[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Aug 11 16:57:53 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
539db480 by Moritz Muehlenhoff at 2025-08-11T17:57:20+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -277,12 +277,14 @@ CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow
 	NOTE: Crash in CLI tool, no security impact
 CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU Bison  ...)
 	- bison <unfixed> (bug #1110611)
+	[trixie] - bison <no-dsa> (Minor issue)
+	[bookworm] - bison <no-dsa> (Minor issue)
 	NOTE: https://github.com/akimd/bison/issues/115
 CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been rated  ...)
 	- bison <unfixed> (unimportant; bug #1110610)
 	NOTE: https://github.com/akimd/bison/issues/113
 	NOTE: https://github.com/akimd/bison/issues/114
-	NOTE: Negligible security impact
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been declare ...)
 	- libxml2 <unfixed> (unimportant)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
@@ -581,6 +583,7 @@ CVE-2023-40992 (Hospital Management System 4 is vulnerable to a SQL injection in
 	NOT-FOR-US: Hospital Management System
 CVE-2025-47907 (Cancelling a query (e.g. by cancelling the context passed to one of th ...)
 	- golang-1.24 <unfixed>
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
 	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
@@ -592,6 +595,7 @@ CVE-2025-47907 (Cancelling a query (e.g. by cancelling the context passed to one
 	NOTE: https://github.com/golang/go/commit/8a924caaf348fdc366bab906424616b2974ad4e9 (go1.23.12)
 CVE-2025-47906
 	- golang-1.24 <unfixed>
+	[trixie] - golang-1.24 <no-dsa> (Minor issue)
 	- golang-1.23 <unfixed>
 	- golang-1.19 <removed>
 	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
@@ -1513,6 +1517,8 @@ CVE-2025-51390 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain
 	NOT-FOR-US: TOTOLINK
 CVE-2025-50422 (Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unsc ...)
 	- cairo <unfixed> (bug #1110606)
+	[trixie] - cairo <no-dsa> (Minor issue)
+	[bookworm] - cairo <no-dsa> (Minor issue)
 	[bullseye] - cairo <postponed> (Minor Issue; need dump right and local access)
 	NOTE: https://github.com/Landw-hub/CVE-2025-50422
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591
@@ -1527,7 +1533,6 @@ CVE-2025-50420 (An issue in the pdfseparate utility of freedesktop poppler v25.0
 CVE-2025-50340 (An Insecure Direct Object Reference (IDOR) vulnerability was discovere ...)
 	- sogo <unfixed> (bug #1110604)
 	NOTE: https://github.com/millad7/SOGo_web_mail-vulnerability-CVE-2025-50340
-	TODO: check, contacted maintainer to verify
 CVE-2025-46206 (An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to c ...)
 	- mupdf 1.25.1+ds1-7 (bug #1110482)
 	[trixie] - mupdf <no-dsa> (Minor issue)
@@ -3162,6 +3167,8 @@ CVE-2025-8263
 	REJECTED
 CVE-2025-8262 (A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been c ...)
 	- node-yarnpkg <unfixed> (bug #1110609)
+	[trixie] - node-yarnpkg <no-dsa> (Minor issue)
+	[bookworm] - node-yarnpkg <no-dsa> (Minor issue)
 	[bullseye] - node-yarnpkg <postponed> (minor issue; DoS)
 	NOTE: https://github.com/yarnpkg/yarn/pull/9199
 CVE-2025-8261 (A vulnerability was found in Vaelsys 4.1.0 and classified as critical. ...)
@@ -3439,6 +3446,8 @@ CVE-2025-8176 (A vulnerability was found in LibTIFF up to 4.7.0. It has been dec
 	NOTE: Crash in CLI tool, no security impact
 CVE-2025-8197 (A global buffer overflow vulnerability was found in the soup_header_na ...)
 	- libsoup3 <unfixed> (bug #1110607)
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383525
 	TODO: check, clarify upstream status, details for libsoup2.4
 CVE-2025-8183 (NULL Pointer Dereference in \xb5D3TN via non-singleton destination End ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539db480b9796608991288839727d69ae5d63b53

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539db480b9796608991288839727d69ae5d63b53
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/d305b6f9/attachment.htm>

More information about the debian-security-tracker-commits mailing list