Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4ec35611 by Salvatore Bonaccorso at 2025-08-05T12:16:16+02:00
Update notes for VE-2025-54349, CVE-2025-54350 and CVE-2025-54351
Mark issues as to be fixed via point release.
CVE-2025-54349 requires SSL authentication enabled to be exploited.
CVE-2025-54350, samewise but will be before authentication.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -329,16 +329,23 @@ CVE-2025-54955 (OpenNebula Community Edition (CE) before
7.0.0 and Enterprise Ed
- opennebula <removed>
CVE-2025-54351 (In iperf before 3.19.1, net.c has a buffer overflow when
--skip-rx-cop ...)
- iperf3 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0001.txt.asc
NOTE: Introduced with:
https://github.com/esnet/iperf/commit/daea2dc307cb2b1e2c76ebe4d00659d321e13442
(3.19)
NOTE: Fixed by:
https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0
(master)
NOTE: Fixed by:
https://github.com/esnet/iperf/commit/c9af85a384859365b7184be173da4876437aaf40
(3.19.1)
CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode
assertion fail ...)
- iperf3 3.19.1-1 (bug #1110376)
+ [trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL
authentication; will be fixed via point release)
+ [bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL
authentication; will be fixed via point release)
+ NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0002.txt.asc
NOTE: Introduced with
https://github.com/esnet/iperf/commit/a51045de196f762fb74c86184b03da148c4e8f07
(3.2rc1)
NOTE: Fixed by:
https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a
(master)
NOTE: Fixed by:
https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1
(3.19.1)
CVE-2025-54349 (In iperf before 3.19.1, iperf_auth.c has an off-by-one error
and resul ...)
- iperf3 3.19.1-1 (bug #1110376)
+ [trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL
authentication; will be fixed via point release)
+ [bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL
authentication; will be fixed via point release)
+ NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0003.txt.asc
NOTE: Introduced with
https://github.com/esnet/iperf/commit/a51045de196f762fb74c86184b03da148c4e8f07
(3.2rc1)
NOTE: Fixed by:
https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf
(master)
NOTE: Fixed by:
https://github.com/esnet/iperf/commit/42280d2292ed5f213bfcb33b2206ebcdb151ae66
(3.19.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec35611c3f50d35e169107760d3e71682ca0600
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ec35611c3f50d35e169107760d3e71682ca0600
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
