Bug#1118008: trixie-pu: package 7zip/25.01+dfsg-1~deb13u1 (CVE-2025-55188, CVE-2025-11002, CVE-2025-11001)

To: YOKOTA Hiroshi <yokota.hgml@gmail.com>
Cc: 1118008@bugs.debian.org
Subject: Bug#1118008: trixie-pu: package 7zip/25.01+dfsg-1~deb13u1 (CVE-2025-55188, CVE-2025-11002, CVE-2025-11001)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 01 Nov 2025 17:25:07 +0000
Message-id: <[🔎] dc327dd9be85043d5db11c60b13590b15932e8cd.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1118008@bugs.debian.org
In-reply-to: <176037811093.15062.16013534006700394537.reportbug@loadstone.darkstar.local>
References: <176037811093.15062.16013534006700394537.reportbug@loadstone.darkstar.local> <176037811093.15062.16013534006700394537.reportbug@loadstone.darkstar.local>

Control: tags -1 + confirmed

On Tue, 2025-10-14 at 02:55 +0900, YOKOTA Hiroshi wrote:
> Fix some security issues.
> * CVE-2025-55188: Improper Link Resolution Before File Access
> * CVE-2025-11002: ZIP File Parsing Directory Traversal Remote Code
> Execution
>   Vulnerability
> * CVE-2025-11001: ZIP File Parsing Directory Traversal Remote Code
> Execution
>   Vulnerability

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1118008: trixie-pu: package 7zip/25.01+dfsg-1~deb13u1 (CVE-2025-55188, CVE-2025-11002, CVE-2025-11001)
  - From: yokota <yokota.hgml@gmail.com>

Prev by Date: Bug#1111733: trixie-pu: package rabbitmq-server/4.0.5-6+deb13u1 (CVE-2025-50200)
Next by Date: Processed: Re: Bug#1118008: trixie-pu: package 7zip/25.01+dfsg-1~deb13u1 (CVE-2025-55188, CVE-2025-11002, CVE-2025-11001)
Previous by thread: Processed: Re: Bug#1111733: trixie-pu: package rabbitmq-server/4.0.5-6+deb13u1 (CVE-2025-50200)
Next by thread: Processed: Re: Bug#1118008: trixie-pu: package 7zip/25.01+dfsg-1~deb13u1 (CVE-2025-55188, CVE-2025-11002, CVE-2025-11001)
Index(es):
- Date
- Thread