Clarification Request Regarding CVE-2025-1176 Affecting binutils

To: "security@debian.org" <security@debian.org>
Cc: "debian-toolchain@lists.debian.org" <debian-toolchain@lists.debian.org>
Subject: Clarification Request Regarding CVE-2025-1176 Affecting binutils
From: Sunil Kumar Dora <sunilkumar.dora@blackfigtech.com>
Date: Tue, 15 Apr 2025 09:52:18 +0000
Message-id: <[🔎] MAZPR01MB83717856680F1AF298F1A15E9BB22@MAZPR01MB8371.INDPRD01.PROD.OUTLOOK.COM>

Dear Debian Security Team,

I am writing to kindly request clarification regarding the security vulnerability CVE-2025-1176, which appears to affect the binutils package across several Debian releases, including bullseye (2.35.2-2), bookworm (2.40-2), and sid/trixie (2.44-3), as noted on the Debian Security Tracker.

Could you please confirm the current status of this vulnerability and whether any mitigation or update is planned for the affected versions? If there are any recommendations for handling this issue in the meantime, I would greatly appreciate your guidance.

Thank you for your time and support.

Thanks,
Sunil Dora

Reply to:

Follow-Ups:
- Re: Clarification Request Regarding CVE-2025-1176 Affecting binutils
  - From: Salvatore Bonaccorso <carnil@debian.org>

Next by Date: Re: Clarification Request Regarding CVE-2025-1176 Affecting binutils
Next by thread: Re: Clarification Request Regarding CVE-2025-1176 Affecting binutils
Index(es):
- Date
- Thread