[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Clarification Request Regarding CVE-2025-1176 Affecting binutils

Hi,

On Tue, Apr 15, 2025 at 09:52:18AM +0000, Sunil Kumar Dora wrote:
> Dear Debian Security Team,
> 
> I am writing to kindly request clarification regarding the security
> vulnerability CVE-2025-1176, which appears to affect the binutils
> package across several Debian releases, including bullseye
> (2.35.2-2), bookworm (2.40-2), and sid/trixie (2.44-3), as noted on
> the Debian Security Tracker.
> 
> Could you please confirm the current status of this vulnerability
> and whether any mitigation or update is planned for the affected
> versions? If there are any recommendations for handling this issue
> in the meantime, I would greatly appreciate your guidance.

You can always consult the security-tracker for a status on a CVE id
in Debian:
https://security-tracker.debian.org/tracker/CVE-2025-1176

there you will see how it is classified, in particular binutils is not
covered by security support.

Consult as well
https://www.debian.org/security/faq#cve-severity-assessment .

Regards,
Salvatore
Reply to: