[Git][security-tracker-team/security-tracker][master] Triage CVE-2025-59375/expat for bullseye.

Guilhem Moulin (@guilhem) guilhem at debian.org
Sat Nov 8 09:37:18 GMT 2025 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98293eec by Guilhem Moulin at 2025-11-08T10:32:20+01:00
Triage CVE-2025-59375/expat for bullseye.

And remove from dla-needed.txt.  Following Security Team triaging from
3d359c69864f2aa8785622891518dfbbf9707dc6 .

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -20693,6 +20693,7 @@ CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large
 	- expat 2.7.2-1 (bug #1115298)
 	[trixie] - expat <no-dsa> (Minor issue)
 	[bookworm] - expat <ignored> (Minor issue)
+	[bullseye] - expat <ignored> (Minor issue)
 	NOTE: https://github.com/libexpat/libexpat/issues/1018
 	NOTE: https://github.com/libexpat/libexpat/pull/1034
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0872c189db6e457084fca335662a9cb49e8ec4c7 (R_2_7_2)


=====================================
data/dla-needed.txt
=====================================
@@ -79,11 +79,6 @@ erlang
   NOTE: 20251016: https://salsa.debian.org/erlang-team/packages/erlang/-/merge_requests/3
   NOTE: 20251016: ssh related CVE patches seems too invasive to backport (jspricke)
 --
-expat
-  NOTE: 20250922: Added by Front-Desk (ta)
-  NOTE: 20251020: In progress, the fix for CVE-2025-59375 is very intrusive and
-  NOTE: 20251020: triaging it like CVE-2024-28757 might make sense (guilhem)
---
 ffmpeg
   NOTE: 20251102: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98293eec01e2864ba4d7d95a0e6479213ea76a1f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98293eec01e2864ba4d7d95a0e6479213ea76a1f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251108/a0d55a3d/attachment.htm>

More information about the debian-security-tracker-commits mailing list