[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-26519/musl: reference patches

Mon, 17 Feb 2025 02:07:53 -0800 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
dc4eca2b by Sylvain Beucler at 2025-02-17T10:32:10+01:00
CVE-2025-26519/musl: reference patches

- - - - -
e9771800 by Sylvain Beucler at 2025-02-17T10:35:08+01:00
CVE-2020-28928/musl: reference patch

- - - - -
0bee82bd by Sylvain Beucler at 2025-02-17T11:01:42+01:00
dla: add musl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -426,6 +426,8 @@ CVE-2025-26519 (musl libc 0.9.13 through 1.2.5 before 1.2.6 
has an out-of-bounds
        - musl <unfixed>
        [bookworm] - musl <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2025/02/13/2
+       NOTE: 
https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659
 (master)
+       NOTE: 
https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da
 (master)
 CVE-2025-26473 (The Mojave Inverter uses the GET method for sensitive 
information.)
        NOT-FOR-US: Mojave Inverter
 CVE-2025-25281 (An attacker may modify the URL to discover sensitive 
information about ...)
@@ -337380,6 +337382,7 @@ CVE-2020-28928 (In musl libc through 1.2.1, 
wcsnrtombs mishandles particular com
        - musl 1.2.2-1 (bug #975365)
        [buster] - musl <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4
+       NOTE: 
https://git.musl-libc.org/cgit/musl/commit/?id=3ab2a4e02682df1382955071919d8aa3c3ec40d4
 (v1.2.2)
 CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User 
Registration sectio ...)
        NOT-FOR-US: Magicpin
 CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote 
code exe ...)


=====================================
data/dla-needed.txt
=====================================
@@ -162,6 +162,9 @@ mosquitto
   NOTE: 20241126: Backported 
https://people.debian.org/~abhijith/upload/gss/CVE-2024-3935.patch (abhijith)
   NOTE: 20241217: Backporting CVE-2024-8376 (abhijith)
 --
+musl
+  NOTE: 20250217: Added by Front-Desk (Beuc)
+--
 nagvis
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59cb5e8e420523b5c4d3948794955974570f08c4...0bee82bd8b4e52bd4ffd666a46351e34e57d2401

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/59cb5e8e420523b5c4d3948794955974570f08c4...0bee82bd8b4e52bd4ffd666a46351e34e57d2401
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to