[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-59733/ffmpeg

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 19 13:06:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4c7ba71 by Salvatore Bonaccorso at 2025-10-19T14:05:28+02:00
Update status for CVE-2025-59733/ffmpeg

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4374,8 +4374,8 @@ CVE-2025-59734 (It is possible to cause an use-after-free write in SANM decoding
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/af310e68db0791b94753a9670c9a9ef0d717e32a (n8.0)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c3747e011e7c7107ad6ef4c9e0a1c26490e2c30f (n8.0)
 CVE-2025-59733 (When decoding an OpenEXR file that uses DWAA or DWAB compression, ther ...)
-	- ffmpeg <undetermined>
-	TODO: check, too little information available, only product association from Google CNA
+	{DSA-6007-1 DSA-5985-1}
+	- ffmpeg 7:7.1.2-1
 	NOTE: https://issuetracker.google.com/issues/436511754
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/0469d68acb52081ca8385b844b9650398242be0f (master)
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/de76fb27a6e6da0431154ce9093933281a38a889 (n8.0)


=====================================
data/DSA/list
=====================================
@@ -83,7 +83,7 @@
 	{CVE-2025-21751 CVE-2025-22103 CVE-2025-22113 CVE-2025-22124 CVE-2025-22125 CVE-2025-23133 CVE-2025-38272 CVE-2025-38306 CVE-2025-38453 CVE-2025-38502 CVE-2025-38556 CVE-2025-38676 CVE-2025-38677 CVE-2025-38730 CVE-2025-38732 CVE-2025-38733 CVE-2025-38734 CVE-2025-38735 CVE-2025-38736 CVE-2025-38737 CVE-2025-39673 CVE-2025-39675 CVE-2025-39676 CVE-2025-39679 CVE-2025-39681 CVE-2025-39682 CVE-2025-39683 CVE-2025-39684 CVE-2025-39685 CVE-2025-39686 CVE-2025-39687 CVE-2025-39689 CVE-2025-39691 CVE-2025-39692 CVE-2025-39693 CVE-2025-39694 CVE-2025-39695 CVE-2025-39697 CVE-2025-39698 CVE-2025-39700 CVE-2025-39701 CVE-2025-39702 CVE-2025-39703 CVE-2025-39705 CVE-2025-39706 CVE-2025-39707 CVE-2025-39709 CVE-2025-39710 CVE-2025-39711 CVE-2025-39712 CVE-2025-39713 CVE-2025-39714 CVE-2025-39715 CVE-2025-39716 CVE-2025-39718 CVE-2025-39719 CVE-2025-39720 CVE-2025-39721 CVE-2025-39722 CVE-2025-39723 CVE-2025-39724 CVE-2025-39759 CVE-2025-39765 CVE-2025-39766 CVE-2025-39767 CVE-2025-39770 CVE-2025-39772 CVE-2025-39773 CVE-2025-39776 CVE-2025-39779 CVE-2025-39780 CVE-2025-39781 CVE-2025-39782 CVE-2025-39783 CVE-2025-39787 CVE-2025-39788 CVE-2025-39790 CVE-2025-39791 CVE-2025-39800 CVE-2025-39801 CVE-2025-39805 CVE-2025-39806 CVE-2025-39807 CVE-2025-39808 CVE-2025-39810 CVE-2025-39811 CVE-2025-39812 CVE-2025-39813 CVE-2025-39815 CVE-2025-39817 CVE-2025-39819 CVE-2025-39823 CVE-2025-39824 CVE-2025-39825 CVE-2025-39826 CVE-2025-39827 CVE-2025-39828 CVE-2025-39829 CVE-2025-39831 CVE-2025-39832 CVE-2025-39835 CVE-2025-39836 CVE-2025-39838 CVE-2025-39839 CVE-2025-39841 CVE-2025-39842 CVE-2025-39843 CVE-2025-39844 CVE-2025-39845 CVE-2025-39846 CVE-2025-39847 CVE-2025-39848 CVE-2025-39849 CVE-2025-39850 CVE-2025-39851 CVE-2025-39852 CVE-2025-39853 CVE-2025-39854 CVE-2025-39857 CVE-2025-39860 CVE-2025-39861 CVE-2025-39863 CVE-2025-39864 CVE-2025-39865 CVE-2025-39866 CVE-2025-40300}
 	[trixie] - linux 6.12.48-1
 [21 Sep 2025] DSA-6007-1 ffmpeg - security update
-	{CVE-2025-1594 CVE-2025-7700 CVE-2025-10256}
+	{CVE-2025-1594 CVE-2025-7700 CVE-2025-10256 CVE-2025-59733}
 	[trixie] - ffmpeg 7:7.1.2-0+deb13u1
 [19 Sep 2025] DSA-6006-1 jetty12 - security update
 	{CVE-2025-5115}
@@ -164,7 +164,7 @@
 	[bookworm] - node-cipher-base 1.0.4-6+deb12u1
 	[trixie] - node-cipher-base 1.0.4-6+deb13u1
 [25 Aug 2025] DSA-5985-1 ffmpeg - security update
-	{CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31582 CVE-2024-35367 CVE-2024-35368 CVE-2025-0518 CVE-2025-7700 CVE-2025-22919 CVE-2023-6605 CVE-2023-6602 CVE-2023-6604 CVE-2023-6601}
+	{CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31582 CVE-2024-35367 CVE-2024-35368 CVE-2025-0518 CVE-2025-7700 CVE-2025-22919 CVE-2023-6605 CVE-2023-6602 CVE-2023-6604 CVE-2023-6601 CVE-2025-59733}
 	[bookworm] - ffmpeg 7:5.1.7-0+deb12u1
 [24 Aug 2025] DSA-5984-1 thunderbird - security update
 	{CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c7ba71b8b4003089205cabd3d0c3f800176ae8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c7ba71b8b4003089205cabd3d0c3f800176ae8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251019/2d215cd4/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list