Andreas Henriksson pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
46ba0bbc by Andreas Henriksson at 2026-06-24T14:13:08+02:00
Reserve DLA-4644-1 for libmatio

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -94225,7 +94225,6 @@ CVE-2025-50343 (An issue was discovered in matio 
1.5.28. A heap-based memory cor
        [experimental] - libmatio 1.5.30-1
        - libmatio 1.5.30-2 (bug #1124797)
        [trixie] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
-       [bookworm] - libmatio <no-dsa> (Minor issue, revisit when fixed 
upstream)
        NOTE: https://github.com/tbeu/matio/issues/275
        NOTE: Fixed by: 
https://github.com/tbeu/matio/commit/41b505410dafaa236b61b52c7910d4c4831404f2
 CVE-2025-15359 (DVP-12SE11T - Out-of-bound memory write Vulnerability)
@@ -193744,12 +193743,10 @@ CVE-2025-2338 (A vulnerability, which was 
classified as critical, was found in t
        {DLA-4459-1}
        - libmatio 1.5.29-1 (bug #1104247)
        [trixie] - libmatio <no-dsa> (Minor issue)
-       [bookworm] - libmatio <no-dsa> (Minor issue)
        NOTE: https://github.com/tbeu/matio/issues/269
        NOTE: Fixed by: 
https://github.com/tbeu/matio/commit/7b31881ea1da30b075658502961dfcc95353d9ae 
(v1.5.29)
 CVE-2025-2337 (A vulnerability, which was classified as critical, has been 
found in t ...)
        - libmatio 1.5.28-2 (bug #1100992)
-       [bookworm] - libmatio <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - libmatio <not-affected> (Vulnerable code introduced in 
v1.5.20, commit 67a922f83467d694fa6e)
        NOTE: https://github.com/tbeu/matio/issues/267
        NOTE: Introduced with: 
https://github.com/tbeu/matio/commit/67a922f83467d694fa6e9759ac9a30b6ab82aec4 
(v1.5.20)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jun 2026] DLA-4644-1 libmatio - security update
+       {CVE-2025-2337 CVE-2025-2338 CVE-2025-50343}
+       [bookworm] - libmatio 1.5.23-2+deb12u1
 [23 Jun 2026] DLA-4643-1 imagemagick - security update
        {CVE-2026-48733 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218 
CVE-2026-53460 CVE-2026-53463}
        [bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u14



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ba0bbc7051cacbad98bc45a401722c62c321b3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ba0bbc7051cacbad98bc45a401722c62c321b3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to