Paride Legovini pushed to branch master at Debian Security Tracker / security-tracker
Commits: dcdd57c2 by Paride Legovini at 2025-08-30T17:24:47+02:00 Postpone CVE-2025-52194/bullseye Follow Bookworm; crash does not reproduce with provided PoC file [1] on a Bullseye system. This does not mean Bullseye is not-affected, but it is an indicator that is _may_ be unaffected. Building the package with ASAN instrumentation may be needed to reproduce the issue, see [1]. This is not something users would normally be doing. [1] https://github.com/libsndfile/libsndfile/issues/1082 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -2527,6 +2527,7 @@ CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version 1.2 - libsndfile <unfixed> (bug #1111876) [trixie] - libsndfile <no-dsa> (Minor issue) [bookworm] - libsndfile <no-dsa> (Minor issue) + [bullseye] - libsndfile <postponed> (Minor issue, possibly not-affected) NOTE: https://github.com/libsndfile/libsndfile/issues/1082 CVE-2025-51989 (HTML injection vulnerability in the registration interface in Evolutio ...) NOT-FOR-US: HRmaster View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcdd57c26420911bfac84a0b7d4d89224875512c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dcdd57c26420911bfac84a0b7d4d89224875512c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
