Re: usbmuxd/CVE-2025-66004

To: debian-lts@lists.debian.org
Subject: Re: usbmuxd/CVE-2025-66004
From: Roberto C. Sánchez <roberto@debian.org>
Date: Wed, 17 Dec 2025 09:35:22 -0500
Message-id: <[🔎] aUK_qpBEOVsn6geS@localhost>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 5d03ad659197714a6138d4a8e5d2efb27856cdf6.camel@debian.org>
References: <[🔎] 5d03ad659197714a6138d4a8e5d2efb27856cdf6.camel@debian.org>

On Wed, Dec 17, 2025 at 12:04:18PM +0100, Daniel Leidert wrote:
> Hi,
> 
> when I was checking usbmuxd last week, it hadn't been triaged yet by
> the security team. Judging by the description, it appears that the
> damage that this issue could do is limited. However, Ubuntu released an
> update with the fix for all of their releases. IMHO it makes sense to
> cover that in Debian too and add it to dla-needed.txt (and ela-
> needed.txt if appropriate).
> 
I agree. It would be best to include a note indicating that as of the
time of LTS triage that secteam has not yet triaged the package, so that
whoever ends up working on it knows to coordinate with secteam and/or
SRM in advance.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Follow-Ups:
- Re: usbmuxd/CVE-2025-66004
  - From: Utkarsh Gupta <guptautkarsh2102@gmail.com>

References:
- usbmuxd/CVE-2025-66004
  - From: Daniel Leidert <dleidert@debian.org>

Prev by Date: usbmuxd/CVE-2025-66004
Next by Date: Re: usbmuxd/CVE-2025-66004
Previous by thread: usbmuxd/CVE-2025-66004
Next by thread: Re: usbmuxd/CVE-2025-66004
Index(es):
- Date
- Thread