[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 13 11:07:54 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39e2a328 by Moritz Muehlenhoff at 2025-08-13T12:07:37+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14559,6 +14559,7 @@ CVE-2025-6494 (A vulnerability was found in sparklemotion nokogiri c29c920907366
 	NOTE: https://github.com/sparklemotion/nokogiri/pull/3524
 CVE-2025-6493 (A vulnerability was found in CodeMirror up to 5.17.0 and classified as ...)
 	- codemirror-js <unfixed> (bug #1108477)
+	[trixie] - codemirror-js <no-dsa> (Minor issue)
 	[bookworm] - codemirror-js <no-dsa> (Minor issue)
 	[bullseye] - codemirror-js <postponed> (Minor issue)
 	NOTE: https://github.com/codemirror/codemirror5/issues/7128
@@ -27950,6 +27951,7 @@ CVE-2025-4403 (The Drag and Drop Multiple File Upload for WooCommerce plugin for
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with GRUB c ...)
 	- grub2 <unfixed> (bug #1105108)
+	[trixie] - grub2 <no-dsa> (Minor issue)
 	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c448f511e74cb7c776b314fcb7943f98d3f22b6d
 	NOTE: Additional hardening via:
@@ -98899,7 +98901,8 @@ CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordP
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9029 (A flaw was found in the freeimage library. Processing a crafted image  ...)
 	- freeimage <unfixed> (bug #1082848)
-	[bookworm] - freeimage <no-dsa> (Minor issue)
+	[trixie] - freeimage <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - freeimage <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - freeimage <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://sourceforge.net/p/freeimage/bugs/351/
 CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable to Sto ...)
@@ -99959,7 +99962,8 @@ CVE-2024-33109 (Directory Traversal in the web interface of the Tiptel IP 286 wi
 	NOT-FOR-US: Tiptel
 CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffe ...)
 	- freeimage <unfixed> (bug #1082380)
-	[bookworm] - freeimage <no-dsa> (Minor issue#)
+	[trixie] - freeimage <no-dsa> (Minor issue)
+	[bookworm] - freeimage <no-dsa> (Minor issue)
 	[bullseye] - freeimage <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://sourceforge.net/p/freeimage/bugs/355/
 	NOTE: https://www.openwall.com/lists/oss-security/2024/04/11/10
@@ -139194,6 +139198,7 @@ CVE-2023-51597 (Kofax Power PDF U3D File Parsing Out-Of-Bounds Write Remote Code
 	NOT-FOR-US: Kofax Power PDF
 CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code ...)
 	- bluez <unfixed> (bug #1074419)
+	[trixie] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -139202,6 +139207,7 @@ CVE-2023-51595 (Voltronic Power ViewPower Pro selectDeviceListBy SQL Injection R
 	NOT-FOR-US: Voltronic Power ViewPower Pro
 CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerabi ...)
 	- bluez <unfixed> (bug #1082870)
+	[trixie] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -139210,6 +139216,7 @@ CVE-2023-51593 (Voltronic Power ViewPower Pro Expression Language Injection Remo
 	NOT-FOR-US: Voltronic Power ViewPower Pro
 CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Inform ...)
 	- bluez <unfixed> (bug #1082869)
+	[trixie] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -139220,6 +139227,7 @@ CVE-2023-51590 (Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upl
 	NOT-FOR-US: Voltronic Power ViewPower Pro
 CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Infor ...)
 	- bluez <unfixed> (bug #1081912)
+	[trixie] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -139242,6 +139250,7 @@ CVE-2023-51581 (Voltronic Power ViewPower MacMonitorConsole Exposed Dangerous Me
 	NOT-FOR-US: Voltronic Power ViewPower
 CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Rea ...)
 	- bluez <unfixed> (bug #1081911)
+	[trixie] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -139450,6 +139459,7 @@ CVE-2023-44432 (Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code
 	NOT-FOR-US: Kofax Power PDF
 CVE-2023-44431 (BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Exec ...)
 	- bluez <unfixed> (bug #1077687)
+	[trixie] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
 	[buster] - bluez <postponed> (Minor issue, revisit when/if fixed upstream)
@@ -154417,6 +154427,7 @@ CVE-2024-28581 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0
 	NOTE: https://sourceforge.net/p/freeimage/bugs/382/
 CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...)
 	- freeimage <unfixed> (bug #1068461)
+	[trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
 	[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
 	[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
 	NOTE: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
@@ -194521,6 +194532,7 @@ CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Impr
 	NOTE: https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd (v2.7.2)
 CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...)
 	- busybox <unfixed> (bug #1055307)
+	[trixie] - busybox <no-dsa> (Minor issue)
 	[bookworm] - busybox <no-dsa> (Minor issue)
 	[bullseye] - busybox <postponed> (Minor issue, revisit when fixed upstream)
 	[buster] - busybox <postponed> (Minor issue, revisit when fixed upstream)
@@ -613859,6 +613871,7 @@ CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with th
 	NOTE: Introduced with 4bc76593 and 4e6e16b3f.
 CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference relat ...)
 	- cairo <unfixed> (low; bug #870264)
+	[trixie] - cairo <ignored> (Minor issue)
 	[bookworm] - cairo <ignored> (Minor issue)
 	[bullseye] - cairo <ignored> (Minor issue)
 	[buster] - cairo <ignored> (Minor issue)
@@ -649060,6 +649073,7 @@ CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 all
 	NOTE: https://www.openwall.com/lists/oss-security/2016/06/07/2
 CVE-2016-1000002 (gdm3 3.14.2 and possibly later has an information leak before screen l ...)
 	- gdm3 <unfixed> (low; bug #849432)
+	[trixie] - gdm3 <ignored> (Minor issue)
 	[bookworm] - gdm3 <ignored> (Minor issue)
 	[bullseye] - gdm3 <ignored> (Minor issue)
 	[buster] - gdm3 <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e2a328974789376bde4a179f097afc719b2cc8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e2a328974789376bde4a179f097afc719b2cc8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/cf104842/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list