[Git][security-tracker-team/security-tracker][master] Add new batch of weechat issues WSA-2025-{1..7}

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7219fd8b by Salvatore Bonaccorso at 2025-05-16T14:09:07+02:00
Add new batch of weechat issues WSA-2025-{1..7}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,36 @@
+CVE-2025-XXXX [Buffer overflow in range of chars in evaluated expressions]
+	- weechat <unfixed> (bug #1104554)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-7/
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/3db2f71112ea85fa88b57f2c91be66a91ad7c078 (v4.6.3)
+CVE-2025-XXXX [Buffer overflow in base 32 encoding in evaluated expressions]
+	- weechat <unfixed> (bug #1104554)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-6/
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/09917a807bcd71adf25e51f24200e7b7a5b8ff6f (v4.6.3)
+CVE-2025-XXXX [Buffer overflow in syntax highlighting of evaluated expressions]
+	- weechat <unfixed> (bug #1104554)
+	[bookworm] - weechat <not-affected> (Vulnerable code not present)
+	[bullseye] - weechat <not-affected> (Vulnerable code not present)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-5/
+	NOTE: Introduced with: https://github.com/weechat/weechat/commit/87f74e9f9544a7e3b7e4ffd0acc40841b8eb79e8 (v4.2.0)
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/334f88ae2c5f221e63b163a3c3ad4c98e437be35 (v4.6.3)
+
+CVE-2025-XXXX [Buffer overflow in parsing of date/time]
+	- weechat <unfixed> (bug #1104554)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-4/
+	NOTE: Introduced with: https://github.com/weechat/weechat/commit/f6ba789c3d33bdc1bcc6c00e9660ffbd9f2ba514 (v4.2.0)
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/2e146456913b6bc21b65dc89c69bce17b83e6264 (v4.6.3)
+CVE-2025-XXXX [Integer overflow in conversion of version to an integer]
+	- weechat <unfixed> (bug #1104554)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-3/
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/5839df90e7d4f5680186c2d2993d5701115d8c78 (v4.6.3)
+CVE-2025-XXXX [Integer overflow in base32 decode/encode functions]
+	- weechat <unfixed> (bug #1104554)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-2/
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/60824530026d2461220fa7c7c99c0278665e2150 (v4.6.3)
+CVE-2025-XXXX [Integer overflow with decimal numbers in calculation of expression]
+	- weechat <unfixed> (bug #1104554)
+	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-1/
+	NOTE: Fixed by: https://github.com/weechat/weechat/commit/d0568dce79c350a4c11609c66587bc3e4cc00eba (v4.6.3)
 CVE-2025-4759 (Versions of the package lockfile-lint-api before 5.9.2 are vulnerable  ...)
 	NOT-FOR-US: Node lockfile-lint
 CVE-2025-4757 (A vulnerability was found in PHPGurukul Beauty Parlour Management Syst ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7219fd8ba352babeead89781b95c0c43c342dcf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7219fd8ba352babeead89781b95c0c43c342dcf4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/a57b2db7/attachment.htm>