[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 20 09:13:02 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76fd4960 by security tracker role at 2025-08-20T08:12:55+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,61 +1,369 @@
+CVE-2025-9225 (Stored cross-site scripting (XSS) in the web interface of MiR software ...)
+ TODO: check
+CVE-2025-9202 (The ColorMag theme for WordPress is vulnerable to unauthorized modific ...)
+ TODO: check
+CVE-2025-9193 (A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted i ...)
+ TODO: check
+CVE-2025-9176 (A security flaw has been discovered in neurobin shc up to 4.0.3. Impac ...)
+ TODO: check
+CVE-2025-9175 (A vulnerability was identified in neurobin shc up to 4.0.3. This issue ...)
+ TODO: check
+CVE-2025-9174 (A vulnerability was determined in neurobin shc up to 4.0.3. This vulne ...)
+ TODO: check
+CVE-2025-9171 (A security flaw has been discovered in SolidInvoice up to 2.4.0. The i ...)
+ TODO: check
+CVE-2025-9170 (A vulnerability was identified in SolidInvoice up to 2.4.0. The affect ...)
+ TODO: check
+CVE-2025-9169 (A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted i ...)
+ TODO: check
+CVE-2025-9168 (A vulnerability was found in SolidInvoice up to 2.4.0. This issue affe ...)
+ TODO: check
+CVE-2025-9167 (A vulnerability has been found in SolidInvoice up to 2.4.0. This vulne ...)
+ TODO: check
+CVE-2025-8618 (The WPC Smart Quick View for WooCommerce plugin for WordPress is vulne ...)
+ TODO: check
+CVE-2025-8364 (A crafted URL using a blob: URI could have hidden the true origin of t ...)
+ TODO: check
+CVE-2025-8289 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-8145 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-8141 (The Redirection for Contact Form 7 plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2025-57791 (An issue was discovered in Commvault before 11.36.60. A security vulne ...)
+ TODO: check
+CVE-2025-57790 (An issue was discovered in Commvault before 11.36.60. A security vulne ...)
+ TODO: check
+CVE-2025-57789 (An issue was discovered in Commvault before 11.36.60. During the brief ...)
+ TODO: check
+CVE-2025-57788 (An issue was discovered in Commvault before 11.36.60. A vulnerability ...)
+ TODO: check
+CVE-2025-57748
+ REJECTED
+CVE-2025-57747
+ REJECTED
+CVE-2025-57746
+ REJECTED
+CVE-2025-57745
+ REJECTED
+CVE-2025-57744
+ REJECTED
+CVE-2025-57743
+ REJECTED
+CVE-2025-57742
+ REJECTED
+CVE-2025-55715 (Insertion of Sensitive Information Into Sent Data vulnerability in The ...)
+ TODO: check
+CVE-2025-55706 (URL redirection to untrusted site ('Open Redirect') issue exists in M ...)
+ TODO: check
+CVE-2025-54750 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54735 (Incorrect Privilege Assignment vulnerability in Emraan Cheema CubeWP F ...)
+ TODO: check
+CVE-2025-54726 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-54713 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
+ TODO: check
+CVE-2025-54677 (Unrestricted Upload of File with Dangerous Type vulnerability in vcita ...)
+ TODO: check
+CVE-2025-54670 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54551 (Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege ...)
+ TODO: check
+CVE-2025-54364 (Microsoft Knack 0.12.0 allows Regular expression Denial of Service (Re ...)
+ TODO: check
+CVE-2025-54363 (Microsoft Knack 0.12.0 allows Regular expression Denial of Service (Re ...)
+ TODO: check
+CVE-2025-54145 (The QR scanner could allow arbitrary websites to be opened if a user w ...)
+ TODO: check
+CVE-2025-54144 (The URL scheme used by Firefox to facilitate searching of text queries ...)
+ TODO: check
+CVE-2025-54143 (Sandboxed iframes on webpages could potentially allow downloads to the ...)
+ TODO: check
+CVE-2025-54056 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54055 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54053 (Deserialization of Untrusted Data vulnerability in Adrian Tobey Ground ...)
+ TODO: check
+CVE-2025-54052 (Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Realtyna O ...)
+ TODO: check
+CVE-2025-54049 (Incorrect Privilege Assignment vulnerability in miniOrange Custom API ...)
+ TODO: check
+CVE-2025-54048 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-54046 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54044 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54040 (Missing Authorization vulnerability in Webba Appointment Booking Webba ...)
+ TODO: check
+CVE-2025-54034 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54032 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54031 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54028 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54027 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-54025 (Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon ...)
+ TODO: check
+CVE-2025-54021 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-54019 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-54017 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-54014 (Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCe ...)
+ TODO: check
+CVE-2025-54012 (Deserialization of Untrusted Data vulnerability in nanbu Welcart e-Com ...)
+ TODO: check
+CVE-2025-54008 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-54007 (Deserialization of Untrusted Data vulnerability in PickPlugins Post Gr ...)
+ TODO: check
+CVE-2025-53998 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53993 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53992 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53988 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53987 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53985 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53983 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53580 (Incorrect Privilege Assignment vulnerability in quantumcloud Simple Bu ...)
