Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1ec9624 by Moritz Muehlenhoff at 2025-08-29T20:31:21+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31910,6 +31910,7 @@ CVE-2025-4478 (A flaw was found in the FreeRDP used by
Anaconda's remote install
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/a4bb702aa62e4fad91ca99142de075265555ec18
CVE-2025-23165 (In Node.js, the `ReadFileUtf8` internal binding leaks memory
due to a ...)
- nodejs 20.19.2+dfsg-1 (bug #1105832)
+ [bookworm] - nodejs <not-affected> (Vulnerable code not present)
[bullseye] - nodejs <not-affected> (The vulnerable code was introduced
later)
NOTE:
https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#corrupted-pointer-in-nodefsreadfileutf8const-functioncallbackinfovalue-args-when-args0-is-a-string-cve-2025-23165---low
NOTE: https://github.com/nodejs/node/issues/57800
@@ -76169,19 +76170,21 @@ CVE-2023-6605 (A flaw was found in FFmpeg's DASH
playlist support. This vulnerab
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/4c96d6bf75357ab13808efc9f08c1b41b1bf5bdf
(master)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/c3c7ecfe48d464a0b06564f2e92504b1d9c91d69
(n7.1.1)
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/097131a6474bd6294ff337fa92025df60dff907a
(n5.1.7)
CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows
unexpected addit ...)
{DLA-4241-1}
- ffmpeg 7:7.1.1-1
- [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
(master)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897
(n7.1.1)
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/9803800e0e8cd8e1e7695f77cfbf4e0db0abfe57
(n5.1.7)
CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability
allows by ...)
{DLA-4241-1}
- - ffmpeg <unfixed>
- [trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 7.1 branch)
- [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
+ - ffmpeg 7:7.1.1-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
(master)
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897
(n7.1.1)
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/9803800e0e8cd8e1e7695f77cfbf4e0db0abfe57
(n5.1.7)
CVE-2024-56769 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
{DLA-4076-1 DLA-4075-1}
- linux 6.12.8-1
@@ -77387,17 +77390,17 @@ CVE-2023-50850 (Missing Authorization vulnerability
in Woo WooCommerce Subscript
CVE-2023-48775 (Missing Authorization vulnerability in Gfazioli WP Cleanfix
allows Exp ...)
NOT-FOR-US: WordPress plugin
CVE-2023-6603 (A flaw was found in FFmpeg's HLS playlist parsing. This
vulnerability ...)
- - ffmpeg <unfixed>
- [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
+ - ffmpeg 7:5.0.1-2
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed
upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334335
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3
(n5.0)
CVE-2023-6602 (A flaw was found in FFmpeg's TTY Demuxer. This vulnerability
allows po ...)
{DLA-4241-1}
- ffmpeg 7:7.1.1-1
- [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334338
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/91d96dc8ddaebe0b6cb393f672085e6bfaf15a31
(master)
NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/b753bac08f6881b2d3dea8f1ab84c81550f35897
(n7.1.1)
+ NOTE: Fixed by:
https://github.com/FFmpeg/FFmpeg/commit/9803800e0e8cd8e1e7695f77cfbf4e0db0abfe57
(n5.1.7)
CVE-2024-45497 (A flaw was found in the OpenShift build process, where the
docker-buil ...)
NOT-FOR-US: OpenShift
CVE-2024-13058 (An issue exists in SoftIron HyperCloud where authenticated,
but non-a ...)
=====================================
data/DSA/list
=====================================
@@ -21,7 +21,7 @@
[bookworm] - node-cipher-base 1.0.4-6+deb12u1
[trixie] - node-cipher-base 1.0.4-6+deb13u1
[25 Aug 2025] DSA-5985-1 ffmpeg - security update
- {CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31582
CVE-2024-35367 CVE-2024-35368 CVE-2025-0518 CVE-2025-7700 CVE-2025-22919}
+ {CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31582
CVE-2024-35367 CVE-2024-35368 CVE-2025-0518 CVE-2025-7700 CVE-2025-22919
CVE-2023-6605 CVE-2023-6602 CVE-2023-6604 CVE-2023-6601}
[bookworm] - ffmpeg 7:5.1.7-0+deb12u1
[24 Aug 2025] DSA-5984-1 thunderbird - security update
{CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9185}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ec9624da36e9ed68d266bb9bbef0932ed973bb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1ec9624da36e9ed68d266bb9bbef0932ed973bb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
