Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1dabcf70 by Salvatore Bonaccorso at 2025-12-18T22:12:15+01:00
Add CVE-2025-63757/ffmpeg
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -79,7 +79,12 @@ CVE-2025-64236 (Authentication Bypass Using an Alternate
Path or Channel vulnera
CVE-2025-64235 (Improper Limitation of a Pathname to a Restricted Directory
('Path Tra ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-63757 (Integer overflow vulnerability in the yuv2ya16_X_c_template
function i ...)
- TODO: check
+ - ffmpeg 7:7.1.3-1
+ NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20698
+ NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/0c6b7f9483a38657c9be824572b4c0c45d4d9fef
(master)
+ NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/716cf25eb8616e8e068a7c2a5d23ae107bd117b4
(n8.0.1)
+ NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/19877054e340e2babb7ef0d00e81c12bfeb19391
(n7.1.3)
+ NOTE:
https://code.ffmpeg.org/FFmpeg/FFmpeg/ac4caa33bae5841649c61d4f8a0608dfa59c4fa1
(n5.1.8)
CVE-2025-63391 (An authentication bypass vulnerability exists in Open-WebUI
<=0.6.32 i ...)
NOT-FOR-US: open-webui
CVE-2025-63390 (An authentication bypass vulnerability exists in AnythingLLM
v1.8.5 in ...)
=====================================
data/DSA/list
=====================================
@@ -17,7 +17,7 @@
[bookworm] - chromium 143.0.7499.109-1~deb12u1
[trixie] - chromium 143.0.7499.109-1~deb13u1
[10 Dec 2025] DSA-6079-1 ffmpeg - security update
- {CVE-2024-36618 CVE-2025-1594}
+ {CVE-2024-36618 CVE-2025-1594 CVE-2025-63757}
[bookworm] - ffmpeg 7:5.1.8-0+deb12u1
[10 Dec 2025] DSA-6078-1 firefox-esr - security update
{CVE-2025-14321 CVE-2025-14322 CVE-2025-14323 CVE-2025-14324
CVE-2025-14325 CVE-2025-14328 CVE-2025-14329 CVE-2025-14330 CVE-2025-14331
CVE-2025-14333}
@@ -38,7 +38,7 @@
[bookworm] - webkit2gtk 2.50.3-1~deb12u1
[trixie] - webkit2gtk 2.50.3-1~deb13u1
[07 Dec 2025] DSA-6073-1 ffmpeg - security update
- {CVE-2025-25473}
+ {CVE-2025-25473 CVE-2025-63757}
[trixie] - ffmpeg 7:7.1.3-0+deb13u1
[04 Dec 2025] DSA-6072-1 chromium - security update
{CVE-2025-13630 CVE-2025-13631 CVE-2025-13632 CVE-2025-13633
CVE-2025-13634 CVE-2025-13635 CVE-2025-13636 CVE-2025-13637 CVE-2025-13638
CVE-2025-13639 CVE-2025-13640 CVE-2025-13720 CVE-2025-13721}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dabcf701f3a1a76d5d916af976c1f64db8699b1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dabcf701f3a1a76d5d916af976c1f64db8699b1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
