Hi, On Tue, Apr 15, 2025 at 09:52:18AM +0000, Sunil Kumar Dora wrote: > Dear Debian Security Team, > > I am writing to kindly request clarification regarding the security > vulnerability CVE-2025-1176, which appears to affect the binutils > package across several Debian releases, including bullseye > (2.35.2-2), bookworm (2.40-2), and sid/trixie (2.44-3), as noted on > the Debian Security Tracker. > > Could you please confirm the current status of this vulnerability > and whether any mitigation or update is planned for the affected > versions? If there are any recommendations for handling this issue > in the meantime, I would greatly appreciate your guidance.
You can always consult the security-tracker for a status on a CVE id in Debian: https://security-tracker.debian.org/tracker/CVE-2025-1176 there you will see how it is classified, in particular binutils is not covered by security support. Consult as well https://www.debian.org/security/faq#cve-severity-assessment . Regards, Salvatore
