[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2025-8845 in nasm for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Tue Aug 12 17:29:50 BST 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fc420f3e by Chris Lamb at 2025-08-12T09:25:52-07:00
Triage CVE-2025-8845 in nasm for bullseye LTS.
- - - - -
692aa5c2 by Chris Lamb at 2025-08-12T09:26:08-07:00
Triage CVE-2025-8734 in bison for bullseye LTS.
- - - - -
1667b496 by Chris Lamb at 2025-08-12T09:26:57-07:00
Triage CVE-2025-40920 in libcatalyst-authentication-credential-http-perl for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -109,6 +109,7 @@ CVE-2025-40920 (Catalyst::Authentication::Credential::HTTP versions 1.018 and ea
- libcatalyst-authentication-credential-http-perl 1.018-4 (bug #1110887)
[trixie] - libcatalyst-authentication-credential-http-perl <no-dsa> (Minor issue)
[bookworm] - libcatalyst-authentication-credential-http-perl <no-dsa> (Minor issue)
+ [bullseye] - libcatalyst-authentication-credential-http-perl <postponed> (Minor issue; can be fixed in next update)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/31902514/
NOTE: https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1
NOTE: Fixed by: https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/commit/ad2c03aad95406db4ce35dfb670664ebde004c18
@@ -142,6 +143,7 @@ CVE-2025-8845 (A vulnerability was identified in NASM Netwide Assember 2.17rc0.
- nasm <unfixed>
[trixie] - nasm <no-dsa> (Minor issue)
[bookworm] - nasm <no-dsa> (Minor issue)
+ [bullseye] - nasm <postponed> (Minor issue; can be fixed in next update)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392937
CVE-2025-8844 (A vulnerability was determined in NASM Netwide Assember 2.17rc0. This ...)
- nasm <unfixed> (unimportant)
@@ -517,6 +519,7 @@ CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU B
- bison <unfixed> (bug #1110611)
[trixie] - bison <no-dsa> (Minor issue)
[bookworm] - bison <no-dsa> (Minor issue)
+ [bullseye] - bison <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/akimd/bison/issues/115
CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been rated ...)
- bison <unfixed> (unimportant; bug #1110610)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d238eb4883cc8b687b60727dbb7fb337d606fddf...1667b496eb2a4f7634d2201a2d656ffec57c29d1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d238eb4883cc8b687b60727dbb7fb337d606fddf...1667b496eb2a4f7634d2201a2d656ffec57c29d1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/3b032fac/attachment.htm>
More information about the debian-security-tracker-commits
mailing list