[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 25 Aug 2025 13:13:16 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
188d3657 by security tracker role at 2025-08-25T20:12:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,44 +1,206 @@
-CVE-2025-53518
+CVE-2025-9417 (A weakness has been identified in itsourcecode Apartment 
Management Sy ...)
+       TODO: check
+CVE-2025-9416 (A security flaw has been discovered in oitcode samarium up to 
0.9.6. T ...)
+       TODO: check
+CVE-2025-9415 (A vulnerability was identified in GreenCMS up to 2.3.0603. This 
affect ...)
+       TODO: check
+CVE-2025-9414 (A vulnerability was found in kalcaddle kodbox 1.61. Affected by 
this v ...)
+       TODO: check
+CVE-2025-9413 (A flaw has been found in lostvip-com ruoyi-go up to 2.1. This 
impacts  ...)
+       TODO: check
+CVE-2025-9412 (A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. 
This a ...)
+       TODO: check
+CVE-2025-9411 (A security vulnerability has been detected in lostvip-com 
ruoyi-go up  ...)
+       TODO: check
+CVE-2025-9410 (A weakness has been identified in lostvip-com ruoyi-go up to 
2.1. The  ...)
+       TODO: check
+CVE-2025-9409 (A security flaw has been discovered in lostvip-com ruoyi-go up 
to 2.1. ...)
+       TODO: check
+CVE-2025-9407 (A flaw has been found in mtons mblog up to 3.5.0. Affected by 
this vul ...)
+       TODO: check
+CVE-2025-8562 (The Custom Query Shortcode plugin for WordPress is vulnerable 
to Path  ...)
+       TODO: check
+CVE-2025-7426 (Information disclosure and exposure of authentication FTP 
credentials  ...)
+       TODO: check
+CVE-2025-6737 (Securden\u2019s Unified PAM Remote Vendor Gateway access portal 
shares ...)
+       TODO: check
+CVE-2025-5302 (A denial of service vulnerability exists in the JSONReader 
component o ...)
+       TODO: check
+CVE-2025-57811 (Craft is a platform for creating digital experiences. From 
versions 4. ...)
+       TODO: check
+CVE-2025-57802 (Airlink's Daemon interfaces with Docker and the Panel to 
provide secur ...)
+       TODO: check
+CVE-2025-57773 (DataEase is an open source business intelligence and data 
visualizatio ...)
+       TODO: check
+CVE-2025-57772 (DataEase is an open source business intelligence and data 
visualizatio ...)
+       TODO: check
+CVE-2025-57760 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
+       TODO: check
+CVE-2025-56216 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2025-56215 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2025-56214 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2025-56212 (phpgurukul Hospital Management System 4.0 is vulnerable to SQL 
Injecti ...)
+       TODO: check
+CVE-2025-55575 (SQL Injection vulnerability in SMM Panel 3.1 allowing remote 
attackers ...)
+       TODO: check
+CVE-2025-55574 (Cross Site Scripting vulnerability in docmost v.0.21.0 and 
before allo ...)
+       TODO: check
+CVE-2025-55409 (FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in 
/index. ...)
+       TODO: check
+CVE-2025-55301 (The Scratch Channel is a news website. In version 1, it is 
possible to ...)
+       TODO: check
+CVE-2025-54493 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54492 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54491 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54490 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54489 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54488 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54487 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54486 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54485 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54484 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54483 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54482 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54481 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
+       TODO: check
+CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and 
writing ...)
+       TODO: check
+CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image 
Decoding fun ...)
+       TODO: check
+CVE-2025-53120 (A path traversal vulnerability in unauthenticated upload 
functionality ...)
+       TODO: check
+CVE-2025-53119 (An unauthenticated unrestricted file upload vulnerability 
allows an at ...)
+       TODO: check
+CVE-2025-53118 (An authentication bypass vulnerability exists which allows an 
unauthen ...)
