[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9a31d94 by security tracker role at 2025-04-20T19:29:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2025-43954 (QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via header ...)
+	TODO: check
+CVE-2025-3830 (A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has bee ...)
+	TODO: check
+CVE-2025-3829 (A vulnerability was found in PHPGurukul Men Salon Management System 1. ...)
+	TODO: check
+CVE-2025-3828 (A vulnerability was found in PHPGurukul Men Salon Management System 1. ...)
+	TODO: check
+CVE-2025-3827 (A vulnerability has been found in PHPGurukul Men Salon Management Syst ...)
+	TODO: check
+CVE-2025-3826 (A vulnerability, which was classified as problematic, was found in Sou ...)
+	TODO: check
+CVE-2025-3825 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-3824 (A vulnerability classified as problematic was found in SourceCodester  ...)
+	TODO: check
+CVE-2025-3823 (A vulnerability classified as problematic has been found in SourceCode ...)
+	TODO: check
 CVE-2025-43929 (open_actions.py in kitty before 0.41.0 does not ask for user confirmat ...)
 	- kitty <unfixed> (bug #1103691)
 	NOTE: https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35 (v0.41.0)
@@ -1065,6 +1083,7 @@ CVE-2024-13925 (The Klarna Checkout for WooCommerce WordPress plugin before 2.13
 CVE-2024-11924 (The Icegram Express formerly known as Email Subscribers  WordPress plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-32433 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
+	{DSA-5906-1}
 	- erlang 1:27.3.3+dfsg-1 (bug #1103442)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
 	NOTE: https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 (OTP-25.3.2.20)
@@ -8509,6 +8528,7 @@ CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro versi
 CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool. Versi ...)
 	NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
+	{DSA-5906-1}
 	- erlang 1:27.3.1+dfsg-1 (bug #1101713)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
 	NOTE: https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -22048,6 +22068,7 @@ CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 en
 	NOTE: https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
 	NOTE: Fixed by: https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for building massi ...)
+	{DSA-5906-1}
 	- erlang 1:27.2.4+dfsg-1
 	[bullseye] - erlang <postponed> (Minor issue)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
@@ -140458,7 +140479,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
-	{DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
+	{DSA-5906-1 DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
 	- dropbear 2022.83-4 (bug #1059001)
 	[bookworm] - dropbear 2022.83-1+deb12u1
 	[bullseye] - dropbear 2020.81-3+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31d94d034308199e201132adf4014ba74ef27

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31d94d034308199e201132adf4014ba74ef27
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250420/89025fc8/attachment.htm>