[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Aug 15 09:00:12 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cc709782 by Moritz Muehlenhoff at 2025-08-15T09:59:33+02:00
bookworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2166,10 +2166,9 @@ CVE-2025-8738 (A vulnerability has been found in zlt2000 microservices-platform
CVE-2025-8737 (A vulnerability, which was classified as problematic, was found in zlt ...)
NOT-FOR-US: zlt2000 microservices-platform
CVE-2025-8736 (A vulnerability, which was classified as critical, has been found in G ...)
- - cflow <unfixed> (unimportant)
+ - cflow <unfixed>
[bullseye] - cflow <ignored> (Crash in CLI tools)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00001.html
- NOTE: Crash in CLI tool, no security impact
CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow up to ...)
- cflow <unfixed> (unimportant)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
@@ -3440,10 +3439,9 @@ CVE-2025-50420 (An issue in the pdfseparate utility of freedesktop poppler v25.0
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1849
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/08d7894e4dd0e313c179e30f06ad8f546619b1b3
CVE-2025-50340 (An Insecure Direct Object Reference (IDOR) vulnerability was discovere ...)
- - sogo <unfixed> (bug #1110604; unimportant)
+ NOTE: Bogus assignment for src:sogo, should be rejected (was also filed as #1110604)
NOTE: https://github.com/millad7/SOGo_web_mail-vulnerability-CVE-2025-50340
NOTE: https://www.mail-archive.com/users%40sogo.nu/msg34098.html
- NOTE: Disputed secrurity relevance from upstream
CVE-2025-46206 (An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to c ...)
- mupdf 1.25.1+ds1-7 (bug #1110482)
[trixie] - mupdf <no-dsa> (Minor issue)
@@ -3715,13 +3713,12 @@ CVE-2025-54131 (Cursor is a code editor built for programming with AI. In versio
CVE-2025-4588 (The 360 Photo Spheres plugin for WordPress is vulnerable to Stored Cro ...)
NOT-FOR-US: WordPress plugin
CVE-2024-13978 (A vulnerability was found in LibTIFF up to 4.7.0. It has been declared ...)
- - tiff <unfixed> (unimportant)
+ - tiff <unfixed>
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/649
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/650
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/667
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4
- NOTE: Crash in CLI tool, no security impact
CVE-2013-10063 (A path traversal vulnerability exists in the Netgear SPH200D Skype pho ...)
NOT-FOR-US: Netgear
CVE-2013-10062 (A directory traversal vulnerability exists in Linksys router's web int ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc70978258328837f2981383a9186850d617a199
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc70978258328837f2981383a9186850d617a199
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/81a24f51/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list