[Git][security-tracker-team/security-tracker][master] Triage CVE-2025-59375/expat for bullseye.

Sat, 08 Nov 2025 01:37:30 -0800 


Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
98293eec by Guilhem Moulin at 2025-11-08T10:32:20+01:00
Triage CVE-2025-59375/expat for bullseye.

And remove from dla-needed.txt.  Following Security Team triaging from
3d359c69864f2aa8785622891518dfbbf9707dc6 .

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -20693,6 +20693,7 @@ CVE-2025-59375 (libexpat in Expat before 2.7.2 allows 
attackers to trigger large
        - expat 2.7.2-1 (bug #1115298)
        [trixie] - expat <no-dsa> (Minor issue)
        [bookworm] - expat <ignored> (Minor issue)
+       [bullseye] - expat <ignored> (Minor issue)
        NOTE: https://github.com/libexpat/libexpat/issues/1018
        NOTE: https://github.com/libexpat/libexpat/pull/1034
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/0872c189db6e457084fca335662a9cb49e8ec4c7
 (R_2_7_2)


=====================================
data/dla-needed.txt
=====================================
@@ -79,11 +79,6 @@ erlang
   NOTE: 20251016: 
https://salsa.debian.org/erlang-team/packages/erlang/-/merge_requests/3
   NOTE: 20251016: ssh related CVE patches seems too invasive to backport 
(jspricke)
 --
-expat
-  NOTE: 20250922: Added by Front-Desk (ta)
-  NOTE: 20251020: In progress, the fix for CVE-2025-59375 is very intrusive and
-  NOTE: 20251020: triaging it like CVE-2024-28757 might make sense (guilhem)
---
 ffmpeg
   NOTE: 20251102: Added by Front-Desk (apo)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98293eec01e2864ba4d7d95a0e6479213ea76a1f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98293eec01e2864ba4d7d95a0e6479213ea76a1f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to