[Git][security-tracker-team/security-tracker][master] 3 commits: two gnuplot issues fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jul 16 07:58:19 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3698b66d by Moritz Muehlenhoff at 2025-07-16T08:56:47+02:00
two gnuplot issues fixed in sid

- - - - -
c69ab565 by Moritz Muehlenhoff at 2025-07-16T08:56:49+02:00
more gnuplot fixes

- - - - -
009d2d50 by Moritz Muehlenhoff at 2025-07-16T08:56:51+02:00
gnuplot commit references

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31107,6 +31107,8 @@ CVE-2025-3360 (A flaw was found in GLib. An integer overflow and buffer under-re
 CVE-2025-3359 (A flaw was found in GNUPlot. A segmentation fault via IO_str_init_stat ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2357749
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2781/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-3353 (A vulnerability was found in PHPGurukul Men Salon Management System 1. ...)
@@ -34692,6 +34694,8 @@ CVE-2025-21893 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-31177 (gnuplot is affected by a heap buffer overflow at function utf8_copy_on ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355342
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2756/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-3019 (KNIME Business Hub is affected by several cross-site scripting vulnera ...)
@@ -35272,26 +35276,36 @@ CVE-2024-56325 (Authentication Bypass Issue  If the path does not contain / and
 CVE-2025-31181 (A flaw was found in gnuplot. The X11_graphics() function may lead to a ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355338
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2753/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-31180 (A flaw was found in gnuplot. The CANVAS_text() function may lead to a  ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355339
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2755/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-31179 (A flaw was found in gnuplot. The xstrftime() function may lead to a se ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355340
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2779/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-31178 (A flaw was found in gnuplot. The GetAnnotateString() function may lead ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355341
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2754/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b78cc829a18e9436daaa859c96f3970157f3171e/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-31176 (A flaw was found in gnuplot. The plot3d_points() function may lead to  ...)
 	- gnuplot <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2355343
+	NOTE: https://sourceforge.net/p/gnuplot/bugs/2776/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2025-31141 (In JetBrains TeamCity before 2025.03 exception could lead to credentia ...)
@@ -400049,8 +400063,9 @@ CVE-2020-25561 (SapphireIMS 5 utilized default sapphire:ims credentials to conne
 CVE-2020-25560 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in  ...)
 	NOT-FOR-US: SapphireIMS
 CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...)
-	- gnuplot <unfixed> (unimportant)
+	- gnuplot 6.0.0+dfsg1-1 (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/052cbd17c3cbbc602ee080b2617d32a8417d7563/ (5.5)
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2020-25558
@@ -400355,8 +400370,9 @@ CVE-2020-25414 (A local file inclusion vulnerability was discovered in the captc
 CVE-2020-25413
 	RESERVED
 CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...)
-	- gnuplot <unfixed> (unimportant)
+	- gnuplot 6.0.0+dfsg1-1 (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a31c3b70d8d4f887f906afe35accbc9a59ebcd37 (5.5)
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to
 	NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6).
 CVE-2020-25411 (Projectworlds Online Examination System 1.0 is vulnerable to CSRF, whi ...)
@@ -521417,27 +521433,27 @@ CVE-2018-19493 (An issue was discovered in GitLab Community and Enterprise Editi
 	NOTE: https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
 CVE-2018-19492 (An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allo ...)
 	{DLA-1597-1 DLA-1595-1}
-	- gnuplot <unfixed> (unimportant)
+	- gnuplot 5.4.0+dfsg1-1 (unimportant)
 	- gnuplot5 <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2089/
-	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ (5.4.rc1)
 	NOTE: No security impact, neutralised by toolchain hardening
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
 	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19491 (An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allow ...)
 	{DLA-1597-1 DLA-1595-1}
-	- gnuplot <unfixed> (unimportant)
+	- gnuplot 5.4.0+dfsg1-1 (unimportant)
 	- gnuplot5 <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2094/
-	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ (5.4.rc1)
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
 	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19490 (An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue all ...)
 	{DLA-1597-1 DLA-1595-1}
-	- gnuplot <unfixed> (unimportant)
+	- gnuplot 5.4.0+dfsg1-1 (unimportant)
 	- gnuplot5 <removed> (unimportant)
 	NOTE: https://sourceforge.net/p/gnuplot/bugs/2093/
-	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/
+	NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/d5020716834582b20a5e12cdd49f39ee4f9dd949/ (5.4.rc1)
 	NOTE: No security impact, gnuplot can execute arbitrary commands and need to come from a trusted source,
 	NOTE: see README.Debian.security (added in 5.2.6)
 CVE-2018-19489 (v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a de ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ef69a6894ba09842c05a13b18d83b55843f848...009d2d506749fa4d4da3df50ee232b5f180f7ef8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/58ef69a6894ba09842c05a13b18d83b55843f848...009d2d506749fa4d4da3df50ee232b5f180f7ef8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250716/2a646f3d/attachment.htm>

More information about the debian-security-tracker-commits mailing list