Re: usbmuxd/CVE-2025-66004

To: debian-lts@lists.debian.org
Subject: Re: usbmuxd/CVE-2025-66004
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Thu, 18 Dec 2025 14:27:13 +0530
Message-id: <[🔎] CAPP0f95-R7+Tij3t_PhFvrE7J_A_WhO0dCODAQrWS-_kF5w9-w@mail.gmail.com>
In-reply-to: <[🔎] aUK_qpBEOVsn6geS@localhost>
References: <[🔎] 5d03ad659197714a6138d4a8e5d2efb27856cdf6.camel@debian.org> <[🔎] aUK_qpBEOVsn6geS@localhost>

Hi,

On Wed, Dec 17, 2025 at 8:05 PM Roberto C. Sánchez <roberto@debian.org> wrote:
> > when I was checking usbmuxd last week, it hadn't been triaged yet by
> > the security team. Judging by the description, it appears that the
> > damage that this issue could do is limited. However, Ubuntu released an
> > update with the fix for all of their releases. IMHO it makes sense to
> > cover that in Debian too and add it to dla-needed.txt (and ela-
> > needed.txt if appropriate).
> >
> I agree. It would be best to include a note indicating that as of the
> time of LTS triage that secteam has not yet triaged the package, so that
> whoever ends up working on it knows to coordinate with secteam and/or
> SRM in advance.

I'll take it up and sync with the security folks about the stable updates.


- u

Reply to:

References:
- usbmuxd/CVE-2025-66004
  - From: Daniel Leidert <dleidert@debian.org>
- Re: usbmuxd/CVE-2025-66004
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Re: usbmuxd/CVE-2025-66004
Next by Date: LTS Meeting Notes
Previous by thread: Re: usbmuxd/CVE-2025-66004
Next by thread: LTS Meeting Notes
Index(es):
- Date
- Thread