[Git][security-tracker-team/security-tracker][master] bullseye triagging

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
65e29426 by Bastien Roucariès at 2026-06-11T22:37:47+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1998,18 +1998,24 @@ CVE-2025-62858 (A buffer overflow vulnerability has been reported to affect seve
 	NOT-FOR-US: QNAP
 CVE-2025-55659 (A NULL pointer dereference in the ctts_box_write function (isomedia/bo ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 CVE-2025-55658 (GPAC MP4Box v2.4 was discovered to contain a floating point exception  ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 CVE-2025-55657 (A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (od ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 CVE-2025-55651 (A NULL pointer dereference in the gf_isom_get_user_data_count function ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 CVE-2025-54509 (Improper access control for register interface in the input-output mem ...)
 	NOT-FOR-US: AMD
 CVE-2025-52293 (A segmentation violaton in the gf_hevc_read_sps_bs_internal function ( ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 CVE-2025-52292 (A stack buffer overflow in the filein_process function (in_file.c) of  ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 CVE-2025-40808 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...)
 	NOT-FOR-US: Siemens
 CVE-2023-43688 (An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-1 ...)
@@ -6342,6 +6348,7 @@ CVE-2026-10722 (A vulnerability has been found in cilium ebpf up to 0.21.0. This
 	- golang-github-cilium-ebpf <unfixed> (bug #1139176)
 	[trixie] - golang-github-cilium-ebpf <no-dsa> (Minor issue)
 	[bookworm] - golang-github-cilium-ebpf <no-dsa> (Minor issue)
+	[bullseye] - golang-github-cilium-ebpf <ignored> (Minor issue; out of LTS security support)
 	NOTE: https://github.com/cilium/ebpf/issues/2019
 	NOTE: https://github.com/cilium/ebpf/pull/2021
 	NOTE: Fixed by: https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa
@@ -6351,6 +6358,7 @@ CVE-2025-70100 (A divide-by-zero vulnerability in the ext4_block_set_lb_size fun
 	NOT-FOR-US: lwext4
 CVE-2025-60477 (A NULL pointer dereference in the gf_filter_pid_resolve_file_template_ ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life>
 	NOTE: https://github.com/gpac/gpac/issues/3301
 	NOTE: https://github.com/gpac/gpac/commit/13eb5b76560aaf7813b865a2ad433258478e2695
 CVE-2025-41259 (SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TO ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65e29426f37b8a01ebeba928264a293be29291b7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/65e29426f37b8a01ebeba928264a293be29291b7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/75074375/attachment.htm>