[Git][security-tracker-team/security-tracker][master] trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f9432085 by Moritz Muehlenhoff at 2025-08-22T13:49:13+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3262,6 +3262,7 @@ CVE-2025-0818 (Several WordPress plugins using elFinder versions 2.1.64 and prio
 CVE-2025-8860
 	[experimental] - qemu 1:10.1.0~rc3+ds-1
 	- qemu 1:10.0.3+ds-4 (bug #1111030)
+	[trixie] - qemu <no-dsa> (Minor issue)
 	[bookworm] - qemu <not-affected> (Vulnerable code not present)
 	[bullseye] - qemu <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2387588
@@ -7488,6 +7489,7 @@ CVE-2025-23286 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
 	- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1109914)
 	NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
 	- nvidia-open-gpu-kernel-modules <unfixed> (bug #1109915)
+	[trixie] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
 	[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
 	[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
 	- nvidia-graphics-drivers-tesla-535 <unfixed> (bug #1109916)
@@ -7511,9 +7513,9 @@ CVE-2025-23279 (NVIDIA .run Installer for Linux and Solaris contains a vulnerabi
 	- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1109914)
 	NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
 	- nvidia-open-gpu-kernel-modules <unfixed> (bug #1109915)
+	[trixie] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
 	[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
-	[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
-	- nvidia-graphics-drivers-tesla-535 <unfixed> (bug #1109916)
+	- nvidia-graphics-drivers-tesla-535 535.261.03-1 (bug #1109916)
 	[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
 	- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1109917)
 CVE-2025-8198 (The MinimogWP \u2013 The High Converting eCommerce WordPress Theme the ...)
@@ -11470,6 +11472,7 @@ CVE-2025-7465 (A vulnerability classified as critical was found in Tenda FH1201
 	NOT-FOR-US: Tenda
 CVE-2025-7464 (A vulnerability classified as problematic has been found in osrg GoBGP ...)
 	- gobgp <unfixed> (bug #1109300)
+	[trixie] - gobgp <no-dsa> (Minor issue)
 	[bookworm] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/e748f43496d74946d14fed85c776452e47b99d64
@@ -14373,6 +14376,7 @@ CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* b
 	NOTE: Fixed by: https://github.com/php/php-src/commit/9376aeef9f8ff81f2705b8016237ec3e30bdee44 (php-8.1.33)
 CVE-2025-7067 (A vulnerability classified as problematic was found in HDF5 1.14.6. Th ...)
 	- hdf5 <unfixed> (bug #1108886)
+	[trixie] - hdf5 <no-dsa> (Minor issue)
 	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5577
 CVE-2025-7066 (Jirafeau normally prevents browser preview for text files due to the p ...)
@@ -16177,6 +16181,7 @@ CVE-2025-53391 (The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through
 	- zulucrypt <unfixed> (bug #1108288)
 CVE-2025-6816 (A vulnerability classified as problematic was found in HDF5 1.14.6. Th ...)
 	- hdf5 <unfixed> (bug #1108482)
+	[trixie] - hdf5 <no-dsa> (Minor issue)
 	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5571
 CVE-2025-6778 (A vulnerability, which was classified as problematic, was found in cod ...)
@@ -16617,6 +16622,7 @@ CVE-2025-6751 (A vulnerability, which was classified as critical, was found in L
 	NOT-FOR-US: Linksys
 CVE-2025-6750 (A vulnerability, which was classified as problematic, has been found i ...)
 	- hdf5 <unfixed> (bug #1108409)
+	[trixie] - hdf5 <no-dsa> (Minor issue)
 	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5549
 CVE-2025-6749 (A vulnerability classified as critical was found in huija bicycleShari ...)
@@ -103181,6 +103187,7 @@ CVE-2023-47480 (An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local
 	NOTE: https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d (0.54-1test1)
 CVE-2024-8612 (A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-c ...)
 	- qemu <unfixed> (bug #1082406)
+	[trixie] - qemu <no-dsa> (Minor issue)
 	[bookworm] - qemu <no-dsa> (Minor issue)
 	[bullseye] - qemu <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2313760



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9432085c4677ac1526eb72ea18d31a63197249a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f9432085c4677ac1526eb72ea18d31a63197249a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/7f821948/attachment.htm>