+       TODO: check
+CVE-2025-53085 (A memory corruption vulnerability exists in the PSD RLE 
Decoding funct ...)
+       TODO: check
+CVE-2025-52930 (A memory corruption vulnerability exists in the BMPv3 RLE 
Decoding fun ...)
+       TODO: check
+CVE-2025-52456 (A memory corruption vulnerability exists in the WebP Image 
Decoding fu ...)
+       TODO: check
+CVE-2025-52130 (File upload vulnerability in WebErpMesv2 1.17 in the 
app/Http/Controll ...)
+       TODO: check
+CVE-2025-51281 (D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via 
the en` ...)
+       TODO: check
+CVE-2025-50900 (An issue was discovered in getrebuild/rebuild 4.0.4. The 
affected sour ...)
+       TODO: check
+CVE-2025-50722 (Insecure Permissions vulnerability in sparkshop v.1.1.7 allows 
a remot ...)
+       TODO: check
+CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to 
contain a SQ ...)
+       TODO: check
+CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image 
Decoding fun ...)
+       TODO: check
+CVE-2025-48303 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin 
Langley Jr. P ...)
+       TODO: check
+CVE-2025-46407 (A memory corruption vulnerability exists in the BMPv3 Palette 
Decoding ...)
+       TODO: check
+CVE-2025-45968 (An issue in System PDV v1.0 allows a remote attacker to obtain 
sensiti ...)
+       TODO: check
+CVE-2025-44179 (Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection 
vulnera ...)
+       TODO: check
+CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper 
access  ...)
+       TODO: check
+CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial 
of Serv ...)
+       TODO: check
+CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been 
identified  ...)
+       TODO: check
+CVE-2025-3456 (On affected platforms running Arista EOS, the global common 
encryption ...)
+       TODO: check
+CVE-2025-35984 (A memory corruption vulnerability exists in the PCX Image 
Decoding fun ...)
+       TODO: check
+CVE-2025-32468 (A memory corruption vulnerability exists in the BMPv3 Image 
Decoding f ...)
+       TODO: check
+CVE-2025-29525 (DASAN GPON ONU H660WM OS version H660WMR210825 Hardware 
version DS-E5- ...)
+       TODO: check
+CVE-2025-29524 (Incorrect access control in the component 
/cgi-bin/system_diagnostic_m ...)
+       TODO: check
+CVE-2025-29523 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was 
discover ...)
+       TODO: check
+CVE-2025-29522 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was 
discover ...)
+       TODO: check
+CVE-2025-29521 (Insecure default credentials for the Adminsitrator account of 
D-Link D ...)
+       TODO: check
+CVE-2025-29520 (Incorrect access control in the Maintenance module of D-Link 
DSL-7740C ...)
+       TODO: check
+CVE-2025-29519 (A command injection vulnerability in the EXE parameter of 
D-Link DSL-7 ...)
+       TODO: check
+CVE-2025-29517 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was 
discover ...)
+       TODO: check
+CVE-2025-29516 (D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was 
discover ...)
+       TODO: check
+CVE-2025-29515 (Incorrect access control in the DELT_file.xgi endpoint of 
D-Link DSL-7 ...)
+       TODO: check
+CVE-2025-29514 (Incorrect access control in the config.xgi function of D-Link 
DSL-7740 ...)
+       TODO: check
+CVE-2025-29421 (PerfreeBlog v4.0.11 has an arbitrary file read vulnerability 
in the ge ...)
+       TODO: check
+CVE-2025-29420 (PerfreeBlog v4.0.11 has a directory traversal vulnerability in 
the get ...)
+       TODO: check
+CVE-2024-46413 (Rebuild v3.7.7 was discovered to contain a Server-Side Request 
Forgery ...)
+       TODO: check
+CVE-2024-46412 (Incorrect access control in the prehandle function of Rebuild 
v3.7.7 a ...)
+       TODO: check
+CVE-2024-39923 (An issue was discovered in Mahara 24.04 before 24.04.2 and 
23.04 befor ...)
