[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Aug 20 19:49:42 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e83b8884 by Moritz Muehlenhoff at 2025-08-20T20:48:21+02:00
bookworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2201,6 +2201,8 @@ CVE-2025-55194 (Part-DB is an open source inventory management system for electr
 	NOT-FOR-US: Part-DB
 CVE-2025-55193 (Active Record connects classes to relational database tables. Prior to ...)
 	- rails <unfixed> (bug #1111106)
+	[trixie] - rails <no-dsa> (Minor issue)
+	[bookworm] - rails <no-dsa> (Minor issue)
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
 	NOTE: https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 (v7.1.5.2)
 	NOTE: https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202 (v7.2.2.2)
@@ -3971,6 +3973,7 @@ CVE-2025-50675 (GPMAW 14, a bioinformatics software, has a critical vulnerabilit
 	NOT-FOR-US: GPMAW
 CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line ...)
 	- gst-plugins-base1.0 1.26.2-1
+	[bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0003.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132
@@ -3978,6 +3981,7 @@ CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's tmplayer_pars
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9b810e83d0f4135cf5a066da8b9430cf6e375d29 (1.26.2)
 CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_for ...)
 	- gst-plugins-base1.0 1.26.2-1
+	[bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0002.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132
@@ -3985,12 +3989,14 @@ CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's subrip_unesca
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0711a31221a27c076dde3b9716cbcabf85088fa5 (1.26.2)
 CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time f ...)
 	- gst-plugins-base1.0 1.26.2-1
+	[bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0006.html
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/edca7f83d107fb6a55dbd46196fc40b99857a85e (1.27.1)
 	NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d (1.26.2)
 CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak fu ...)
 	- gst-plugins-good1.0 1.26.2-1
+	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0004.html
 	NOTE: For 1.26.y major refactoring fixing the issue:
@@ -4002,6 +4008,7 @@ CVE-2025-47188 (A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w
 	NOT-FOR-US: Mitel
 CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree fu ...)
 	- gst-plugins-good1.0 1.26.2-1
+	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	NOTE: https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0005.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/48bf6a92d75051be7e5ffb66fcd1a49de74fe865 (1.27.1)
@@ -7980,6 +7987,8 @@ CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU   transmits sensitive data witho
 	NOT-FOR-US: DuraComm
 CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
 	- suricata <unfixed> (bug #1109806)
+	[trixie] - suricata <no-dsa> (Minor issue)
+	[bookworm] - suricata <no-dsa> (Minor issue)
 	NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/1d6d331752e933c46aca0ae7a9679b27462246e3 (suricata-8.0.0)
 	NOTE: Fixed by: https://github.com/OISF/suricata/commit/7fa88ea9e7d05e07a7864050cfd836b576669720 (suricata-7.0.11)
@@ -8432,6 +8441,8 @@ CVE-2025-38352 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/f90fff1e152dedf52b932240ebbd670d83330eca (6.16-rc2)
 CVE-2025-7962 (In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by ut ...)
 	- jakarta-mail <unfixed> (bug #1109804)
+	[trixie] - jakarta-mail <no-dsa> (Minor issue)
+	[bookworm] - jakarta-mail <no-dsa> (Minor issue)
 	[bullseye] - jakarta-mail <postponed> (Minor issue)
 	- javamail <unfixed> (bug #1109824)
 	[bullseye] - javamail <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e83b8884a6d20f9eb30c1996f30b497ac20a221e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e83b8884a6d20f9eb30c1996f30b497ac20a221e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/1a6a5619/attachment.htm>

More information about the debian-security-tracker-commits mailing list