[Git][security-tracker-team/security-tracker][master] 2 commits: Add upstream tag reference for CVE-2025-49809

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
314403f7 by Salvatore Bonaccorso at 2026-05-06T08:06:26+02:00
Add upstream tag reference for CVE-2025-49809

- - - - -
bcf6f42a by Salvatore Bonaccorso at 2026-05-06T08:07:10+02:00
Track fixed version via unstable for CVE-2025-49809/mtr

Thanks: Tianyu Chen for reporting the status.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -122865,12 +122865,12 @@ CVE-2025-49867 (Incorrect Privilege Assignment 
vulnerability in InspiryThemes Re
 CVE-2025-49866 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-49809 (mtr through 0.95, in certain privileged contexts, mishandles 
execution ...)
-       - mtr <unfixed> (unimportant)
+       - mtr 0.96-1 (unimportant)
        NOTE: In Debian, mtr runs unprivileged and exec-s mtr-packet (or 
env[MTR_PACKAGE])
        NOTE: which has cap_net_raw.
        NOTE: Mitigation: if running mtr through sudo (typically MacOSX), 
requires
        NOTE: touching /etc/mtr.is.run.under.sudo to disable ENV[MTR_PACKET] 
fallback.
-       NOTE: Fixed by: 
https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6
+       NOTE: Fixed by: 
https://github.com/traviscross/mtr/commit/5226f105f087c29d3cfad9f28000e7536af91ac6
 (v0.96)
        NOTE: Introduced by: 
https://github.com/traviscross/mtr/commit/fcda9e8b82ca354049fa0ee9cfcb2eaaae623ee0
 (v0.88)
        NOTE: Negligible security impact on Debian
 CVE-2025-49601 (In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key 
does not  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/893ce0f35400189a04bcffff0909481134aa4c00...bcf6f42af122e73d12094e462ca5d15f7b6b0cd1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/893ce0f35400189a04bcffff0909481134aa4c00...bcf6f42af122e73d12094e462ca5d15f7b6b0cd1
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits