[Git][security-tracker-team/security-tracker][master] trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5959785 by Moritz Muehlenhoff at 2025-08-19T15:26:03+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4667,6 +4667,7 @@ CVE-2025-49832 (Asterisk is an open source private branch exchange and telephony
 	NOTE: Fixed by: https://github.com/asterisk/asterisk/commit/f8c6ad7916a9d233eb9e685365132e0435535216 (22.5.1)
 CVE-2025-48074 (OpenEXR provides the specification and reference implementation of the ...)
 	- openexr <unfixed> (bug #1110261)
+	[trixie] - openexr <no-dsa> (Minor issue)
 	[bookworm] - openexr <no-dsa> (Minor issue)
 	[bullseye] - openexr <postponed> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf
@@ -14701,6 +14702,7 @@ CVE-2025-6854 (A vulnerability classified as problematic was found in chatchat-s
 CVE-2025-5878 (A vulnerability was found in ESAPI esapi-java-legacy and classified as ...)
 	{DLA-4246-1}
 	- libowasp-esapi-java <unfixed> (bug #1109378)
+	[trixie] - libowasp-esapi-java <no-dsa> (Minor issue)
 	[bookworm] - libowasp-esapi-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512 (esapi-2.7.0.0)
 	NOTE: https://github.com/ESAPI/esapi-java-legacy/commit/e2322914304d9b1c52523ff24be495b7832f6a56 (esapi-2.7.0.0)
@@ -18798,7 +18800,8 @@ CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marke
 	NOT-FOR-US: WordPress plugin
 CVE-2025-48945 (pycares is a Python module which provides an interface to c-ares. c-ar ...)
 	- pycares <unfixed> (bug #1109377)
-	[bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
+	[trixie] - pycares <ignored> (Minor issue, too intrusive to backport)
+	[bookworm] - pycares <ignored> (Minor issue, too intrusive to backport)
 	[bullseye] - pycares <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
 	NOTE: Fixed by: https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4 (v4.9.0)
@@ -19361,6 +19364,7 @@ CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
 	NOTE: https://github.com/erlang/otp/commit/10608879c81332af2d3c00db61ee173c93c1ea4e (OTP-26.2.5.13, OTP-27.3.4.1)
 CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse untrusted P ...)
 	- protobuf <unfixed> (bug #1108057)
+	[trixie] - protobuf <no-dsa> (Minor issue)
 	[bookworm] - protobuf <no-dsa> (Minor issue)
 	[bullseye] - protobuf <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
@@ -101921,6 +101925,7 @@ CVE-2024-8364 (The WP Custom Fields Search plugin for WordPress is vulnerable to
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7254 (Any project that parses untrusted Protocol Buffers datacontaining an a ...)
 	- protobuf <unfixed> (bug #1082381)
+	[trixie] - protobuf <no-dsa> (Minor issue)
 	[bookworm] - protobuf <no-dsa> (Minor issue)
 	[bullseye] - protobuf <postponed> (Minor issue)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1 (v3.25.5)
@@ -187603,6 +187608,7 @@ CVE-2023-45805 (pdm is a Python package and dependency manager supporting the la
 	NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 (2.10.0)
 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
 	- libxml-security-java <unfixed> (bug #1059313)
+	[trixie] - libxml-security-java <no-dsa> (Minor issue)
 	[bookworm] - libxml-security-java <no-dsa> (Minor issue)
 	[bullseye] - libxml-security-java <no-dsa> (Minor issue)
 	[buster] - libxml-security-java <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59597853f5339e997a4ddc1edae46ef984cca51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59597853f5339e997a4ddc1edae46ef984cca51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250819/45f6143d/attachment-0001.htm>