+       TODO: check
+CVE-2023-47799 (Mahara before 22.10.4 and 23.x before 23.04.4 allows 
information discl ...)
+       TODO: check
+CVE-2025-53518 (An integer overflow vulnerability exists in the ABF parsing 
functional ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/d7d146b70b9b261b132dac7f9293271a4e8d481d/
-CVE-2025-53853
+CVE-2025-53853 (A heap-based buffer overflow vulnerability exists in the ISHNE 
parsing ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/bd1ed634059db8312ce521931bb90785723e5af9/
-CVE-2025-52581
+CVE-2025-52581 (An integer overflow vulnerability exists in the GDF parsing 
functional ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/0211292419ad9f1bf9693563692548a39491dad0/
-CVE-2025-54480
+CVE-2025-54480 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
-CVE-2025-54494
+CVE-2025-54494 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
-CVE-2025-53557
+CVE-2025-53557 (A heap-based buffer overflow vulnerability exists in the MFER 
parsing  ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
-CVE-2025-46411
+CVE-2025-46411 (A stack-based buffer overflow vulnerability exists in the MFER 
parsing ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
-CVE-2025-53511
+CVE-2025-53511 (A heap-based buffer overflow vulnerability exists in the MFER 
parsing  ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/ba2f1c381b10f5ab50c94be3291b2560af0f7a96/
-CVE-2025-52461
+CVE-2025-52461 (An out-of-bounds read vulnerability exists in the Nex parsing 
function ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/6c6be44f302156c53a1c305d54ea1705e5f9054d/
-CVE-2025-54462
+CVE-2025-54462 (A heap-based buffer overflow vulnerability exists in the Nex 
parsing f ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/6c6be44f302156c53a1c305d54ea1705e5f9054d/
-CVE-2025-48005
+CVE-2025-48005 (A heap-based buffer overflow vulnerability exists in the 
RHS2000 parsi ...)
        - biosig <unfixed>
        NOTE: https://sourceforge.net/p/biosig/mailman/message/59224259/
        NOTE: 
https://sourceforge.net/p/biosig/code/ci/cc49acf59adac883e1a4fadacc3e095de091eadd/
@@ -658,7 +820,7 @@ CVE-2024-58239 (In the Linux kernel, the following 
vulnerability has been resolv
        [bookworm] - linux 6.1.82-1
        [bullseye] - linux 5.10.216-1
        NOTE: 
https://git.kernel.org/linus/fdfbaec5923d9359698cbb286bc0deadbb717504 (6.8-rc6)
-CVE-2025-8678 (The WP Crontrol plugin for WordPress is vulnerable to 
Server-Side Requ ...)
+CVE-2025-8678 (The WP Crontrol plugin for WordPress is vulnerable to blind 
Server-Sid ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-8281 (The WP Talroo WordPress plugin through 2.4 does not sanitise 
and escap ...)
        NOT-FOR-US: WordPress plugin
@@ -1026,7 +1188,7 @@ CVE-2025-9238 (A vulnerability was determined in Swatadru 
Exam-Seating-Arrangeme
        NOT-FOR-US: Swatadru Exam-Seating-Arrangement
 CVE-2025-9237 (A vulnerability was found in CodeAstro Ecommerce Website 1.0. 
This imp ...)
        NOT-FOR-US: CodeAstro
-CVE-2025-9236 (A vulnerability has been found in Portabilis i-Diario up to 
2.10. This ...)
+CVE-2025-9236 (A vulnerability has been found in Portabilis i-Educar up to 
2.10. This ...)
        NOT-FOR-US: Portabilis
 CVE-2025-9235 (A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted 
element ...)
        NOT-FOR-US: Scada-LTS
@@ -1789,7 +1951,7 @@ CVE-2025-43738 (A reflected cross-site scripting (XSS) 
vulnerability in the Life
        NOT-FOR-US: Liferay
 CVE-2025-43737 (A reflected cross-site scripting (XSS) vulnerability in the 
Liferay Po ...)
