[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Feb 25 08:57:24 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1d29dbf5 by Moritz Muehlenhoff at 2026-02-25T09:54:38+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -988,23 +988,28 @@ CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a se
NOTE: Fixed by: https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7
CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a memory leak ...)
- libsixel <unfixed>
+ [trixie] - libsixel <no-dsa> (Minor issue)
+ [bookworm] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/207
NOTE: https://github.com/saitoha/libsixel/commit/e0ba6685262a3679cc5b9009c0c5b7dc8a3f262e
CVE-2025-61145 (libtiff up to v4.7.1 was discovered to contain a double free via the c ...)
- - tiff 4.7.1-1
+ - tiff 4.7.1-1 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/736
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/753
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/0ac97aa7a5bffddd88f7cdbe517264e9db3f5bd5 (v4.7.1rc1)
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-61144 (libtiff up to v4.7.1 was discovered to contain a stack overflow via th ...)
- - tiff 4.7.1-1
+ - tiff 4.7.1-1 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/740
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/757
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/88cf9dbb48f6e172629795ecffae35d5052f68aa (v4.7.1rc1)
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-61143 (libtiff up to v4.7.1 was discovered to contain a NULL pointer derefere ...)
- - tiff 4.7.1-1
+ - tiff 4.7.1-1 (unimportant)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/737
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/755
NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/4d28af5fe61b1760f10981f5072ff1e6fd44f210 (v4.7.1rc1)
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-59873 (An information exposure vulnerability exists in Vulnerability in HCL ...)
NOT-FOR-US: HCL
CVE-2025-41002 (SQL injection vulnerability in Infoticketing. This vulnerability allow ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -34,6 +34,9 @@ gimp
--
git-lfs
--
+imagemagick
+ only some of them are important, we could also fix the more severe ones
+--
isc-kea/oldstable
--
jackson-core
@@ -54,6 +57,8 @@ node-tar
--
nodejs
--
+nss (jmm)
+--
opennds/oldstable
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d29dbf5471193449441a2da80240f73f68b41cc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d29dbf5471193449441a2da80240f73f68b41cc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260225/924747b9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list