Your message dated Fri, 02 Jan 2026 11:35:05 +0000
with message-id <[email protected]>
and subject line Bug#1122507: fixed in usbmuxd 1.1.1-7
has caused the Debian Bug report #1122507,
regarding usbmuxd: CVE-2025-66004
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1122507: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122507
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: usbmuxd
Version: 1.1.1-6
Severity: important
Tags: security upstream
Forwarded: https://github.com/libimobiledevice/usbmuxd/issues/272
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 1.1.1-2
Hi,
The following vulnerability was published for usbmuxd.
CVE-2025-66004[0]:
| A Path Traversal vulnerability in usbmuxd allows local users to
| escalate to the service user.This issue affects usbmuxd: before
| 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-66004
https://www.cve.org/CVERecord?id=CVE-2025-66004
[1] https://github.com/libimobiledevice/usbmuxd/issues/272
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: usbmuxd
Source-Version: 1.1.1-7
Done: Yves-Alexis Perez <[email protected]>
We believe that the bug you reported is fixed in the latest version of
usbmuxd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yves-Alexis Perez <[email protected]> (supplier of updated usbmuxd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 Jan 2026 12:21:22 +0100
Source: usbmuxd
Architecture: source
Version: 1.1.1-7
Distribution: unstable
Urgency: medium
Maintainer: gtkpod Maintainers <[email protected]>
Changed-By: Yves-Alexis Perez <[email protected]>
Closes: 1122507
Changes:
usbmuxd (1.1.1-7) unstable; urgency=medium
.
* d/patch: add fix for path traversal vulnerability (CVE-2025-66004)
(Closes: #1122507)
* d/control: drop references to obsolete kFreeBSD
* d/copyright updated
* d/control: update standards version to 4.7.3
Checksums-Sha1:
aa8dec36b8dbe0a3e9f0c1ec4f5faa7f4a8dc025 1723 usbmuxd_1.1.1-7.dsc
cc9020089111bf092cd4021c4bf56e4f83855e11 8772 usbmuxd_1.1.1-7.debian.tar.xz
de9ad7a9f007ec83f06139fd84e83e38718de4b0 7836 usbmuxd_1.1.1-7_amd64.buildinfo
Checksums-Sha256:
b331bdca4e6be5c0db94b392e39edf0a47b8395ed356ab11932e4d6484b05842 1723
usbmuxd_1.1.1-7.dsc
acacead1608cab3cdeadb8383b11248a6795997fa8dd97e46645d8e9b9e1960e 8772
usbmuxd_1.1.1-7.debian.tar.xz
0ef29b8f9aba8ddbbe2ff430e936261db9365519c1524a9f9f57ed1d17ca9233 7836
usbmuxd_1.1.1-7_amd64.buildinfo
Files:
aaf27f68684c081ab0e3f89110b58e53 1723 utils optional usbmuxd_1.1.1-7.dsc
231a934842bd4c512c906cc73015c7dd 8772 utils optional
usbmuxd_1.1.1-7.debian.tar.xz
c6930a2e78fa09fe630da8ca6682d142 7836 utils optional
usbmuxd_1.1.1-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmlXqmYACgkQ3rYcyPpX
RFsA+ggAjmXmApfIHl8HasOqjQuLTcXYLZuvQ0QycmT4MmY7DixNQ3sB1oZK6mOL
ih+1n2x4dqcsZLn0hWxYK2rgD37/92Keq3FHRVsPet5BSTnCpodGQBBiMJr7bR8o
ps/Czv8GdTRk29ciNE6YuesBXZmUljt1f/nfzfqc0dBrB2lSwuDxUzsT7rYl2l/T
wWEcYKvypbxn6KoV6BMi8x1UlPtPoCFzTI4GtsAka5LGfke+HkJUrByL2MZ1UNNo
X3lVz7U3AevwEVSTrEUsFq+7wF0mzXHBX11rWg7LdLNL7Luep30oRDEKCVXEaV1d
kCauUZWBpnoPONsrFTgnCYu0h4xxcw==
=TABT
-----END PGP SIGNATURE-----
pgpST5OPYZYNr.pgp
Description: PGP signature
--- End Message ---
