[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-53644

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jul 18 14:13:09 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ce48a2a by Salvatore Bonaccorso at 2025-07-18T15:11:35+02:00
Update status for CVE-2025-53644

Since 3.1.0+dfsg1-1~exp1 the embbeded code copy of openjpeg2 is exclude
completely from source via Files-Excluded listing. Mark this version as
fixed version. Any CVE affecting openjpeg2 is handled separately and
this CVE was specific for OpenCV affected by the issue in the embedeed
copy.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -217,10 +217,12 @@ CVE-2023-47356 (Mingyu Security Gateway before v3.0-5.3p was discovered to conta
 CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download vulnerabili ...)
 	TODO: check
 CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions prior to 4. ...)
-	- opencv <unfixed>
+	- opencv 3.2.0+dfsg-1
 	NOTE: https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
 	NOTE: https://github.com/opencv/opencv/issues/27271
 	NOTE: Fixed by: https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466 (4.12.0)
+	NOTE: Since opencv/3.1.0+dfsg1-1~exp1 the embedded openjpeg2 copy is ecluded
+	NOTE: completely via Files-Excluded.
 CVE-2024-6234
 	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce48a2ae4e99a68571a8e62504983597086d94d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce48a2ae4e99a68571a8e62504983597086d94d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250718/e404d225/attachment.htm>

More information about the debian-security-tracker-commits mailing list