[Git][security-tracker-team/security-tracker][master] Update status for screen issues

Salvatore Bonaccorso (@carnil) Mon, 12 May 2025 11:23:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
133036cc by Salvatore Bonaccorso at 2025-05-12T20:22:39+02:00
Update status for screen issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,23 +1,25 @@
 CVE-2025-46805
-       - screen <unfixed>
+       - screen <unfixed> (unimportant)
        NOTE: Fixed by: 
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=161f85b98b7e1d5e4893aeed20f4cdb5e3dfaaa4
        NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
+       NOTE: screen in Debian not installed setuid or setgid
 CVE-2025-46804
-       - screen <unfixed>
+       - screen <unfixed> (unimportant)
        NOTE: Fixed by: 
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30
        NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
+       NOTE: screen in Debian not installed setuid or setgid
 CVE-2025-46803
        - screen <not-affected> (Vulnerable code only introduced in Scren v5 
branch)
        NOTE: Introduced with: 
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=78a961188f7da528c7cefcc63e07f35f04e69a93
 (v.5.0.0)
        NOTE: Fixed by: 
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=d5d7bf43f3842e8b62d5f34eb4b031de7c8098c1
        NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
 CVE-2025-46802
-       - screen <unfixed>
-       [bookworm] - screen <no-dsa> (Minor issue when Screen no installed 
setuid-root)
+       - screen <unfixed> (unimportant)
        NOTE: Fixed by: 
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a
        NOTE: https://www.openwall.com/lists/oss-security/2025/05/12/1
        NOTE: Has potential to break some reattach use cases, but the specific 
use case
        NOTE: was broken already before.
+       NOTE: screen in Debian not installed setuid or setgid
 CVE-2025-23395
        - screen <not-affected> (Vulnerable code only introduced in Scren v5 
branch)
        NOTE: Introduced with: 
https://git.savannah.gnu.org/cgit/screen.git/commit/?id=441bca708bd197ae15d031ccfd2b42077eeebedc
 (v.5.0.0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133036cc614ad57aadf3fead3292e0e69bf41be2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/133036cc614ad57aadf3fead3292e0e69bf41be2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Update status for screen issues

Reply via email to