[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 11 09:32:55 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ee8e2ce by Moritz Muehlenhoff at 2025-08-11T10:32:08+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -628,6 +628,8 @@ CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In v
 	NOTE: Workaround: CA endpoint should enforce HTTPS instead of HTTP.
 CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In versions ...)
 	- node-tmp <unfixed> (bug #1110532)
+	[trixie] - node-tmp <no-dsa> (Minor issue)
+	[bookworm] - node-tmp <no-dsa> (Minor issue)
 	NOTE: https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
 	NOTE: https://github.com/raszi/node-tmp/issues/207
 	NOTE: https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b (v0.2.4)
@@ -669,6 +671,8 @@ CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 2
 	NOT-FOR-US: 4C Strategies
 CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
 	- edk2 <unfixed> (bug #1110533)
+	[trixie] - edk2 <no-dsa> (Minor issue)
+	[bookworm] - edk2 <no-dsa> (Minor issue)
 	[bullseye] - edk2 <postponed> (minor; likely a concern only on real hardware; used on S3 handling on qemu)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
 	NOTE: only arch: amd64, other arch (particularly i386) are not affected
@@ -5732,6 +5736,8 @@ CVE-2025-7397 (A vulnerability in the ascgshell, of  Brocade ASCG before 3.3.0 s
 	NOT-FOR-US: Brocade
 CVE-2025-7339 (on-headers is a node.js middleware for listening to when a response wr ...)
 	- node-on-headers 1.0.2-4 (bug #1109525)
+	[trixie] - node-on-headers <no-dsa> (Minor issue)
+	[bookworm] - node-on-headers <no-dsa> (Minor issue)
 	[bullseye] - node-on-headers <postponed> (Minor issue)
 	NOTE: https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q
 	NOTE: https://github.com/jshttp/on-headers/issues/15



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ee8e2cecf102e02d35856f6481e1d285924c4a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ee8e2cecf102e02d35856f6481e1d285924c4a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/d84e88c2/attachment.htm>

More information about the debian-security-tracker-commits mailing list