Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7302ddf by Salvatore Bonaccorso at 2025-05-15T22:29:47+02:00
Update fig2dev CVEs which got re-assigned by RedHat CNA
Initially the assigned CVEs got rejected, in consequence we dropped the
CVEs in e37ab262193e ("Remove CVEs which initially were assigned for
fig2dev issues").
The were re-assigned for the same CVEs so restore our tracking mostly
but demote the issues to unimportant.
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -7012,18 +7012,27 @@ CVE-2025-46419 (Westermo WeOS 5 through 5.23.0 allows a
reboot via a malformed E
CVE-2025-46417 (The unsafe globals in Picklescan before 0.0.25 do not include
ssl. Con ...)
NOT-FOR-US: Picklescan
CVE-2025-46400 (In xfig diagramming tool, a segmentation fault while running
fig2dev a ...)
- - xfig <unfixed> (unimportant)
+ - fig2dev 1:3.2.9a-3 (unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2362054
NOTE: https://sourceforge.net/p/mcj/tickets/187/
NOTE: Error covered with:
https://sourceforge.net/p/mcj/fig2dev/ci/1e5515a1ea2ec8651cf85ab5000d026bb962492a/
NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/c4465e0d9af89d9738aad31c2d0873ac1fa03c96/
NOTE: Crash in CLI tool, no security impact
CVE-2025-46399 (In xfig diagramming tool, a segmentation fault in fig2dev
allows memor ...)
- TODO: check
+ - fig2dev 1:3.2.9a-4 (unimportant)
+ NOTE: https://sourceforge.net/p/mcj/tickets/190/
+ NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/2bd6c0b210916d0d3ca81f304535b5af0849aa93/
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-46398 (In xfig diagramming tool, a stack-overflow while running
fig2dev allow ...)
- TODO: check
+ - fig2dev 1:3.2.9a-4 (unimportant)
+ NOTE: https://sourceforge.net/p/mcj/tickets/191/
+ NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/5f22009dba73922e98d49c0096cece8b215cd45b/
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-46397 (In xfig diagramming tool, a stack-overflowwhile running
fig2dev allows ...)
- TODO: check
+ - fig2dev 1:3.2.9a-4 (unimportant)
+ NOTE: https://sourceforge.net/p/mcj/tickets/192/
+ NOTE: Fixed by:
https://sourceforge.net/p/mcj/fig2dev/ci/dfa8b661b506a463a669754ed635b0a8eb67580e/
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-46381
REJECTED
CVE-2025-46380
=====================================
data/DLA/list
=====================================
@@ -56,6 +56,7 @@
{CVE-2025-29769}
[bullseye] - vips 8.10.5-2+deb11u1
[30 Apr 2025] DLA-4147-1 fig2dev - security update
+ {CVE-2025-46397 CVE-2025-46398 CVE-2025-46399 CVE-2025-46400}
[bullseye] - fig2dev 1:3.2.8-3+deb11u3
[30 Apr 2025] DLA-4146-1 libxml2 - security update
{CVE-2025-32414 CVE-2025-32415}
=====================================
data/next-point-update.txt
=====================================
@@ -234,3 +234,11 @@ CVE-2025-27773
[bookworm] - simplesamlphp 1.19.7-1+deb12u2
CVE-2025-46712
[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
+CVE-2025-46397
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
+CVE-2025-46398
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
+CVE-2025-46399
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
+CVE-2025-46400
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7302ddf264401a63ade31814877256fe6a21861
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7302ddf264401a63ade31814877256fe6a21861
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
