[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Aug 23 17:23:30 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
220d9817 by Moritz Muehlenhoff at 2025-08-23T18:23:14+02:00
bookworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -263,9 +263,9 @@ CVE-2025-29366 (In mupen64plus v2.6.0 there is an array overflow vulnerability i
NOTE: https://github.com/Giles-one/mupen64plusEscape/tree/main/BUG1
TODO: check details
CVE-2025-29365 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow ...)
- - spim <unfixed>
+ - spim <unfixed> (unimportant)
NOTE: https://github.com/Giles-one/spimsimulatorEscape?tab=readme-ov-file#bug1-out-of-bounds-write-in-read_input-function
- TODO: check details
+ NOTE: Negligible security impact
CVE-2024-56179 (In MindManager Windows versions prior to 24.1.150, attackers could pot ...)
NOT-FOR-US: MindManager Windows
CVE-2024-53499 (Jeewms v3.7 was discovered to contain a SQL injection vulnerability vi ...)
@@ -2990,6 +2990,8 @@ CVE-2025-50817 (A vulnerability in the Python-Future 1.0.0 module allows for arb
NOTE: https://github.com/PythonCharmers/python-future/issues/268
CVE-2025-50518 (A use-after-free vulnerability exists in the coap_delete_pdu_lkd funct ...)
- libcoap3 <unfixed>
+ [trixie] - libcoap3 <ignored> (Minor issue, no reverse deps in trixie)
+ [bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in Bookworm)
NOTE: https://github.com/IreneTheITCrowd/blog/blob/main/libcoap-vulnerability.md
TODO: check details, coap_delete_pdu_lkd not present in src/coap_pdu.c, unclear details for upstream
CVE-2025-50515 (An issue was discovered in phome Empirebak 2010 in ebak2008/upload/cla ...)
@@ -4866,6 +4868,8 @@ CVE-2025-8737 (A vulnerability, which was classified as problematic, was found i
NOT-FOR-US: zlt2000 microservices-platform
CVE-2025-8736 (A vulnerability, which was classified as critical, has been found in G ...)
- cflow <unfixed>
+ [trixie] - cflow <no-dsa> (Minor issue)
+ [bookworm] - cflow <no-dsa> (Minor issue)
[bullseye] - cflow <ignored> (Crash in CLI tools)
NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00001.html
CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow up to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/220d98177ed662233ed1b9fb19d8045371e58d9b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/220d98177ed662233ed1b9fb19d8045371e58d9b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250823/3e6517c0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list