- xen <unfixed>
+	[bookworm] - xen <postponed> (Minor issue, can be fixed along with next update)
 	[bullseye] - xen <end-of-life> (EOLed in Bullseye)
 	NOTE: https://xenbits.xen.org/xsa/advisory-467.html
 CVE-2024-53241 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
@@ -218187,6 +218190,7 @@ CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable t
 	NOT-FOR-US: SmartRG
 CVE-2022-37660 (In hostapd 2.10 and earlier, the PKEX code remains active even after a ...)
 	- wpa <unfixed>
+	[bookworm] - wpa <no-dsa> (Minor issue)
 	NOTE: https://link.springer.com/article/10.1007/s10207-025-00988-3
 	NOTE: Fixed by: https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4 (hostap_2_11)
 CVE-2022-37659



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e1d0d2bfd3d4cfe1755fdbc6bac72116389e8d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e1d0d2bfd3d4cfe1755fdbc6bac72116389e8d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250227/9463552c/attachment.htm>
