[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Aug 21 16:23:19 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
45dd9a41 by Moritz Muehlenhoff at 2025-08-21T17:22:45+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -730,7 +730,8 @@ CVE-2025-9165 (A flaw has been found in LibTIFF 4.7.0. This affects the function
 	NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/747
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
 CVE-2025-9157 (A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. ...)
-	- tcpreplay <unfixed>
+	- tcpreplay <unfixed> (unimportant)
+	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/appneta/tcpreplay/issues/970
 	NOTE: https://github.com/appneta/tcpreplay/commit/73008f261f1cdf7a1087dc8759115242696d35da
 CVE-2025-9156 (A vulnerability was found in itsourcecode Sports Management System 1.0 ...)
@@ -1182,6 +1183,8 @@ CVE-2025-38553 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/ec8e0e3d7adef940cdf9475e2352c0680189d14e (6.17-rc1)
 CVE-2025-53192 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/ ...)
 	- ognl <unfixed> (bug #1111588)
+	[trixie] - ognl <no-dsa> (Minor issue)
+	[bookworm] - ognl <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/08/18/4
 	NOTE: https://lists.apache.org/thread/2gj8tjl6vz949nnp3yxz3okm9xz2k7sp
 CVE-2025-7693 (A security issue exists due to improper handling of malformed CIP Forw ...)
@@ -2545,6 +2548,8 @@ CVE-2025-55198 (Helm is a package manager for Charts for Kubernetes. Prior to ve
 	- helm-kubernetes <itp> (bug #910799)
 CVE-2025-55197 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
 	- pypdf <unfixed> (bug #1111139)
+	[trixie] - pypdf <no-dsa> (Minor issue)
+	[bookworm] - pypdf <no-dsa> (Minor issue)
 	- pypdf2 <removed>
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m
 	NOTE: https://github.com/py-pdf/pypdf/issues/3429


=====================================
data/dsa-needed.txt
=====================================
@@ -61,6 +61,8 @@ php-laravel-framework/oldstable
 python-django/oldstable
   Chris is working on it
 --
+qemu (jmm)
+--
 ruby-rack/oldstable
 --
 ruby-saml/oldstable
@@ -68,8 +70,7 @@ ruby-saml/oldstable
 --
 sogo/oldstable
 --
-squid/oldstable
-  Bastien Roucariès proposed to work on squid updates for bookworm
+squid/oldstable (jmm)
 --
 sympa/oldstable
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45dd9a410a37e065009ef40375504cbdedc4dcb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/45dd9a410a37e065009ef40375504cbdedc4dcb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250821/61a572a7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list