[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2025-12840, CVE-2025-12839 and CVE-2025-12495 as postponed until fixed upstream
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Sun Feb 8 23:16:24 GMT 2026
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b491858 by Thorsten Alteholz at 2026-02-09T00:16:12+01:00
mark CVE-2025-12840, CVE-2025-12839 and CVE-2025-12495 as postponed until fixed upstream
- - - - -
4b2bbbf7 by Thorsten Alteholz at 2026-02-09T00:16:12+01:00
mark temporary issue as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -652,6 +652,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0008]
- rust-git2 0.20.4-1 (bug #1127315)
[trixie] - rust-git2 <no-dsa> (Minor issue)
[bookworm] - rust-git2 <no-dsa> (Minor issue)
+ [bullseye] - rust-git2 <postponed> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0008.html
NOTE: https://github.com/advisories/GHSA-j39j-6gw9-jw6h
NOTE: https://github.com/rust-lang/git2-rs/pull/1213
@@ -19432,12 +19433,14 @@ CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based
- openexr <unfixed> (bug #1123963)
[trixie] - openexr <postponed> (Revisit when fixed upstream)
[bookworm] - openexr <postponed> (Revisit when fixed upstream)
+ [bullseye] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-991/
NOTE: https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
- openexr <unfixed> (bug #1123963)
[trixie] - openexr <postponed> (Revisit when fixed upstream)
[bookworm] - openexr <postponed> (Revisit when fixed upstream)
+ [bullseye] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-990/
NOTE: https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation Vulnerabi ...)
@@ -19446,6 +19449,7 @@ CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based
- openexr <unfixed> (bug #1123963)
[trixie] - openexr <postponed> (Revisit when fixed upstream)
[bookworm] - openexr <postponed> (Revisit when fixed upstream)
+ [bullseye] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-989/
NOTE: https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
CVE-2025-12491 (Senstar Symphony FetchStoredLicense Information Disclosure Vulnerabili ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ac106e5c0c0bfe0df71ab5a46aea4c1f363a9afd...4b2bbbf790867b8d30fe1d445fde0d963e170bee
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ac106e5c0c0bfe0df71ab5a46aea4c1f363a9afd...4b2bbbf790867b8d30fe1d445fde0d963e170bee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260208/5bf47ff2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list