[Git][security-tracker-team/security-tracker][master] Demote CVE-2025-14369/libsdl2-mixer to unimportant

Sun, 25 Jan 2026 08:09:03 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d7472cbf by Salvatore Bonaccorso at 2026-01-25T17:07:02+01:00
Demote CVE-2025-14369/libsdl2-mixer to unimportant

We could alternatively just drop the tracking as while the source for
libsdl2-mixer embbeds the vulnerable dr_libs, Debian's src:libsdl2-mixer
is compiled with that coded disabled (--enable-music-flac-libflac
--disable-music-flac-drflac).

Thanks: Simon McVittie for the analysis.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2526,13 +2526,13 @@ CVE-2025-14377 (A security issue was discovered within 
the legacy Ansible playbo
 CVE-2025-14376 (A security issue was discovered within the legacy ADI server 
component ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains 
an inte ...)
-       - libsdl2-mixer <unfixed>
-       [trixie] - libsdl2-mixer <no-dsa> (Minor issue)
-       [bookworm] - libsdl2-mixer <no-dsa> (Minor issue)
+       - libsdl2-mixer <unfixed> (unimportant)
        - libchdr <unfixed>
        NOTE: qtads, dosbox-x and love bundle a copy, but these are standalone 
end user apps, so no security impact
        NOTE: 
https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0
        NOTE: https://www.kb.cert.org/vuls/id/924114
+       NOTE: libsdl2-mixer embedds vulnerable code in dr_flac, but is compiled 
with coded
+       NOTE: disabled via --enable-music-flac-libflac 
--disable-music-flac-drflac
 CVE-2025-14115 (IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 
6.3.0.6 ...)
        NOT-FOR-US: IBM
 CVE-2025-14027 (Multiple denial-of-service vulnerabilities exist in the 
affected produ ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7472cbf4471e4943484e87205d2d15959264216

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7472cbf4471e4943484e87205d2d15959264216
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to