[Git][security-tracker-team/security-tracker][master] 2 commits: add a note for espeak-ng

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat May 31 09:29:49 BST 2025 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6754ef0b by Thorsten Alteholz at 2025-05-31T10:28:46+02:00
add a note for espeak-ng

- - - - -
b0e5f081 by Thorsten Alteholz at 2025-05-31T10:29:32+02:00
Reserve DLA-4198-1 for espeak-ng

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -154754,35 +154754,30 @@ CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting (
 CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...)
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
-	[bullseye] - espeak-ng <no-dsa> (Minor issue)
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1823
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the ...)
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
-	[bullseye] - espeak-ng <no-dsa> (Minor issue)
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1826
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow v ...)
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
-	[bullseye] - espeak-ng <no-dsa> (Minor issue)
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1827
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow  ...)
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
-	[bullseye] - espeak-ng <no-dsa> (Minor issue)
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1825
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...)
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
-	[bullseye] - espeak-ng <no-dsa> (Minor issue)
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1824
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 May 2025] DLA-4198-1 espeak-ng - security update
+	{CVE-2023-49990 CVE-2023-49991 CVE-2023-49992 CVE-2023-49993 CVE-2023-49994}
+	[bullseye] - espeak-ng 1.50+dfsg-7+deb11u2
 [31 May 2025] DLA-4197-1 python-flask-cors - security update
 	{CVE-2024-1681 CVE-2024-6839 CVE-2024-6844 CVE-2024-6866}
 	[bullseye] - python-flask-cors 3.0.9-2+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -93,14 +93,6 @@ epiphany-browser
   NOTE: 20250429: Added by Front-Desk (lamby)
   NOTE: 20250429: Changes the UI to prompt when opening URLs in external applications. (lamby)
 --
-espeak-ng (Thorsten Alteholz)
-  NOTE: 20240816: Added by Front-Desk (Beuc)
-  NOTE: 20240816: Follow fixes from bookworm 12.5 (5 CVEs) (Beuc/front-desk)
-  NOTE: 20240929: Upstream patches not enough to fix issues in bullseye. (abhijith)
-  NOTE: 20240929: Can be still reproduced (abhijith)
-  NOTE: 20241014: Still looking at the incomplete fixes (abhijith)
-  NOTE: 20241104: haven't spend time to look in to it. Will look after fixing puma (abhijith)
---
 fastdds
   NOTE: 20250303: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a4233c8eeeb801c1eff425e1f226c8445cf36df...b0e5f08191fcac5f6b4b3cb8fc66d1ab8908f81c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a4233c8eeeb801c1eff425e1f226c8445cf36df...b0e5f08191fcac5f6b4b3cb8fc66d1ab8908f81c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/b6ccf7de/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list