        NOT-FOR-US: Liferay
-CVE-2025-41689 (An unauthenticated remote attacker can grant access without 
password p ...)
+CVE-2025-41689 (An unauthenticated remote attacker can get access without 
password pro ...)
        NOT-FOR-US: Motherbox
 CVE-2025-41685 (A low-privileged remote attacker can obtain the username of 
another re ...)
        NOT-FOR-US: SMA Solar Technology
@@ -2680,6 +2842,7 @@ CVE-2025-55207 (Astro is a web framework for 
content-driven websites. Following
 CVE-2025-55203 (Plane is open-source project management software. Prior to 
version 0.2 ...)
        NOT-FOR-US: Plane
 CVE-2025-54989 (Firebird is a relational database. Prior to versions 3.0.13, 
4.0.6, an ...)
+       {DLA-4282-1}
        - firebird3.0 3.0.13.ds7-1 (bug #1111321)
        [bookworm] - firebird3.0 <no-dsa> (Minor issue)
        - firebird4.0 4.0.6.3221.ds6-1 (bug #1111320)
@@ -10869,6 +11032,7 @@ CVE-2025-53644 (OpenCV is an Open Source Computer 
Vision Library. Versions prior
 CVE-2024-6234
        NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder 
(libavcodec/alsdec.c)]
+       {DSA-5985-1}
        - ffmpeg <unfixed>
        [trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 7.1 branch)
        [bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 4.3 branch)
@@ -60937,7 +61101,7 @@ CVE-2025-22920 (A heap buffer overflow vulnerability in 
FFmpeg before commit 4bf
        NOTE: Introduced with: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/545de54e3e0ce5ad1285aa5e111e6657ad803f79
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4bf784c0e5615c3f934e677d5de093a8be7da7ae
 CVE-2025-22919 (A reachable assertion in FFmpeg git-master commit 
N-113007-g8d24a28d06 ...)
-       {DLA-4073-1}
+       {DSA-5985-1 DLA-4073-1}
        - ffmpeg 7:7.1.1-1
        NOTE: https://trac.ffmpeg.org/ticket/11385
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/1446e37d3d032e1452844778b3e6ba2c20f0c322
@@ -62770,7 +62934,7 @@ CVE-2024-57951 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux 6.12.11-1
        [bookworm] - linux 6.1.128-1
        NOTE: 
https://git.kernel.org/linus/2f8dea1692eef2b7ba6a256246ed82c365fdc686 (6.13)
-CVE-2025-26467
+CVE-2025-26467 (Privilege Defined With Unsafe Actions vulnerability in Apache 
Cassandr ...)
        - cassandra <itp> (bug #585905)
 CVE-2024-31068 (Improper Finite State Machines (FSMs) in Hardware Logic for 
some Intel ...)
        {DLA-4095-1}
@@ -70184,7 +70348,7 @@ CVE-2025-20621 (Mattermost versions 10.2.x <= 10.2.0, 
9.11.x <= 9.11.5, 10.0.x <
 CVE-2025-20072 (Mattermost Mobile versions <= 2.22.0 fail to properly validate 
the sty ...)
        NOT-FOR-US: Mattermost Mobile
 CVE-2025-0518 (Unchecked Return Value, Out-of-bounds Read vulnerability in 
FFmpeg all ...)
-       {DLA-4073-1}
+       {DSA-5985-1 DLA-4073-1}
        - ffmpeg 7:7.1.1-1
        NOTE: Fixed by: 
https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a
        NOTE: Fixed by: 
https://github.com/FFmpeg/FFmpeg/commit/b827ac49b770635fc666f8543cb9585e1bc6308b
 (n7.1.1)
@@ -84048,12 +84212,12 @@ CVE-2024-35369 (In FFmpeg version n6.1.1, 
specifically within the avcodec/speexd
        [bullseye] - ffmpeg <not-affected> (native speex decode introduced in 
v5.0)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/0895ef0d6d6406ee6cd158fc4d47d80f201b8e9c
 (n7.0)
 CVE-2024-35368 (FFmpeg n7.0 is affected by a Double Free via the 
rkmpp_retrieve_frame  ...)
