[Git][security-tracker-team/security-tracker][master] 3 commits: lts: mark CVE-2025-54363,CVE-2025-54364/knack postponed
Daniel Leidert (@dleidert)
dleidert at debian.org
Sat Aug 23 01:33:37 BST 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7110128 by Daniel Leidert at 2025-08-23T02:32:17+02:00
lts: mark CVE-2025-54363,CVE-2025-54364/knack postponed
Follow secteam triage; minor issue
- - - - -
cd1ebc5d by Daniel Leidert at 2025-08-23T02:32:18+02:00
lts: triage CVE-2025-46206/mupdf for Bullseye
Mark as postponed. Minor issue that can lead to a local DoS.
- - - - -
73536843 by Daniel Leidert at 2025-08-23T02:32:19+02:00
lts: triage CVE-2025-9136/retroarch for Bullseye
Follow secteam triage. Minor issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1075,11 +1075,13 @@ CVE-2025-54364 (Microsoft Knack 0.12.0 allows Regular expression Denial of Servi
- knack <unfixed> (bug #1111774)
[trixie] - knack <no-dsa> (Minor issue)
[bookworm] - knack <no-dsa> (Minor issue)
+ [bullseye] - knack <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/microsoft/knack/issues/281
CVE-2025-54363 (Microsoft Knack 0.12.0 allows Regular expression Denial of Service (Re ...)
- knack <unfixed> (bug #1111774)
[trixie] - knack <no-dsa> (Minor issue)
[bookworm] - knack <no-dsa> (Minor issue)
+ [bullseye] - knack <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/microsoft/knack/issues/281
CVE-2025-54145 (The QR scanner could allow arbitrary websites to be opened if a user w ...)
NOT-FOR-US: Firefox for iOS
@@ -1426,6 +1428,7 @@ CVE-2025-9136 (A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0.
- retroarch <unfixed> (bug #1111614)
[trixie] - retroarch <no-dsa> (Minor issue)
[bookworm] - retroarch <no-dsa> (Minor issue)
+ [bullseye] - retroarch <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/libretro/RetroArch/pull/17555
NOTE: https://github.com/libretro/RetroArch/commit/b0999db885a0f1530f0e968c7450a4f0aa624b65 (v1.21.0)
CVE-2025-9135 (A vulnerability was detected in Verkehrsauskunft \xd6sterreich SmartRi ...)
@@ -6055,6 +6058,7 @@ CVE-2025-46206 (An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacke
- mupdf 1.25.1+ds1-7 (bug #1110482)
[trixie] - mupdf <no-dsa> (Minor issue)
[bookworm] - mupdf <no-dsa> (Minor issue)
+ [bullseye] - mupdf <postponed> (Minor issue; local DoS)
NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708521
NOTE: Introduced after: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=dde049432d9f28d29aa4be6730e67ebc28415ef3 (1.9-rc1)
NOTE: Fixed by: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/mupdf.git/commit/?id=0ec7e4d2201bb6df217e01c17396d36297abf9ac
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab17fe261f563c8eb2db7b4ef5b612799e02be92...73536843cd0d4d8d5b6bd1e0bd3b7fdbbe0ff9cf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab17fe261f563c8eb2db7b4ef5b612799e02be92...73536843cd0d4d8d5b6bd1e0bd3b7fdbbe0ff9cf
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250823/cbd0f3a7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list