Andreas Henriksson pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
46ba0bbc by Andreas Henriksson at 2026-06-24T14:13:08+02:00
Reserve DLA-4644-1 for libmatio
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -94225,7 +94225,6 @@ CVE-2025-50343 (An issue was discovered in matio
1.5.28. A heap-based memory cor
[experimental] - libmatio 1.5.30-1
- libmatio 1.5.30-2 (bug #1124797)
[trixie] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
- [bookworm] - libmatio <no-dsa> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/tbeu/matio/issues/275
NOTE: Fixed by:
https://github.com/tbeu/matio/commit/41b505410dafaa236b61b52c7910d4c4831404f2
CVE-2025-15359 (DVP-12SE11T - Out-of-bound memory write Vulnerability)
@@ -193744,12 +193743,10 @@ CVE-2025-2338 (A vulnerability, which was
classified as critical, was found in t
{DLA-4459-1}
- libmatio 1.5.29-1 (bug #1104247)
[trixie] - libmatio <no-dsa> (Minor issue)
- [bookworm] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/269
NOTE: Fixed by:
https://github.com/tbeu/matio/commit/7b31881ea1da30b075658502961dfcc95353d9ae
(v1.5.29)
CVE-2025-2337 (A vulnerability, which was classified as critical, has been
found in t ...)
- libmatio 1.5.28-2 (bug #1100992)
- [bookworm] - libmatio <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - libmatio <not-affected> (Vulnerable code introduced in
v1.5.20, commit 67a922f83467d694fa6e)
NOTE: https://github.com/tbeu/matio/issues/267
NOTE: Introduced with:
https://github.com/tbeu/matio/commit/67a922f83467d694fa6e9759ac9a30b6ab82aec4
(v1.5.20)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Jun 2026] DLA-4644-1 libmatio - security update
+ {CVE-2025-2337 CVE-2025-2338 CVE-2025-50343}
+ [bookworm] - libmatio 1.5.23-2+deb12u1
[23 Jun 2026] DLA-4643-1 imagemagick - security update
{CVE-2026-48733 CVE-2026-48734 CVE-2026-48994 CVE-2026-49218
CVE-2026-53460 CVE-2026-53463}
[bullseye] - imagemagick 8:6.9.11.60+dfsg-1.3+deb11u14
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ba0bbc7051cacbad98bc45a401722c62c321b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/46ba0bbc7051cacbad98bc45a401722c62c321b3
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits