Re: Clarification Request Regarding CVE-2025-1176 Affecting binutils
Hi,
On Tue, Apr 15, 2025 at 09:52:18AM +0000, Sunil Kumar Dora wrote:
> Dear Debian Security Team,
>
> I am writing to kindly request clarification regarding the security
> vulnerability CVE-2025-1176, which appears to affect the binutils
> package across several Debian releases, including bullseye
> (2.35.2-2), bookworm (2.40-2), and sid/trixie (2.44-3), as noted on
> the Debian Security Tracker.
>
> Could you please confirm the current status of this vulnerability
> and whether any mitigation or update is planned for the affected
> versions? If there are any recommendations for handling this issue
> in the meantime, I would greatly appreciate your guidance.
You can always consult the security-tracker for a status on a CVE id
in Debian:
https://security-tracker.debian.org/tracker/CVE-2025-1176
there you will see how it is classified, in particular binutils is not
covered by security support.
Consult as well
https://www.debian.org/security/faq#cve-severity-assessment .
Regards,
Salvatore
Reply to: