[Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 5 20:12:52 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7fb7b29d by Moritz Muehlenhoff at 2025-06-05T21:12:35+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19189,6 +19189,7 @@ CVE-2025-3161 (A vulnerability was found in Tenda AC10 16.03.10.13 and classifie
NOT-FOR-US: Tenda
CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
- assimp <unfixed> (bug #1102206)
+ [trixie] - assimp <no-dsa> (Minor issue)
[bookworm] - assimp <no-dsa> (Minor issue)
[bullseye] - assimp <postponed> (Minor issue, DoS)
NOTE: https://github.com/assimp/assimp/issues/6025
@@ -19204,7 +19205,8 @@ CVE-2025-3159 (A vulnerability, which was classified as critical, was found in O
NOTE: Fixed by: https://github.com/assimp/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b
CVE-2025-3158 (A vulnerability, which was classified as critical, has been found in O ...)
- assimp <unfixed> (bug #1102204)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue, OOB read)
NOTE: https://github.com/assimp/assimp/issues/6023
CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has ...)
@@ -20879,14 +20881,16 @@ CVE-2025-3017 (A vulnerability, which was classified as critical, has been found
NOT-FOR-US: TA-Lib
CVE-2025-3016 (A vulnerability classified as problematic was found in Open Asset Impo ...)
- assimp <unfixed> (bug #1102235)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue, OOM DoS)
NOTE: https://github.com/assimp/assimp/issues/6022
NOTE: https://github.com/assimp/assimp/pull/6046
NOTE: https://github.com/assimp/assimp/commit/5d2a7482312db2e866439a8c05a07ce1e718bed1
CVE-2025-3015 (A vulnerability classified as critical has been found in Open Asset Im ...)
- assimp <unfixed> (bug #1102234)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue, OOB read)
NOTE: https://github.com/assimp/assimp/issues/6021
NOTE: https://github.com/assimp/assimp/pull/6045
@@ -23799,27 +23803,32 @@ CVE-2025-30091 (In Tiny MoxieManager PHP before 4.0.0, remote code execution can
NOT-FOR-US: Tiny MoxieManager PHP
CVE-2025-2757 (A vulnerability classified as critical was found in Open Asset Import ...)
- assimp <unfixed> (bug #1102228)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6019
CVE-2025-2756 (A vulnerability classified as critical has been found in Open Asset Im ...)
- assimp <unfixed> (bug #1102227)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6018
CVE-2025-2755 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
- assimp <unfixed> (bug #1102226)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6017
CVE-2025-2754 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
- assimp <unfixed> (bug #1102225)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6015
CVE-2025-2753 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
- assimp <unfixed> (bug #1102224)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6014
CVE-2025-2635 (The Digital License Manager plugin for WordPress is vulnerable to Refl ...)
@@ -23886,17 +23895,20 @@ CVE-2024-10037 (A vulnerability exists in the RTU500 web server component that c
NOT-FOR-US: Hitachi Energy
CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3 an ...)
- assimp <unfixed> (bug #1101494)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6013
CVE-2025-2751 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
- assimp <unfixed> (bug #1101495)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6012
CVE-2025-2750 (A vulnerability, which was classified as critical, was found in Open A ...)
- assimp <unfixed> (bug #1101496)
- [bookworm] - assimp <no-dsa> (Minor issue)
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6011
CVE-2025-2744 (A vulnerability, which was classified as critical, was found in zhijia ...)
@@ -150285,18 +150297,21 @@ CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection vulnerabil
NOT-FOR-US: SEMCMS
CVE-2023-47997 (An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...)
- freeimage <unfixed> (bug #1060691)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2023-47997.patch
CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...)
- freeimage <unfixed> (bug #1060691)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream)
NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
CVE-2023-47995 (Memory Allocation with Excessive Size Value discovered in BitmapAccess ...)
- freeimage <unfixed> (bug #1060862)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47995
@@ -150304,6 +150319,7 @@ CVE-2023-47995 (Memory Allocation with Excessive Size Value discovered in Bitmap
NOTE: https://sourceforge.net/p/freeimage/bugs/360/
CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 function in Plu ...)
- freeimage <unfixed> (bug #1060691)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream)
@@ -150311,6 +150327,7 @@ CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 function
NOTE: https://sourceforge.net/p/freeimage/bugs/359/
CVE-2023-47993 (A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in Fre ...)
- freeimage <unfixed> (bug #1060691)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream)
@@ -150318,6 +150335,7 @@ CVE-2023-47993 (A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32
NOTE: https://sourceforge.net/p/freeimage/bugs/358/
CVE-2023-47992 (An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc ...)
- freeimage <unfixed> (bug #1060691)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
[bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <postponed> (Revisit when fixed upstream)
[buster] - freeimage <postponed> (Revisit when fixed upstream)
@@ -334594,6 +334612,7 @@ CVE-2021-33368
RESERVED
CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to ...)
- freeimage <unfixed> (bug #1032666)
+ [trixie] - freeimage <no-dsa> (Minor issue)
[bookworm] - freeimage <no-dsa> (Minor issue)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <postponed> (Fix together with some other upload, low severity, DoS in user interactive software)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fb7b29d402cffe7f1f57e225bca0e220dd76349
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7fb7b29d402cffe7f1f57e225bca0e220dd76349
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250605/0384c254/attachment.htm>
More information about the debian-security-tracker-commits
mailing list