Your message dated Sat, 04 Jul 2026 15:48:35 +0000
with message-id <[email protected]>
and subject line Bug#1108157: fixed in poco 1.13.0-6+deb13u1
has caused the Debian Bug report #1108157,
regarding poco: CVE-2025-6375
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1108157: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108157
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: poco
Version: 1.13.0-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/pocoproject/poco/issues/4915
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for poco.
CVE-2025-6375[0]:
| A vulnerability was found in poco up to 1.14.1. It has been rated as
| problematic. Affected by this issue is the function
| MultipartInputStream of the file Net/src/MultipartReader.cpp. The
| manipulation leads to null pointer dereference. The attack needs to
| be approached locally. The exploit has been disclosed to the public
| and may be used. Upgrading to version 1.14.2 is able to address this
| issue. The patch is identified as
| 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to
| upgrade the affected component.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6375
https://www.cve.org/CVERecord?id=CVE-2025-6375
[1] https://github.com/pocoproject/poco/issues/4915
[2]
https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: poco
Source-Version: 1.13.0-6+deb13u1
Done: Adrian Bunk <[email protected]>
We believe that the bug you reported is fixed in the latest version of
poco, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adrian Bunk <[email protected]> (supplier of updated poco package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 20 Jun 2026 21:15:03 +0300
Source: poco
Architecture: source
Version: 1.13.0-6+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian QA Group <[email protected]>
Changed-By: Adrian Bunk <[email protected]>
Closes: 1108157
Changes:
poco (1.13.0-6+deb13u1) trixie; urgency=medium
.
* QA upload.
* CVE-2025-6375: Segmentation fault in MultipartStreamBuf
(Closes: #1108157)
Checksums-Sha1:
a34655be128049d2afdde5fa3611b2d00b53f9bf 3220 poco_1.13.0-6+deb13u1.dsc
675f326e3cc2f8c8e1d92a7e2c1e84df3290e5a5 5914008 poco_1.13.0.orig.tar.bz2
105e48abf36ac3b3a33be76b00c9ef7864bbbe88 17000
poco_1.13.0-6+deb13u1.debian.tar.xz
Checksums-Sha256:
dc71ecf9bcbf751d9f12d5f85b0f6d9d84359a94b17e98adca71eac637358150 3220
poco_1.13.0-6+deb13u1.dsc
93d3a810064c25f1e8b24452602e42bc528474258458f388f9de2f787d5170ab 5914008
poco_1.13.0.orig.tar.bz2
1d154599b5d633e5ffe4904e8580016a81752112d9eba163884b237cf4d22aac 17000
poco_1.13.0-6+deb13u1.debian.tar.xz
Files:
f7df53f9741f971442ad3495fecd41b4 3220 libs optional poco_1.13.0-6+deb13u1.dsc
2f22a96a2ab0b47b157a413c4e7c1122 5914008 libs optional poco_1.13.0.orig.tar.bz2
dcb7e91b0d25ebd0de4369e124f27b29 17000 libs optional
poco_1.13.0-6+deb13u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmo2+8MACgkQiNJCh6LY
mLHxRQ/+L43SX/doK27WwA0W6Bb1JuI/0fvi6fzzHCOXfiu1RrW1O2QNjN4CLc8h
uvewnYRpJIYcmv/P7VxPGJ71vxXXjSJq2RWs2RNdJ6aezdC73Z+arU98sTGvhRxD
wdO+XTEy8/LV/Xjf5lVZ3QHNF7tT8g4txeUeQ3W3tuAMXjnaEIC5yzSVScQobUYS
Cyc2KjJxQuTLNeRtMWyui7S6o528wXPFh/5cOpicfywwFL3LseFusKXbdD17AIh7
+GckT5ZmmWW36g1h34RQRNEr4wWKTAz72KeteFcap9HMUaAZhCScf6X7y0z4uahT
T7+GowIKT6knIXiXID68EEisA+0wIIJ8f8Nhz7LMn6XbOYDFNJhkvr1YxjU8VkAO
WKEi8QDdzQ8aza9e78j6WPf08oF5kshLkuPmYrS3/ma4tzhDIK44zdQpQ+taFdGt
19fnhqZKHvw0Kwwm5JBm5AFzN0ILMtb6R5z2R2dwmqUM21DAIdTPpXV93EPwnq3W
uuogMMPfnoQ6XitmNWEoj8WA3BirjPFQX2NxJ9zcD/GJgswhgAIl9Sb6qYJroKs1
AfXhfJgghn4qfTW5ASg8tn3Y+FaKlTl/FRaOKUnmbOTq3HBP5WYke1XKTU3YTfHi
pIw4b4fT3T9jqAqkVCuUJEIi9AtpRrnhHMjNqueqGkoVVQE5U8o=
=osci
-----END PGP SIGNATURE-----
pgpx2zaaSyI0J.pgp
Description: PGP signature
--- End Message ---