[Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jun 1 15:54:55 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6381e258 by Moritz Muehlenhoff at 2025-06-01T16:54:32+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11699,7 +11699,8 @@ CVE-2024-12244 (An issue has been discovered in access controls could allow user
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenames hid ...)
- busybox <unfixed> (bug #1104008)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [trixie] - busybox <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=16018
NOTE: https://www.openwall.com/lists/oss-security/2025/04/23/1
NOTE: Proposed patch: https://lists.busybox.net/pipermail/busybox/2025-April/091461.html
@@ -11832,7 +11833,8 @@ CVE-2025-1045 (Luxion KeyShot Viewer KSP File Parsing Heap-based Buffer Overflow
NOT-FOR-US: Luxion
CVE-2024-58251 (In netstat in BusyBox through 1.37.0, local users can launch of networ ...)
- busybox <unfixed> (bug #1104009)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [trixie] - busybox <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15922
CVE-2024-47829 (pnpm is a package manager. Prior to version 10.0.0, the path shortenin ...)
NOT-FOR-US: pnpm
@@ -23485,14 +23487,16 @@ CVE-2025-2593 (A vulnerability has been found in FastCMS up to 0.1.5 and classif
NOT-FOR-US: FastCMS
CVE-2025-2592 (A vulnerability, which was classified as critical, has been found in O ...)
- assimp <unfixed> (bug #1102222)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6010
NOTE: https://github.com/assimp/assimp/pull/6052
NOTE: Fixed by: https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743
CVE-2025-2591 (A vulnerability classified as problematic was found in Open Asset Impo ...)
- assimp <unfixed> (bug #1102221)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6009
NOTE: https://github.com/assimp/assimp/pull/6047
@@ -26833,12 +26837,14 @@ CVE-2025-2153 (A vulnerability, which was classified as critical, was found in H
NOTE: https://github.com/HDFGroup/hdf5/issues/5329
CVE-2025-2152 (A vulnerability, which was classified as critical, has been found in O ...)
- assimp <unfixed> (bug #1100438)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6027
CVE-2025-2151 (A vulnerability classified as critical was found in Open Asset Import ...)
- assimp <unfixed> (bug #1100439)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6016
NOTE: https://github.com/assimp/assimp/issues/6026
@@ -59994,6 +60000,7 @@ CVE-2024-53426 (A heap-buffer-overflow vulnerability has been identified in ntop
NOTE: https://github.com/ntop/ntopng/issues/8793
CVE-2024-53425 (A heap-buffer-overflow vulnerability was discovered in the SkipSpacesA ...)
- assimp <unfixed> (bug #1088187)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/assimp/assimp/issues/5860
@@ -69145,7 +69152,8 @@ CVE-2024-48426 (A segmentation fault (SEGV) was detected in the SortByPTypeProce
NOTE: https://github.com/assimp/assimp/issues/5789
CVE-2024-48425 (A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMesh ...)
- assimp <unfixed> (bug #1086044)
- [bookworm] - assimp <ignored> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - assimp <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/assimp/assimp/issues/5791
NOTE: https://github.com/assimp/assimp/commit/ecdf8d24b85367b22ba353b4f82299d4af7f1f97
@@ -172553,7 +172561,7 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Impr
NOTE: https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd (v2.7.2)
CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...)
- busybox <unfixed> (bug #1055307)
- [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <postponed> (Minor issue, revisit when fixed upstream)
[buster] - busybox <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
@@ -363730,14 +363738,10 @@ CVE-2020-36122
CVE-2020-36121
RESERVED
CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsix ...)
- - libsixel <unfixed> (bug #988159)
- [bookworm] - libsixel <ignored> (Minor issue, fix modifies the API)
- [bullseye] - libsixel <ignored> (Minor issue, fix modifies the API)
- [buster] - libsixel <no-dsa> (Minor issue)
- [stretch] - libsixel <postponed> (Minor issue; can be fixed in next update)
- NOTE: https://github.com/saitoha/libsixel/issues/143 (old/defunct repo)
+ NOTE: Non issue reported for libsixel
NOTE: https://github.com/libsixel/libsixel/issues/46
NOTE: https://github.com/libsixel/libsixel/pull/47
+ NOTE: https://github.com/saitoha/libsixel/issues/143#issuecomment-2666927546
CVE-2020-36119
RESERVED
CVE-2020-36118
@@ -388916,24 +388920,28 @@ CVE-2020-24296
RESERVED
CVE-2020-24295 (Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in Fre ...)
- freeimage <unfixed> (bug #1059152)
+ [trixie] - freeimage <postponed> (Revisit when patches are available)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24295.patch
CVE-2020-24294 (Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDP ...)
- freeimage <unfixed> (bug #1059152)
+ [trixie] - freeimage <postponed> (Revisit when patches are available)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
[buster] - freeimage <postponed> (Revisit when patches are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
CVE-2020-24293 (Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp i ...)
- freeimage <unfixed> (bug #1059152)
+ [trixie] - freeimage <postponed> (Revisit when patches are available)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24293.patch
CVE-2020-24292 (Buffer Overflow vulnerability in load function in PluginICO.cpp in Fre ...)
- freeimage <unfixed> (bug #1059152)
+ [trixie] - freeimage <postponed> (Revisit when patches are available)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
NOTE: https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
@@ -395254,6 +395262,7 @@ CVE-2020-21427 (Buffer Overflow vulnerability in function LoadPixelDataRLE8 in P
NOTE: Probably fixed with r1832 and r1836 from http://svn.code.sf.net/p/freeimage/svn/FreeImage/
CVE-2020-21426 (Buffer Overflow vulnerability in function C_IStream::read in PluginEXR ...)
- freeimage <unfixed> (bug #1051736)
+ [trixie] - freeimage <postponed> (Revisit when patches are available)
[bookworm] - freeimage <postponed> (Revisit when patches are available)
[bullseye] - freeimage <postponed> (Revisit when patches are available)
[buster] - freeimage <postponed> (Revisit from patches are available)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6381e258cc855497e823929a1bf1f3b612139446
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6381e258cc855497e823929a1bf1f3b612139446
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250601/ab5fd912/attachment.htm>
More information about the debian-security-tracker-commits
mailing list