[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2025-25473 as not-affected for Bullseye

Fri Feb 28 18:19:24 GMT 2025


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2fbe6cf6 by Thorsten Alteholz at 2025-02-28T18:57:05+01:00
mark CVE-2025-25473 as not-affected for Bullseye

- - - - -
2f69d1c3 by Thorsten Alteholz at 2025-02-28T19:14:51+01:00
mark CVE-2024-36615 as postponed for Bullseye

- - - - -
93e7a40c by Thorsten Alteholz at 2025-02-28T19:18:56+01:00
mark CVE-2025-1594 as postponed for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4460,6 +4460,7 @@ CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information Technol
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in FFmpeg ...)
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
+	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
 	NOTE: https://trac.ffmpeg.org/ticket/11418
 CVE-2025-1412 (Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalid ...)
@@ -5213,6 +5214,7 @@ CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow vi
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain a NUL ...)
 	- ffmpeg <unfixed>
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
+	[bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later; ff_flush_packet_queue() is always called)
 	NOTE: https://trac.ffmpeg.org/ticket/11419
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to  ...)
@@ -27931,6 +27933,7 @@ CVE-2024-36616 (An integer overflow in the component /libavformat/westwood_vqa.c
 CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. Thi ...)
 	- ffmpeg 7:7.1-3
 	[bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+	[bullseye] - ffmpeg <postponed> (Minor issue, hard to backport)
 	NOTE: https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61 (n7.1)
 CVE-2024-36612 (Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the hand ...)
 	- zulip-server <itp> (bug #800052)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4799f1f052b51551174b2a13d9e84588c3422d47...93e7a40c92ebf08eef88c140057f1618f1143e43

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4799f1f052b51551174b2a13d9e84588c3422d47...93e7a40c92ebf08eef88c140057f1618f1143e43
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250228/d2bb1ec2/attachment.htm>