+ TODO: check
+CVE-2025-53577 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-53567 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53565 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53564 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53563 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53562 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53561 (Path Traversal vulnerability in miniOrange Prevent files / folders acc ...)
+ TODO: check
+CVE-2025-53560 (Deserialization of Untrusted Data vulnerability in rascals Noisa allow ...)
+ TODO: check
+CVE-2025-53559 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53522 (Movable Type contains an issue with use of less trusted source. If exp ...)
+ TODO: check
+CVE-2025-53319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53299 (Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMa ...)
+ TODO: check
+CVE-2025-53226 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53213 (Unrestricted Upload of File with Dangerous Type vulnerability in ELEXt ...)
+ TODO: check
+CVE-2025-53212 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53210 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53208 (Authorization Bypass Through User-Controlled Key vulnerability in paym ...)
+ TODO: check
+CVE-2025-53207 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53205 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53204 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53201 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53198 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-53196 (Insertion of Sensitive Information Into Sent Data vulnerability in Cro ...)
+ TODO: check
+CVE-2025-53195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-53194 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2025-49896 (Cross-Site Request Forgery (CSRF) vulnerability in wptasker WP Discord ...)
+ TODO: check
+CVE-2025-49894 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49893 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49892 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49891 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49890 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49889 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49438 (Deserialization of Untrusted Data vulnerability in Max Chirkov Simple ...)
+ TODO: check
+CVE-2025-49436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49434 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49428 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49426 (Cross-Site Request Forgery (CSRF) vulnerability in Dourou Cookie Warni ...)
+ TODO: check
+CVE-2025-49424 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49422 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49420 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49413 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49412 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49411 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49410 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49409 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49408 (Insertion of Sensitive Information Into Sent Data vulnerability in WPD ...)
+ TODO: check
+CVE-2025-49406 (Missing Authorization vulnerability in favethemes Houzez allows Access ...)
+ TODO: check
+CVE-2025-49400 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49399 (Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms all ...)
+ TODO: check
+CVE-2025-49397 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49396 (Missing Authorization vulnerability in themifyme Themify Builder allow ...)
+ TODO: check
+CVE-2025-49395 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49392 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49391 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...)
+ TODO: check
+CVE-2025-49389 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-49382 (Cross-Site Request Forgery (CSRF) vulnerability in DexignZone JobZilla ...)
+ TODO: check
+CVE-2025-49381 (Cross-Site Request Forgery (CSRF) vulnerability in ads.txt Guru ads.tx ...)
+ TODO: check
+CVE-2025-48302 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48298 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48297 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48296 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48171 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48169 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-48168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48165 (Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO al ...)
+ TODO: check
+CVE-2025-48164 (Incorrect Privilege Assignment vulnerability in Brainstorm Force SureD ...)
+ TODO: check
+CVE-2025-48163 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48162 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48160 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48159 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48158 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-48157 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48154 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2025-48149 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2025-48148 (Unrestricted Upload of File with Dangerous Type vulnerability in Store ...)
+ TODO: check
+CVE-2025-48142 (Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify all ...)
+ TODO: check
+CVE-2025-47650 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
+ TODO: check
+CVE-2025-30975 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
+ TODO: check
+CVE-2025-28977 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+ TODO: check
+CVE-2024-12223 (Prism Central versions prior to 2024.3.1 are vulnerable to a stored cr ...)
+ TODO: check
CVE-2025-9162
- keycloak <itp> (bug #1088287)
-CVE-2025-55033
+CVE-2025-55033 (Dragging JavaScript links to the URL bar in Focus for iOS could be uti ...)
NOT-FOR-US: Firefox Focus for iOS
-CVE-2025-55032
+CVE-2025-55032 (Focus for iOS would not respect a Content-Disposition header of type A ...)
NOT-FOR-US: Firefox Focus for iOS
-CVE-2025-55031
+CVE-2025-55031 (Malicious pages could use Firefox for iOS to pass FIDO: links to the O ...)
NOT-FOR-US: Firefox Focus for iOS and Firefox for iOS
-CVE-2025-55030
+CVE-2025-55030 (Firefox for iOS would not respect a Content-Disposition header of type ...)
NOT-FOR-US: Firefox for iOS
-CVE-2025-55029
+CVE-2025-55029 (Malicious scripts could bypass the popup blocker to spam new tabs, pot ...)
NOT-FOR-US: Firefox for iOS
-CVE-2025-55028
+CVE-2025-55028 (Malicious scripts utilizing repetitive JavaScript alerts could prevent ...)
NOT-FOR-US: Firefox for iOS
-CVE-2025-9187
+CVE-2025-9187 (Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9187
-CVE-2025-9186
+CVE-2025-9186 (Spoofing issue in the Address Bar component of Firefox Focus for Andro ...)
- firefox <not-affected> (Specific to Firefox Focus on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
-CVE-2025-9185
+CVE-2025-9185 (Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, ...)
