Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e6c1d541 by Salvatore Bonaccorso at 2025-04-21T09:45:51+02:00
Add two new libheif CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,9 +11,12 @@ CVE-2025-43970 (An issue was discovered in GoBGP before
3.35.0. pkg/packet/mrt/m
- gobgp 3.35.0-1
NOTE: Fixed by:
https://github.com/osrg/gobgp/commit/5153bafbe8dbe1a2f02a70bbf0365e98b80e47b0
(v3.35.0)
CVE-2025-43967 (libheif before 1.19.6 has a NULL pointer dereference in
ImageItem_Grid ...)
- TODO: check
+ - libheif 1.19.7-1
+ NOTE: https://github.com/strukturag/libheif/issues/1455
+ NOTE: Fixed by:
https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671
(v1.19.6)
CVE-2025-43966 (libheif before 1.19.6 has a NULL pointer dereference in
ImageItem_iden ...)
- TODO: check
+ - libheif 1.19.7-1
+ NOTE: Fixed by:
https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c
(v1.19.6)
CVE-2025-43964 (In LibRaw before 0.21.4, tag 0x412 processing in
phase_one_correct in ...)
TODO: check
CVE-2025-43963 (In LibRaw before 0.21.4, phase_one_correct in
decoders/load_mfbacks.cp ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6c1d5412c136296c0d0f21f9ad45f40b40b6d3c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e6c1d5412c136296c0d0f21f9ad45f40b40b6d3c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
