[Git][security-tracker-team/security-tracker][master] trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f501641f by Moritz Muehlenhoff at 2025-05-26T19:38:26+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67876,7 +67876,8 @@ CVE-2024-10011 (The BuddyPress plugin for WordPress is vulnerable to Directory T
 	NOT-FOR-US: WordPress plugin
 CVE-2024-48426 (A segmentation fault (SEGV) was detected in the SortByPTypeProcess::Ex ...)
 	- assimp <unfixed> (bug #1086043)
-	[bookworm] - assimp <no-dsa> (Minor issue)
+	[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/assimp/assimp/issues/5789
 CVE-2024-48425 (A segmentation fault (SEGV) was detected in the Assimp::SplitLargeMesh ...)
@@ -67888,11 +67889,13 @@ CVE-2024-48425 (A segmentation fault (SEGV) was detected in the Assimp::SplitLar
 	NOTE: https://github.com/assimp/assimp/pull/5799
 CVE-2024-48424 (A heap-buffer-overflow vulnerability has been identified in the OpenDD ...)
 	- assimp <unfixed> (bug #1086045)
+	[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/assimp/assimp/issues/5787
 CVE-2024-48423 (An issue in assimp v.5.4.3 allows a local attacker to execute arbitrar ...)
 	- assimp <unfixed> (bug #1086046)
+	[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/assimp/assimp/issues/5788
@@ -75850,6 +75853,7 @@ CVE-2024-47003 (Mattermost versions 9.11.x <= 9.11.0 and 9.5.x <= 9.5.8 fail to
 	- mattermost-server <itp> (bug #823556)
 CVE-2024-46632 (Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::Lo ...)
 	- assimp <unfixed> (bug #1082857)
+	[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - assimp <postponed> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/5771
@@ -245063,7 +245067,8 @@ CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer o
 	NOTE: https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72
 CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...)
 	- assimp <unfixed> (bug #1021018)
-	[bookworm] - assimp <no-dsa> (Minor issue)
+	[trixie] - assimp <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - assimp <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - assimp <no-dsa> (Minor issue)
 	[buster] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/4662
@@ -399135,6 +399140,7 @@ CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in Po
 	NOTE: Negligible security impact
 CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...)
 	- libpodofo <unfixed> (bug #1014858)
+	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)
@@ -471449,6 +471455,7 @@ CVE-2019-12215 (A full path disclosure vulnerability was discovered in Matomo v3
 	NOTE: https://github.com/matomo-org/matomo/issues/14464
 CVE-2019-12214 (In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...)
 	- freeimage <unfixed> (bug #947478)
+	[trixie] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[bookworm] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[bullseye] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -471467,6 +471474,7 @@ CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDir
 	NOTE: https://sourceforge.net/p/freeimage/svn/1825/
 CVE-2019-12212 (When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize  ...)
 	- freeimage <unfixed> (bug #947477)
+	[trixie] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[bookworm] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[bullseye] - freeimage <postponed> (Revisit when upstream fixes are available)
 	[buster] - freeimage <postponed> (Revisit when upstream fixes are available)
@@ -536994,6 +537002,7 @@ CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a direc
 	NOT-FOR-US: Apache Ambari
 CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfPar ...)
 	- libpodofo <unfixed> (low; bug #892557)
+	[trixie] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libpodofo <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libpodofo <no-dsa> (Minor issue)
 	[buster] - libpodofo <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f501641ff59214f6e21d89def0dee2d53277eb82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f501641ff59214f6e21d89def0dee2d53277eb82
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250526/e5db982e/attachment-0001.htm>