[Git][security-tracker-team/security-tracker][master] Reserve DLA-4424-1 for openjpeg2

@rouca Mon, 29 Dec 2025 06:52:41 -0800


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
658e3e55 by Bastien Roucariès at 2025-12-29T15:52:13+01:00
Reserve DLA-4424-1 for openjpeg2

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -50895,7 +50895,6 @@ CVE-2025-51533 (An Insecure Direct Object Reference 
(IDOR) in Sage DPW v2024_12_
 CVE-2025-50952 (openjpeg v 2.5.0 was discovered to contain a NULL pointer 
dereference  ...)
        - openjpeg2 2.5.3-1
        [bookworm] - openjpeg2 2.5.0-2+deb12u2
-       [bullseye] - openjpeg2 <postponed> (Minor issue)
        NOTE: https://github.com/uclouvain/openjpeg/issues/1505
        NOTE: Fixed by: 
https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37
 (v2.5.1)
 CVE-2025-50692 (FoxCMS <=v1.2.5 is vulnerable to Code Execution in 
admin/template_file ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[29 Dec 2025] DLA-4424-1 openjpeg2 - security update
+       {CVE-2025-50952}
+       [bullseye] - openjpeg2 2.4.0-3+deb11u2
 [28 Dec 2025] DLA-4423-1 kodi - security update
        {CVE-2023-23082 CVE-2023-30207}
        [bullseye] - kodi 2:19.1+dfsg2-2+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -312,11 +312,6 @@ opencryptoki
   NOTE: 20250505: 
https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
   NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in 
all dists (Beuc/front-desk)
 --
-openjpeg2 (rouca)
-  NOTE: 20251206: Added by Front-Desk (rouca)
-  NOTE: 20251206: Avoid regression from buster: CVE-2025-50952 
(rouca/front-desk)
-  NOTE: 20251206: Fix postponed CVE and do dsa/PU work if needed 
(rouca/front-desk)
---
 osslsigncode (abhijith)
   NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658e3e55ec31094b0bc5206fae20f6bbecb3317b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/658e3e55ec31094b0bc5206fae20f6bbecb3317b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Reserve DLA-4424-1 for openjpeg2

Reply via email to