[Git][security-tracker-team/security-tracker][master] trixia triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Aug 13 16:29:13 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4eeb46e1 by Moritz Muehlenhoff at 2025-08-13T17:27:50+02:00
trixia triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9508,6 +9508,7 @@ CVE-2025-7208 (A vulnerability was found in 9fans plan9port up to 9da5b44. It ha
NOT-FOR-US: plan9port
CVE-2025-7207 (A vulnerability, which was classified as problematic, was found in mru ...)
- mruby <unfixed> (bug #1109338)
+ [trixie] - mruby <no-dsa> (Minor issue)
[bookworm] - mruby <no-dsa> (Minor issue)
[bullseye] - mruby <postponed> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/6509
@@ -17349,6 +17350,7 @@ CVE-2025-6142 (A vulnerability was found in Intera InHire up to 20250530. It has
NOT-FOR-US: Intera InHire
CVE-2025-6141 (A vulnerability has been found in GNU ncurses up to 6.5-20250322 and c ...)
- ncurses <unfixed> (bug #1107937)
+ [trixie] - ncurses <no-dsa> (Minor issue)
[bookworm] - ncurses <no-dsa> (Minor issue)
[bullseye] - ncurses <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
@@ -21188,9 +21190,11 @@ CVE-2025-36564 (Dell Encryption Admin Utilities versions prior to 11.10.2 contai
NOT-FOR-US: Dell / EMC
CVE-2025-35036 (Hibernate Validator before 6.2.0 and 7.0.0, by default and depending h ...)
- libhibernate-validator-java <unfixed> (bug #1107517)
+ [trixie] - libhibernate-validator-java <ignored> (Minor issue, only changes the default behaviour, no security issue by itself)
[bookworm] - libhibernate-validator-java <ignored> (Minor issue, only changes the default behaviour, no security issue by itself)
[bullseye] - libhibernate-validator-java <ignored> (Minor issue, only changes the default behaviour, no security issue by itself)
- libhibernate-validator4-java <unfixed> (bug #1107518)
+ [trixie] - libhibernate-validator4-java <ignored> (Minor issue, only changes the default behaviour, no security issue by itself)
[bookworm] - libhibernate-validator4-java <ignored> (Minor issue, only changes the default behaviour, no security issue by itself)
[bullseye] - libhibernate-validator4-java <ignored> (Minor issue, only changes the default behaviour, no security issue by itself)
NOTE: https://hibernate.atlassian.net/browse/HV-1816
@@ -38642,6 +38646,7 @@ CVE-2025-32460 (GraphicsMagick before 8e56520 has a heap-based buffer over-read
NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
CVE-2025-31672 (Improper Input Validation vulnerability in Apache POI. The issue affec ...)
- libapache-poi-java <unfixed> (bug #1103629)
+ [trixie] - libapache-poi-java <no-dsa> (Minor issue)
[bookworm] - libapache-poi-java <no-dsa> (Minor issue)
[bullseye] - libapache-poi-java <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/08/2
@@ -38724,21 +38729,25 @@ CVE-2025-3410 (A vulnerability classified as critical was found in mymagicpower
NOT-FOR-US: mymagicpower AIAS
CVE-2025-3409 (A vulnerability classified as critical has been found in Nothings stb ...)
- libstb <unfixed> (bug #1103631)
+ [trixie] - libstb <no-dsa> (Minor issue)
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1771
CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has been r ...)
- libstb <unfixed> (bug #1103632)
+ [trixie] - libstb <no-dsa> (Minor issue)
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1770
CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has been d ...)
- libstb <unfixed> (bug #1103633)
+ [trixie] - libstb <no-dsa> (Minor issue)
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1769
CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has been c ...)
- libstb <unfixed> (bug #1103634)
+ [trixie] - libstb <no-dsa> (Minor issue)
[bookworm] - libstb <no-dsa> (Minor issue)
[bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1772
@@ -45389,6 +45398,7 @@ CVE-2025-2589 (A vulnerability was found in code-projects Human Resource Managem
NOT-FOR-US: code-projects
CVE-2025-2588 (A vulnerability has been found in Hercules Augeas 1.14.1 and classifie ...)
