[Git][security-tracker-team/security-tracker][master] Update notes for CVE-2025-4598/systemd

[Luca Boccassi (@bluca)]

Luca Boccassi pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90114f74 by Luca Boccassi at 2025-05-29T21:02:23+01:00
Update notes for CVE-2025-4598/systemd

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28,16 +28,19 @@ CVE-2025-37993 [can: m_can: m_can_class_allocate_dev(): initialize spin lock on
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/dcaeeb8ae84c5506ebc574732838264f3887738c (6.15-rc6)
 CVE-2025-4598
-	- systemd <unfixed> (bug #1106785)
+	- systemd 257.6-1 (bug #1106785)
+	[bookworm] - systemd 252.38-1~deb12u1
 	NOTE: https://www.qualys.com/2025/05/29/apport-coredump/apport-coredump.txt
-	NOTE: https://github.com/systemd/systemd/commit/49f1f2d4a7612bbed5211a73d11d6a94fbe3bb69
-	NOTE: https://github.com/systemd/systemd/commit/0c49e0049b7665bb7769a13ef346fef92e1ad4d6
-	NOTE: https://github.com/systemd/systemd/commit/8fc7b2a211eb13ef1a94250b28e1c79cab8bdcb9
-	NOTE: https://github.com/systemd/systemd/commit/13902e025321242b1d95c6d8b4e482b37f58cdef
-	NOTE: https://github.com/systemd/systemd/commit/868d95577ec9f862580ad365726515459be582fc
-	NOTE: https://github.com/systemd/systemd/commit/e6a8687b939ab21854f12f59a3cce703e32768cf
-	NOTE: https://github.com/systemd/systemd/commit/76e0ab49c47965877c19772a2b3bf55f6417ca39
-	NOTE: https://github.com/systemd/systemd/commit/9ce8e3e449def92c75ada41b7d10c5bc3946be77
+	NOTE: For a comprehensive fix a kernel change is required too: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5325b2a270fcaf7b2a9a0f23d422ca8a5a8bdea
+	NOTE: Fixed by https://github.com/systemd/systemd/commit/0c49e0049b7665bb7769a13ef346fef92e1ad4d6 (v258)
+	NOTE: Fixed by https://github.com/systemd/systemd/commit/868d95577ec9f862580ad365726515459be582fc (v258)
+	NOTE: Fixed by https://github.com/systemd/systemd/commit/c58a8a6ec9817275bb4babaa2c08e0e35090d4e3 (v257.6)
+	NOTE: Fixed by https://github.com/systemd/systemd/commit/61556694affa290c0a16d48717b3892b85622d96 (v257.6)
+	NOTE: Fixed by https://github.com/systemd/systemd/commit/19d439189ab85dd7222bdd59fd442bbcc8ea99a7 (v256.16)
+	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/254ab8d2a7866679cee006d844d078774cbac3c9 (v255.21)
+	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/7fc7aa5a4d28d7768dfd1eb85be385c3ea949168 (v254.26)
+	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/19b228662e0fcc6596c0395a0af8486a4b3f1627 (v253.33)
+	NOTE: Fixed by https://github.com/systemd/systemd-stable/commit/2eb46dce078334805c547cbcf5e6462cf9d2f9f0 (v252.38)
 CVE-2025-5054
 	NOT-FOR-US: Apport
 CVE-2025-27464



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90114f74afaddefff87bb39a7d9816134a06bc47

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90114f74afaddefff87bb39a7d9816134a06bc47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250529/b0a41d93/attachment.htm>