[Git][security-tracker-team/security-tracker][master] data/CVE/list: CVE-2025-2337: Mark bullseye as not-affected

[Andreas Henriksson (@ah)]

Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d370cad1 by Andreas Henriksson at 2026-01-17T17:33:02+01:00
data/CVE/list: CVE-2025-2337: Mark bullseye as not-affected

The vulnerable code was introduced in a commit that was first part
of v1.5.20 (while bullseye has v1.5.19 and lacks the vulnerable code).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106588,7 +106588,7 @@ CVE-2025-2338 (A vulnerability, which was classified as critical, was found in t
 CVE-2025-2337 (A vulnerability, which was classified as critical, has been found in t ...)
 	- libmatio 1.5.28-2 (bug #1100992)
 	[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
-	[bullseye] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - libmatio <not-affected> (Vulnerable code introduced in v1.5.20, commit 67a922f83467d694fa6e)
 	NOTE: https://github.com/tbeu/matio/issues/267
 	NOTE: Fixed by: https://github.com/tbeu/matio/commit/67000893b627205c42abc125d7917b6b2d18f84f (v1.5.29)
 CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d370cad1f5e1388b056bcf4e698ac3378cf582c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d370cad1f5e1388b056bcf4e698ac3378cf582c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260117/91b8978c/attachment.htm>