Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ce48a2a by Salvatore Bonaccorso at 2025-07-18T15:11:35+02:00
Update status for CVE-2025-53644
Since 3.1.0+dfsg1-1~exp1 the embbeded code copy of openjpeg2 is exclude
completely from source via Files-Excluded listing. Mark this version as
fixed version. Any CVE affecting openjpeg2 is handled separately and
this CVE was specific for OpenCV affected by the issue in the embedeed
copy.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -217,10 +217,12 @@ CVE-2023-47356 (Mingyu Security Gateway before v3.0-5.3p
was discovered to conta
CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download
vulnerabili ...)
TODO: check
CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions
prior to 4. ...)
- - opencv <unfixed>
+ - opencv 3.2.0+dfsg-1
NOTE: https://securitylab.github.com/advisories/GHSL-2025-057_OpenCV/
NOTE: https://github.com/opencv/opencv/issues/27271
NOTE: Fixed by:
https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466
(4.12.0)
+ NOTE: Since opencv/3.1.0+dfsg1-1~exp1 the embedded openjpeg2 copy is
ecluded
+ NOTE: completely via Files-Excluded.
CVE-2024-6234
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder
(libavcodec/alsdec.c)]
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce48a2ae4e99a68571a8e62504983597086d94d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ce48a2ae4e99a68571a8e62504983597086d94d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
