Source: netsurf Version: 3.11-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for netsurf. CVE-2024-51317[0]: | Use-after-free in _dom_node_normalize CVE-2025-29699[1]: | Use-after-free in _dom_node_set_text_content CVE-2025-45663[2]: | Disclosure of uninitialized memory in _dom_event_initialise Note that the ix for CVE-2025-29699 is commited to the main git repository (but not referencable right now via link as the webfrontend not avaialable) but as it looks not yet on the mirror on github. I only have references for now those found on github mirror in the security-tracker, but all 3 are fixed (see references from reporter) If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-51317 https://www.cve.org/CVERecord?id=CVE-2024-51317 [1] https://security-tracker.debian.org/tracker/CVE-2025-29699 https://www.cve.org/CVERecord?id=CVE-2025-29699 [2] https://security-tracker.debian.org/tracker/CVE-2025-45663 https://www.cve.org/CVERecord?id=CVE-2025-45663 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