-       {DLA-4039-1}
+       {DSA-5985-1 DLA-4039-1}
        - ffmpeg 7:7.1-3
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c
 (n7.1)
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/d45964ac04a83f02cb6ddc63af6d0b646c7d9082
 (n5.1.7)
 CVE-2024-35367 (FFmpeg n6.1.1 has an Out-of-bounds Read via 
libavcodec/ppc/vp8dsp_alti ...)
-       {DLA-4039-1}
+       {DSA-5985-1 DLA-4039-1}
        - ffmpeg 7:7.0.1-3
        NOTE: 
https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667
 (n7.0)
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/1a874e645d4a0adef9b494482fc67d12d35395cd
 (n5.1.7)
@@ -118243,7 +118407,7 @@ CVE-2024-6791 (A directory path traversal 
vulnerability exists when loading a vs
        NOT-FOR-US: NI VeriStand
 CVE-2024-6717 (HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 
1.8.1 arc ...)
        - nomad <removed>
-CVE-2024-6420 (The Hide My WP Ghost  WordPress plugin before 5.2.02 does not 
prevent  ...)
+CVE-2024-6420 (The Hide My WP Ghost WordPress plugin before 5.2.02 does not 
prevent r ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-6231 (The Request a Quote WordPress plugin before 2.4.1 does not 
sanitise an ...)
        NOT-FOR-US: WordPress plugin
@@ -148074,6 +148238,7 @@ CVE-2023-50009 (FFmpeg v.n6.1-3-g466799d4f5 allows a 
heap-based buffer overflow
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/c443658d26d2b8e19901f9507a890e0efca79056
 (n7.0)
        NOTE: https://trac.ffmpeg.org/ticket/10699
 CVE-2023-50008 (FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when 
using the c ...)
+       {DSA-5985-1}
        [experimental] - ffmpeg 7:7.0-1
        - ffmpeg 7:7.0.1-3
        [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -148082,6 +148247,7 @@ CVE-2023-50008 (FFmpeg v.n6.1-3-g466799d4f5 allows 
memory consumption when using
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/28a7db723971c73f02ab5ad5f0a45fa288775e0a
 (n5.1.7)
        NOTE: https://trac.ffmpeg.org/ticket/10701
 CVE-2023-50007 (FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use 
of a par ...)
+       {DSA-5985-1}
        [experimental] - ffmpeg 7:7.0-1
        - ffmpeg 7:7.0.1-3
        [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
@@ -148092,7 +148258,7 @@ CVE-2023-50007 (FFmpeg v.n6.1-3-g466799d4f5 allows an 
attacker to trigger use of
 CVE-2023-49963 (DYMO LabelWriter Print Server through 2.366 contains a 
backdoor hard-c ...)
        NOT-FOR-US: DYMO LabelWriter Print Server
 CVE-2023-49502 (Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 
allows a  ...)
-       {DLA-3928-1}
+       {DSA-5985-1 DLA-3928-1}
        [experimental] - ffmpeg 7:7.0-1
        - ffmpeg 7:7.0.1-3
        [buster] - ffmpeg <postponed> (Pick up when fixed in most related 
branch)
@@ -148594,6 +148760,7 @@ CVE-2024-31583 (Pytorch before version v2.2.0 was 
discovered to contain a use-af
        [bullseye] - pytorch <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
 CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer 
overflow v ...)
+       {DSA-5985-1}
        [experimental] - ffmpeg 7:7.0-1
        - ffmpeg 7:7.0.1-3
        [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/188d3657ae84438b3c633715625a83ddcc1a2f5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/188d3657ae84438b3c633715625a83ddcc1a2f5f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to