[Git][security-tracker-team/security-tracker][master] tiff DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Oct 10 19:38:39 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
08569ec1 by Moritz Mühlenhoff at 2025-10-10T20:38:09+02:00
tiff DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -19461,6 +19461,7 @@ CVE-2025-9132 (Out of bounds write in V8 in Google Chrome prior to 139.0.7258.13
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9165 (A flaw has been found in LibTIFF 4.7.0. This affects the function _TIF ...)
- tiff 4.7.0-4 (bug #1111878; unimportant)
+ [trixie] - tiff 4.7.0-3+deb13u1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/728
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/747
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
@@ -20786,6 +20787,7 @@ CVE-2025-8962 (A vulnerability was found in code-projects Hostel Management Syst
NOT-FOR-US: code-projects
CVE-2025-8961 (A weakness has been identified in LibTIFF 4.7.0. This affects the func ...)
- tiff 4.7.0-5 (bug #1111317; unimportant)
+ [trixie] - tiff 4.7.0-3+deb13u1
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/721
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5
NOTE: Crash in CLI tool, no security impact
@@ -24539,7 +24541,7 @@ CVE-2025-4588 (The 360 Photo Spheres plugin for WordPress is vulnerable to Store
CVE-2024-13978 (A vulnerability was found in LibTIFF up to 4.7.0. It has been declared ...)
{DLA-4315-1}
- tiff 4.7.0-4 (bug #1111323)
- [trixie] - tiff <no-dsa> (Minor issue)
+ [trixie] - tiff 4.7.0-3+deb13u1
[bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/649
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/650
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[10 Oct 2025] DSA-6023-1 tiff - security update
+ {CVE-2025-9900}
+ [bookworm] - tiff 4.5.0-6+deb12u3
+ [trixie] - tiff 4.7.0-3+deb13u1
[09 Oct 2025] DSA-6022-1 valkey - security update
{CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844}
[trixie] - valkey 8.1.1+dfsg1-3+deb13u1
=====================================
data/dsa-needed.txt
=====================================
@@ -76,8 +76,6 @@ sogo/oldstable
--
sympa/oldstable
--
-tiff (jmm)
---
tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08569ec1b48a55f67a6a460c6557efe315d00314
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08569ec1b48a55f67a6a460c6557efe315d00314
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/77fb0fda/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list