[Git][security-tracker-team/security-tracker][master] Add CVE-2025-47256/libxmp
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 6 21:28:31 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7799bc48 by Salvatore Bonaccorso at 2025-05-06T22:28:09+02:00
Add CVE-2025-47256/libxmp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57,7 +57,10 @@ CVE-2025-4041 (In Optigo Networks ONS NC600 versions 4.2.1-084 through 4.7.2-330
CVE-2025-47417 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Crestron Automate VX
CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha i ...)
- TODO: check
+ - libxmp <unfixed>
+ NOTE: https://github.com/libxmp/libxmp/issues/847
+ NOTE: https://github.com/libxmp/libxmp/pull/848
+ NOTE: Fixed by: https://github.com/libxmp/libxmp/commit/004a102c5a75ad809fc309ff73ce8d0f9ab3e456
CVE-2025-46820 (phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom pr ...)
TODO: check
CVE-2025-46816 (goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7799bc48638877c2e259eb170d9176e30dd3ad61
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7799bc48638877c2e259eb170d9176e30dd3ad61
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250506/f91dd882/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list