Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-110953

bison: Confirm whether affected by CVE-2025-8733 and CVE-2025-8734 [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.7
    • bison
    • No
    • None
    • rhel-jotnar
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      We are interested in the RHEL-9 and RHEL-10 applicability of these two
      bison CVEs:

      https://access.redhat.com/security/cve/CVE-2025-8733
      https://access.redhat.com/security/cve/CVE-2025-8734

      Currently, for RHEL-10, the state of both CVEs has been listed as
      "Fix deferred", whereas for RHEL-9 and earlier, it is listed as "Not
      affected". Does this mean that the reproducer has been confirmed to
      run on RHEL-10 and not on RHEL-9?

      Product Security has been contacted and we are awaiting a response from them on this.

              jotnar-project Jötnar Project
              ashankar@redhat.com Arjun Shankar
              Arjun Shankar Arjun Shankar
              Jötnar Project Jötnar Project
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: