[Git][security-tracker-team/security-tracker][master] trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aa2f37cb by Moritz Muehlenhoff at 2025-08-19T21:40:44+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9872,6 +9872,7 @@ CVE-2025-3621 (Vulnerabilities* in ActADUR local server product, developed and m
 	NOT-FOR-US: ActADUR
 CVE-2025-53643 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
 	- python-aiohttp <unfixed> (bug #1109336)
+	[trixie] - python-aiohttp <no-dsa> (Minor issue)
 	[bookworm] - python-aiohttp <no-dsa> (Minor issue)
 	[bullseye] - python-aiohttp <postponed> (Minor issue; request smuggling)
 	NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
@@ -65797,18 +65798,21 @@ CVE-2024-55195 (An allocation-size-too-big bug in the component /imagebuf.cpp of
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/f72b3d73d1157c0d25d07b8a1cdb00857788d685 (v2.5.18.0)
 CVE-2024-55194 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via  ...)
 	- openimageio <unfixed> (bug #1094410)
+	[trixie] - openimageio <no-dsa> (Minor issue)
 	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <ignored> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4552
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/34b29f33217e58b7f0d42c059ecf1696c381322a
 CVE-2024-55193 (OpenImageIO v3.1.0.0dev was discovered to contain a segmentation viola ...)
 	- openimageio <unfixed> (bug #1094411)
+	[trixie] - openimageio <no-dsa> (Minor issue)
 	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <ignored> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4551
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/d2077eb22a821d0ef7614d06cc1540b952d37ddf
 CVE-2024-55192 (OpenImageIO v3.1.0.0dev was discovered to contain a heap overflow via  ...)
 	- openimageio <unfixed> (bug #1094398)
+	[trixie] - openimageio <no-dsa> (Minor issue)
 	[bookworm] - openimageio <no-dsa> (Minor issue)
 	[bullseye] - openimageio <ignored> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/4550
@@ -75785,6 +75789,7 @@ CVE-2024-8992 (Some Honor products are affected by information leak vulnerabilit
 	NOT-FOR-US: Honor
 CVE-2024-56433 (shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /et ...)
 	- shadow <unfixed> (bug #1103832)
+	[trixie] - shadow <no-dsa> (Minor issue)
 	[bookworm] - shadow <no-dsa> (Minor issue)
 	[bullseye] - shadow <postponed> (Minor issue, disputed, no upstream patch)
 	NOTE: https://github.com/shadow-maint/shadow/issues/1157
@@ -293818,6 +293823,7 @@ CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lac ...)
 	- squirrel3 3.1-8.2 (bug #1014539)
+	[trixie] - squirrel3 <no-dsa> (Minor issue)
 	[bullseye] - squirrel3 <no-dsa> (Minor issue)
 	[buster] - squirrel3 <no-dsa> (Minor issue)
 	[stretch] - squirrel3 <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa2f37cbdee252127222520c023dd86429fc5d64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa2f37cbdee252127222520c023dd86429fc5d64
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250819/1c5b666a/attachment.htm>