Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6754ef0b by Thorsten Alteholz at 2025-05-31T10:28:46+02:00
add a note for espeak-ng
- - - - -
b0e5f081 by Thorsten Alteholz at 2025-05-31T10:29:32+02:00
Reserve DLA-4198-1 for espeak-ng
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -154754,35 +154754,30 @@ CVE-2023-4932 (SAS application is vulnerable to
Reflected Cross-Site Scripting (
CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point
Exceptio ...)
- espeak-ng 1.51+dfsg-12 (bug #1059060)
[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
- [bullseye] - espeak-ng <no-dsa> (Minor issue)
[buster] - espeak-ng <no-dsa> (Minor issue)
NOTE: https://github.com/espeak-ng/espeak-ng/issues/1823
NOTE:
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow
via the ...)
- espeak-ng 1.51+dfsg-12 (bug #1059060)
[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
- [bullseye] - espeak-ng <no-dsa> (Minor issue)
[buster] - espeak-ng <no-dsa> (Minor issue)
NOTE: https://github.com/espeak-ng/espeak-ng/issues/1826
NOTE:
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer
Overflow v ...)
- espeak-ng 1.51+dfsg-12 (bug #1059060)
[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
- [bullseye] - espeak-ng <no-dsa> (Minor issue)
[buster] - espeak-ng <no-dsa> (Minor issue)
NOTE: https://github.com/espeak-ng/espeak-ng/issues/1827
NOTE:
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer
Underflow ...)
- espeak-ng 1.51+dfsg-12 (bug #1059060)
[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
- [bullseye] - espeak-ng <no-dsa> (Minor issue)
[buster] - espeak-ng <no-dsa> (Minor issue)
NOTE: https://github.com/espeak-ng/espeak-ng/issues/1825
NOTE:
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow
via the ...)
- espeak-ng 1.51+dfsg-12 (bug #1059060)
[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
- [bullseye] - espeak-ng <no-dsa> (Minor issue)
[buster] - espeak-ng <no-dsa> (Minor issue)
NOTE: https://github.com/espeak-ng/espeak-ng/issues/1824
NOTE:
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 May 2025] DLA-4198-1 espeak-ng - security update
+ {CVE-2023-49990 CVE-2023-49991 CVE-2023-49992 CVE-2023-49993
CVE-2023-49994}
+ [bullseye] - espeak-ng 1.50+dfsg-7+deb11u2
[31 May 2025] DLA-4197-1 python-flask-cors - security update
{CVE-2024-1681 CVE-2024-6839 CVE-2024-6844 CVE-2024-6866}
[bullseye] - python-flask-cors 3.0.9-2+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -93,14 +93,6 @@ epiphany-browser
NOTE: 20250429: Added by Front-Desk (lamby)
NOTE: 20250429: Changes the UI to prompt when opening URLs in external
applications. (lamby)
--
-espeak-ng (Thorsten Alteholz)
- NOTE: 20240816: Added by Front-Desk (Beuc)
- NOTE: 20240816: Follow fixes from bookworm 12.5 (5 CVEs) (Beuc/front-desk)
- NOTE: 20240929: Upstream patches not enough to fix issues in bullseye.
(abhijith)
- NOTE: 20240929: Can be still reproduced (abhijith)
- NOTE: 20241014: Still looking at the incomplete fixes (abhijith)
- NOTE: 20241104: haven't spend time to look in to it. Will look after fixing
puma (abhijith)
---
fastdds
NOTE: 20250303: Added by Front-Desk (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a4233c8eeeb801c1eff425e1f226c8445cf36df...b0e5f08191fcac5f6b4b3cb8fc66d1ab8908f81c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a4233c8eeeb801c1eff425e1f226c8445cf36df...b0e5f08191fcac5f6b4b3cb8fc66d1ab8908f81c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