- augeas <unfixed> (bug #1101714)
+ [trixie] - augeas <no-dsa> (Minor issue)
[bookworm] - augeas <no-dsa> (Minor issue)
[bullseye] - augeas <postponed> (Minor issue)
NOTE: https://github.com/hercules-team/augeas/issues/852
@@ -140843,6 +140853,7 @@ CVE-2023-49606 (A use-after-free vulnerability exists in the HTTP Connection Hea
NOTE: https://github.com/tinyproxy/tinyproxy/commit/12a8484265f7b00591293da492bb3c9987001956
CVE-2023-47212 (A heap-based buffer overflow vulnerability exists in the comment funct ...)
- libstb <unfixed> (bug #1070394)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1846
@@ -166222,6 +166233,7 @@ CVE-2024-23824 (mailcow is a dockerized email package, with multiple containers
NOT-FOR-US: mailcow
CVE-2024-23635 (AntiSamy is a library for performing fast, configurable cleansing of H ...)
- libowasp-antisamy-java <unfixed> (bug #1062846)
+ [trixie] - libowasp-antisamy-java <ignored> (Minor issue)
[bookworm] - libowasp-antisamy-java <ignored> (Minor issue)
[bullseye] - libowasp-antisamy-java <no-dsa> (Minor issue)
[buster] - libowasp-antisamy-java <no-dsa> (Minor issue)
@@ -185498,6 +185510,7 @@ CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (X
NOT-FOR-US: I-doit pro
CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185505,6 +185518,7 @@ CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1560
CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185512,6 +185526,7 @@ CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1559
CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185519,6 +185534,7 @@ CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1558
CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185526,6 +185542,7 @@ CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1557
CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185533,6 +185550,7 @@ CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1556
CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185540,6 +185558,7 @@ CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1555
CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -185547,6 +185566,7 @@ CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing
NOTE: https://github.com/nothings/stb/pull/1554
CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...)
- libstb <unfixed> (bug #1054911)
+ [trixie] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - libstb <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libstb <no-dsa> (Minor issue)
[buster] - libstb <no-dsa> (Minor issue)
@@ -230664,6 +230684,7 @@ CVE-2023-24011 (An attacker can arbitrarily craft malicious DDS Participants (or
NOT-FOR-US: ZettaScale DDS
CVE-2023-24010 (An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 ...)
- fastdds <unfixed> (bug #1104239)
+ [trixie] - fastdds <no-dsa> (Minor issue)
[bookworm] - fastdds <no-dsa> (Minor issue)
NOTE: https://github.com/ros2/sros2/issues/282
CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...)
@@ -263896,6 +263917,7 @@ CVE-2022-40153
REJECTED
CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...)
- libwoodstox-java <unfixed> (bug #1032089)
+ [trixie] - libwoodstox-java <ignored> (Minor issue)
[bookworm] - libwoodstox-java <ignored> (Minor issue)
[bullseye] - libwoodstox-java <no-dsa> (Minor issue)
[buster] - libwoodstox-java <no-dsa> (Minor issue)
@@ -306054,6 +306076,7 @@ CVE-2022-0684 (The WP Home Page Menu WordPress plugin before 3.1 does not saniti
NOT-FOR-US: WordPress plugin
CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...)
- libsixel <unfixed> (bug #1014469)
+ [trixie] - libsixel <no-dsa> (Minor issue)
[bookworm] - libsixel <no-dsa> (Minor issue)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
@@ -320033,6 +320056,7 @@ CVE-2021-45341 (A buffer overflow vulnerability in CDataMoji of the jwwlib compo
NOTE: Fixed by: https://github.com/LibreCAD/LibreCAD/commit/f3502963eaf379a429bc9da73c1224c5db649997
CVE-2021-45340 (In Libsixel prior to and including v1.10.3, a NULL pointer dereference ...)
- libsixel <unfixed> (bug #1004377)
+ [trixie] - libsixel <ignored> (Minor issue)
[bookworm] - libsixel <ignored> (Minor issue)
[bullseye] - libsixel <no-dsa> (Minor issue)
[buster] - libsixel <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -71,6 +71,8 @@ sympa/oldstable
--
tomcat10
--
+webkit2gtk (berto)
+--
wordpress
Utkarsh Gupta proposed to work on an update
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eeb46e194b0829eba6aff70913a426d60bd5def
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4eeb46e194b0829eba6aff70913a426d60bd5def
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/883e5ffb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list