- firefox-esr 128.14.0esr-1
- firefox <unfixed>
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9185
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9185
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9185
-CVE-2025-9184
+CVE-2025-9184 (Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1 ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9184
-CVE-2025-9183
+CVE-2025-9183 (Spoofing issue in the Address Bar component. This vulnerability affect ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9183
-CVE-2025-9182
+CVE-2025-9182 ('Denial-of-service due to out-of-memory in the Graphics: WebRender com ...)
- firefox <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9182
-CVE-2025-9181
+CVE-2025-9181 (Uninitialized memory in the JavaScript Engine component. This vulnerab ...)
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9181
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9181
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9181
-CVE-2025-9180
+CVE-2025-9180 ('Same-origin policy bypass in the Graphics: Canvas2D component.' This ...)
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9180
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9180
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9180
-CVE-2025-9179
+CVE-2025-9179 (An attacker was able to perform memory corruption in the GMP process w ...)
- firefox <unfixed>
- firefox-esr 128.14.0esr-1
- thunderbird <unfixed>
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9179
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9179
-CVE-2025-9132
+CVE-2025-9132 (Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 all ...)
- chromium <unfixed>
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9165 (A flaw has been found in LibTIFF 4.7.0. This affects the function _TIF ...)
@@ -5682,7 +5990,7 @@ CVE-2025-43267 (An injection issue was addressed with improved validation. This
CVE-2025-43266 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43265 (An out-of-bounds read was addressed with improved input validation. Th ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5724,7 +6032,7 @@ CVE-2025-43243 (A permissions issue was addressed with additional restrictions.
CVE-2025-43241 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43240 (A logic issue was addressed with improved checks. This issue is fixed ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5748,7 +6056,7 @@ CVE-2025-43230 (The issue was addressed with additional permissions checks. This
CVE-2025-43229 (This issue was addressed through improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed in iOS 1 ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5756,7 +6064,7 @@ CVE-2025-43228 (The issue was addressed with improved UI. This issue is fixed in
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43227 (This issue was addressed through improved state management. This issue ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5782,7 +6090,7 @@ CVE-2025-43218 (An out-of-bounds read was addressed with improved input validati
CVE-2025-43217 (The issue was addressed by adding additional logic. This issue is fixe ...)
NOT-FOR-US: Apple
CVE-2025-43216 (A use-after-free issue was addressed with improved memory management. ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5796,7 +6104,7 @@ CVE-2025-43214 (The issue was addressed with improved memory handling. This issu
CVE-2025-43213 (The issue was addressed with improved memory handling. This issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43212 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5804,7 +6112,7 @@ CVE-2025-43212 (The issue was addressed with improved memory handling. This issu
[bullseye] - wpewebkit <ignored> (wpewebkit >= 2.40 can no longer be sensibly backported)
NOTE: https://webkitgtk.org/security/WSA-2025-0005.html
CVE-2025-43211 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5852,7 +6160,7 @@ CVE-2025-31280 (A memory corruption issue was addressed with improved validation
CVE-2025-31279 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31278 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -5866,7 +6174,7 @@ CVE-2025-31276 (This issue was addressed through improved state management. This
CVE-2025-31275 (A permissions issue was addressed with additional restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-31273 (The issue was addressed with improved memory handling. This issue is f ...)
- {DSA-5978-1}
+ {DSA-5978-1 DLA-4276-1}
- webkit2gtk 2.48.5-1
- wpewebkit 2.48.5-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in trixie)
@@ -7884,10 +8192,10 @@ CVE-2025-8029 (Firefox executed `javascript:` URLs when used in `object` and `em
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8029
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8029
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8029
-CVE-2025-8042
+CVE-2025-8042 (Firefox for Android allowed a sandboxed iframe without the `allow-down ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8042
-CVE-2025-8041
+CVE-2025-8041 (In the address bar, Firefox for Android truncated the display of URLs ...)
- firefox <not-affected> (Only affects Firefox on Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries could le ...)
@@ -9762,7 +10070,7 @@ CVE-2025-6965 (There exists a vulnerability in SQLite versions before 3.50.2 whe
[bullseye] - sqlite3 <postponed> (Minor issue)
NOTE: https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8
CVE-2025-6558 (Insufficient validation of untrusted input in ANGLE and GPU in Google ...)
- {DSA-5978-1 DSA-5963-1}
+ {DSA-5978-1 DSA-5963-1 DLA-4276-1}
- chromium 138.0.7204.157-1
[bullseye] - chromium <end-of-life> (see #1061268)
- webkit2gtk 2.48.5-1
@@ -24936,8 +25244,8 @@ CVE-2025-5263 (Error handling for script execution was incorrectly isolated from
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5263
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5263
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5263
-CVE-2025-5262
- REJECTED
+CVE-2025-5262 (A double-free could have occurred in `vpx_codec_enc_init_multi` after ...)
+ TODO: check
CVE-2025-5232 (A vulnerability, which was classified as critical, has been found in P ...)
NOT-FOR-US: PHPGurukul
CVE-2025-5231 (A vulnerability classified as critical was found in PHPGurukul Company ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76fd4960fac27965c1517d92fa04094da7fb42df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76fd4960fac27965c1517d92fa04094da7fb42df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/97475819/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list