[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream tag reference for CVE-2025-49809
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 6 07:07:56 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
314403f7 by Salvatore Bonaccorso at 2026-05-06T08:06:26+02:00
Add upstream tag reference for CVE-2025-49809
- - - - -
bcf6f42a by Salvatore Bonaccorso at 2026-05-06T08:07:10+02:00
Track fixed version via unstable for CVE-2025-49809/mtr
Thanks: Tianyu Chen for reporting the status.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -122865,12 +122865,12 @@ CVE-2025-49867 (Incorrect Privilege Assignment vulnerability in InspiryThemes Re
CVE-2025-49866 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-49809 (mtr through 0.95, in certain privileged contexts, mishandles execution ...)
- - mtr <unfixed> (unimportant)
+ - mtr 0.96-1 (unimportant)
NOTE: In Debian, mtr runs unprivileged and exec-s mtr-packet (or env[MTR_PACKAGE])
NOTE: which has cap_net_raw.
NOTE: Mitigation: if running mtr through sudo (typically MacOSX), requires
NOTE: touching /etc/mtr.is.run.under.sudo to disable ENV[MTR_PACKET] fallback.
- NOTE: Fixed by: https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6
+ NOTE: Fixed by: https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6 (v0.96)
NOTE: Introduced by: https://github.com/traviscross/mtr/commit/fcda9e8b82ca354049fa0ee9cfcb2eaaae623ee0 (v0.88)
NOTE: Negligible security impact on Debian
CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/893ce0f35400189a04bcffff0909481134aa4c00...bcf6f42af122e73d12094e462ca5d15f7b6b0cd1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/893ce0f35400189a04bcffff0909481134aa4c00...bcf6f42af122e73d12094e462ca5d15f7b6b0cd1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260506/32213566/attachment.htm>
More information about the debian-security-tracker-commits
mailing list