[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2025-20260 in clamav for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Fri Jun 20 19:04:29 BST 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8ff69c45 by Chris Lamb at 2025-06-20T11:02:11-07:00
Triage CVE-2025-20260 in clamav for bullseye LTS.
- - - - -
c49de1d1 by Chris Lamb at 2025-06-20T11:02:37-07:00
Triage CVE-2025-4565 in protobuf for bullseye LTS.
- - - - -
f57a6ece by Chris Lamb at 2025-06-20T11:03:04-07:00
Triage CVE-2025-48945 in pycares for bullseye LTS.
- - - - -
4e00793f by Chris Lamb at 2025-06-20T11:03:46-07:00
Triage CVE-2025-20234 in clamav for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -265,10 +265,12 @@ CVE-2025-20271 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Mera
CVE-2025-20260 (A vulnerability in the PDF scanning processes of ClamAV could allow an ...)
- clamav <unfixed> (bug #1108046)
[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
+ [bullseye] - clamav <postponed> (Minor issue; can be fixed in next update)
NOTE: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
CVE-2025-20234 (A vulnerability in Universal Disk Format (UDF) processing of ClamAV co ...)
- clamav <unfixed> (bug #1108045)
[bookworm] - clamav <not-affected> (Vulnerable code introduced in 1.2.0)
+ [bullseye] - clamav <not-affected> (Vulnerable code not present; introduced in 1.2.0)
NOTE: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
CVE-2025-1349 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
NOT-FOR-US: IBM
@@ -1763,6 +1765,7 @@ CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marke
CVE-2025-48945
- pycares <unfixed>
[bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
+ [bullseye] - pycares <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
NOTE: Fixed by: https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4 (v4.9.0)
CVE-2025-6199 (A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW decoder. Wh ...)
@@ -2299,6 +2302,7 @@ CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse untrusted P ...)
- protobuf <unfixed> (bug #1108057)
[bookworm] - protobuf <no-dsa> (Minor issue)
+ [bullseye] - protobuf <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
- tomcat11 <unfixed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab58bff91572b6dbb13d822019ac38ed86c51a4d...4e00793f62f687bc1634f6470db90f3787618df8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab58bff91572b6dbb13d822019ac38ed86c51a4d...4e00793f62f687bc1634f6470db90f3787618df8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250620/8a3363c9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list