[Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: add libsndfile

Sun, 24 Aug 2025 13:23:02 -0700 


Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b8833640 by Daniel Leidert at 2025-08-24T21:32:27+02:00
dla-needed: add libsndfile

- - - - -
09e2297a by Daniel Leidert at 2025-08-24T21:37:10+02:00
lts: triage CVE-2022-33064/libsndfile for Bullseye

Upstream issue shows multiple reports that this is a false-positive.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -287307,6 +287307,8 @@ CVE-2022-33064 (An off-by-one error in function 
wav_read_header in src/wav.c in
        [bullseye] - libsndfile <no-dsa> (Minor issue)
        [buster] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/libsndfile/libsndfile/issues/832
+       NOTE: Upstream disputes issue as possible false-positive:
+       NOTE: 
https://github.com/libsndfile/libsndfile/issues/832#issuecomment-1702253852 ff
 CVE-2022-33063
        RESERVED
 CVE-2022-33062


=====================================
data/dla-needed.txt
=====================================
@@ -211,6 +211,10 @@ libphp-adodb (abhijith)
   NOTE: 20250807: Added by Front-Desk (rouca)
   NOTE: 20250807: Fix other CVEs and try to propose a PU (rouca)
 --
+libsndfile
+  NOTE: 20250824: Added by Front-Desk (dleidert)
+  NOTE: 20250824: Follow OSPU (#1111987) and update Bullseye and fix open 
no-dsa (dleidert/FD)
+--
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0252158ddccfbbe1bdb40a937166c61ef4dffec...09e2297abceb43c9055bd61aafb0b0cd007719c0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f0252158ddccfbbe1bdb40a937166c61ef4dffec...09e2297abceb43c9055bd61aafb0b0cd007719c0
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to