[Git][security-tracker-team/security-tracker][master] Add CVE-2025-70103/jpeg-xl
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 31 06:22:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7230aef0 by Salvatore Bonaccorso at 2026-05-31T07:20:31+02:00
Add CVE-2025-70103/jpeg-xl
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3143,7 +3143,11 @@ CVE-2026-1248 (IBM Business Automation Workflow containers and traditionalmay le
CVE-2025-70116 (A NULL pointer dereference in GPAC MP4Box: when parsing certain trunca ...)
TODO: check
CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM im ...)
- TODO: check
+ - jpeg-xl <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/7
+ NOTE: https://github.com/libjxl/libjxl/issues/4337
+ NOTE: https://github.com/libjxl/libjxl/pull/4380
+ NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/49fb89f23473e57fa1dac416adce7c7679e5d051
CVE-2025-69600 (Command injection in Raynet rvia 12.6.4392.49-amd64.deb allows adversa ...)
TODO: check
CVE-2025-68712 (SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a loc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7230aef0e8e158e9e6c45e19a988d6cb4e9a6de5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7230aef0e8e158e9e6c45e19a988d6cb4e9a6de5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/72810018/attachment.htm>
More information about the debian-security-tracker-commits
mailing list