[Git][security-tracker-team/security-tracker][master] Reserve DLA-4292-1 for clamav

Thu Sep 4 13:22:17 BST 2025


Lucas Kanashiro pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03b5cb82 by Lucas Kanashiro at 2025-09-04T09:22:08-03:00
Reserve DLA-4292-1 for clamav

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -22288,7 +22288,6 @@ CVE-2025-20271 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Mera
 CVE-2025-20260 (A vulnerability in the PDF scanning processes of ClamAV could allow an ...)
 	- clamav 1.4.3+dfsg-1 (bug #1108046)
 	[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
-	[bullseye] - clamav <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
 CVE-2025-20234 (A vulnerability in Universal Disk Format (UDF) processing of ClamAV co ...)
 	- clamav 1.4.3+dfsg-1 (bug #1108045)
@@ -71229,7 +71228,6 @@ CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management coul
 CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) decryptio ...)
 	- clamav 1.4.2+dfsg-1 (bug #1093880)
 	[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
-	[bullseye] - clamav <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
 CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP on Wind ...)
 	NOT-FOR-US: Cloudflare


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[04 Sep 2025] DLA-4292-1 clamav - security update
+	{CVE-2025-20128 CVE-2025-20260}
+	[bullseye] - clamav 1.0.9+dfsg-1~deb11u1
 [03 Sep 2025] DLA-4291-1 node-cipher-base - security update
 	{CVE-2025-9287}
 	[bullseye] - node-cipher-base 1.0.4-4+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -78,10 +78,6 @@ ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
 --
-clamav (kanashiro)
-  NOTE: 20250822: Added by Front-Desk (dleidert)
-  NOTE: 20250822: Follow SUA in #1108504 and coordinate with kanashiro (dleidert/FD)
---
 dnsdist
   NOTE: 20250521: Added by Front-Desk (Beuc)
   NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b5cb82e7176a23113d67d67630e43fe9f23ab7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b5cb82e7176a23113d67d67630e43fe9f23ab7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250904/7a0dd99c/attachment-0001.htm>
