[Git][security-tracker-team/security-tracker][master] Reserve DLA-4459-1 for libmatio

Thu Jan 29 12:10:47 GMT 2026


Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91cf2994 by Andreas Henriksson at 2026-01-29T13:10:40+01:00
Reserve DLA-4459-1 for libmatio

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -111049,7 +111049,6 @@ CVE-2025-2338 (A vulnerability, which was classified as critical, was found in t
 	- libmatio 1.5.29-1 (bug #1104247)
 	[trixie] - libmatio <no-dsa> (Minor issue)
 	[bookworm] - libmatio <no-dsa> (Minor issue)
-	[bullseye] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/tbeu/matio/issues/269
 	NOTE: Fixed by: https://github.com/tbeu/matio/commit/7b31881ea1da30b075658502961dfcc95353d9ae (v1.5.29)
 CVE-2025-2337 (A vulnerability, which was classified as critical, has been found in t ...)
@@ -357170,7 +357169,6 @@ CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel\u20
 	NOTE: CONFIG_X25 is not set in Debian
 CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarRea ...)
 	- libmatio 1.5.22-1
-	[bullseye] - libmatio <no-dsa> (Minor issue)
 	[buster] - libmatio <no-dsa> (Minor issue)
 	NOTE: https://github.com/tbeu/matio/issues/186
 	NOTE: Fixed by: https://github.com/tbeu/matio/commit/b53b62b756920f4c1509f4ee06427f66c3b5c9c4 (v1.5.22)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Jan 2026] DLA-4459-1 libmatio - security update
+	{CVE-2022-1515 CVE-2025-2338 CVE-2025-50343}
+	[bullseye] - libmatio 1.5.19-2+deb11u1
 [28 Jan 2026] DLA-4458-1 python-django - security update
 	{CVE-2024-39329 CVE-2024-39330 CVE-2024-39614 CVE-2024-41989 CVE-2024-41991 CVE-2024-42005 CVE-2024-45231}
 	[bullseye] - python-django 2:2.2.28-1~deb11u11


=====================================
data/dla-needed.txt
=====================================
@@ -175,10 +175,6 @@ lemonldap-ng
   NOTE: 20251028: Still working in CVE-2024-52948 (abhijith)
   NOTE: 20251229: Asked yadd (maintainer of package) for help (abhijith)
 --
-libmatio (ah)
-  NOTE: 20260102: Added by Front-Desk (Beuc)
-  NOTE: 20260102: Many postponed issues pile-up over the years (Beuc/front-desk)
---
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cf299456f3a73c9373c3577b1eacab9a218714

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91cf299456f3a73c9373c3577b1eacab9a218714
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260129/c2d4899f/attachment-0001.htm>
