[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE-2025-25473 as not-affected for Bullseye

Sat, 01 Mar 2025 15:39:28 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2fbe6cf6 by Thorsten Alteholz at 2025-02-28T18:57:05+01:00
mark CVE-2025-25473 as not-affected for Bullseye

- - - - -
2f69d1c3 by Thorsten Alteholz at 2025-02-28T19:14:51+01:00
mark CVE-2024-36615 as postponed for Bullseye

- - - - -
93e7a40c by Thorsten Alteholz at 2025-02-28T19:18:56+01:00
mark CVE-2025-1594 as postponed for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4460,6 +4460,7 @@ CVE-2025-1595 (A vulnerability has been found in Anhui 
Xufan Information Technol
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in 
FFmpeg ...)
        - ffmpeg <unfixed>
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
+       [bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed 
upstream)
        NOTE: 
https://ffmpeg.org/pipermail/ffmpeg-devel/2025-February/339544.html
        NOTE: https://trac.ffmpeg.org/ticket/11418
 CVE-2025-1412 (Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to 
invalid ...)
@@ -5213,6 +5214,7 @@ CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to 
contain a buffer overflow vi
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to 
contain a NUL ...)
        - ffmpeg <unfixed>
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
+       [bullseye] - ffmpeg <not-affected> (Vulnerable code introduced later; 
ff_flush_packet_queue() is always called)
        NOTE: https://trac.ffmpeg.org/ticket/11419
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows 
attackers to  ...)
@@ -27931,6 +27933,7 @@ CVE-2024-36616 (An integer overflow in the component 
/libavformat/westwood_vqa.c
 CVE-2024-36615 (FFmpeg n7.0 has a race condition vulnerability in the VP9 
decoder. Thi ...)
        - ffmpeg 7:7.1-3
        [bookworm] - ffmpeg <postponed> (Pick up when fixed in 5.1.x)
+       [bullseye] - ffmpeg <postponed> (Minor issue, hard to backport)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61
 (n7.1)
 CVE-2024-36612 (Zulip from 8.0 to 8.3 contains a memory leak vulnerability in 
the hand ...)
        - zulip-server <itp> (bug #800052)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4799f1f052b51551174b2a13d9e84588c3422d47...93e7a40c92ebf08eef88c140057f1618f1143e43

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4799f1f052b51551174b2a13d9e84588c3422d47...93e7a40c92ebf08eef88c140057f1618f1143e43
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to