[Git][security-tracker-team/security-tracker][master] Update status for screen issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 12 19:23:00 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
133036cc by Salvatore Bonaccorso at 2025-05-12T20:22:39+02:00
Update status for screen issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,25 @@
 CVE-2025-46805
-	- screen <unfixed>
+	- screen <unfixed> (unimportant)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
+	NOTE: screen in Debian not installed setuid or setgid
 CVE-2025-46804
-	- screen <unfixed>
+	- screen <unfixed> (unimportant)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
+	NOTE: screen in Debian not installed setuid or setgid
 CVE-2025-46803
 	- screen <not-affected> (Vulnerable code only introduced in Scren v5 branch)
 	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=78a961188f7da528c7cefcc63e07f35f04e69a93 (v.5.0.0)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=d5d7bf43f3842e8b62d5f34eb4b031de7c8098c1
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 CVE-2025-46802
-	- screen <unfixed>
-	[bookworm] - screen <no-dsa> (Minor issue when Screen no installed setuid-root)
+	- screen <unfixed> (unimportant)
 	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 	NOTE: Has potential to break some reattach use cases, but the specific use case
 	NOTE: was broken already before.
+	NOTE: screen in Debian not installed setuid or setgid
 CVE-2025-23395
 	- screen <not-affected> (Vulnerable code only introduced in Scren v5 branch)
 	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc (v.5.0.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133036cc614ad57aadf3fead3292e0e69bf41be2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133036cc614ad57aadf3fead3292e0e69bf41be2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250512/3f8be756/attachment.htm>

More information about the debian-security-tracker-commits mailing list