[Git][security-tracker-team/security-tracker][master] two libwebsockets issues n/a

Thu Oct 23 12:30:28 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
503ea17e by Moritz Muehlenhoff at 2025-10-23T13:29:44+02:00
two libwebsockets issues n/a

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1405,13 +1405,13 @@ CVE-2025-26781 (An issue was discovered in L2 in Samsung Mobile Processor, Weara
 CVE-2025-11979 (An authorized user may crash the MongoDB server by causing buffer over ...)
 	- mongodb <removed>
 CVE-2025-11680 (Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allo ...)
-	- libwebsockets <unfixed>
-	[bullseye] - libwebsockets <not-affected> (lws_upng introduced in 4.4.0)
-	NOTE: https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78
+	- libwebsockets <not-affected> (Vulnerable code introduced in 4.4.0)
+	NOTE: Introduced in https://libwebsockets.org/git/libwebsockets/commit?id=48907fca0a25c39ce35692c527cb8aa82ee60d85
+	NOTE: Fixed in https://libwebsockets.org/git/libwebsockets/commit?id=2b715249f39291c86443b969a1088d59b6a89b78
 CVE-2025-11679 (Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets ...)
-	- libwebsockets <unfixed>
-	[bullseye] - libwebsockets <not-affected> (lws_upng introduced in 4.4.0)
-	NOTE: https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
+	- libwebsockets <not-affected> (Vulnerable code introduced in 4.4.0)
+	NOTE: Introduced in https://libwebsockets.org/git/libwebsockets/commit?id=48907fca0a25c39ce35692c527cb8aa82ee60d85
+	NOTE: Fixed in https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
 CVE-2025-11678 (Stack-based Buffer Overflowin lws_adns_parse_label in warmcat libwebso ...)
 	- libwebsockets <unfixed>
 	NOTE: https://libwebsockets.org/git/libwebsockets/commit?id=2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503ea17e8069c18f582552416d4da98b1e30bbac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/503ea17e8069c18f582552416d4da98b1e30bbac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251023/ab255c2e/attachment.htm>
