[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Aug 25 12:06:21 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e637bc85 by Moritz Muehlenhoff at 2025-08-25T13:05:53+02:00
bookworm/trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -24,6 +24,8 @@ CVE-2025-9395 (A vulnerability was identified in wangsongyan wblog 0.0.1. This a
NOT-FOR-US: wangsongyan wblog
CVE-2025-9394 (A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the func ...)
- libpodofo <unfixed>
+ [trixie] - libpodofo <no-dsa> (Minor issue)
+ [bookworm] - libpodofo <no-dsa> (Minor issue)
NOTE: https://github.com/podofo/podofo/issues/275
NOTE: https://github.com/podofo/podofo/commit/22d16cb142f293bf956f66a4d399cdd65576d36c
CVE-2025-9393 (A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500 ...)
@@ -33,10 +35,11 @@ CVE-2025-9392 (A security vulnerability has been detected in Linksys RE6250, RE6
CVE-2025-9391 (A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affect ...)
NOT-FOR-US: Bjskzy Zhiyou ERP
CVE-2025-9390 (A security flaw has been discovered in vim up to 9.1.1615. Affected by ...)
- - vim <unfixed>
+ - vim <unfixed> (unimportant)
NOTE: https://github.com/vim/vim/issues/17944
NOTE: https://github.com/vim/vim/pull/17947
NOTE: https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0 (v9.1.1616)
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-9389 (A vulnerability was identified in vim 9.1.0000. Affected is the functi ...)
- vim <not-affected> (Vulnerable code not present)
NOTE: https://github.com/vim/vim/issues/17940
@@ -47,13 +50,16 @@ CVE-2025-9388 (A vulnerability was determined in Scada-LTS up to 2.7.8.1. This i
CVE-2025-9387 (A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an un ...)
NOT-FOR-US: DCN DCME-720
CVE-2025-9386 (A vulnerability has been found in appneta tcpreplay up to 4.5.1. The i ...)
- - tcpreplay <unfixed>
+ - tcpreplay <unfixed> (unimportant)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/appneta/tcpreplay/issues/973
CVE-2025-9385 (A flaw has been found in appneta tcpreplay up to 4.5.1. The affected e ...)
- - tcpreplay <unfixed>
+ - tcpreplay <unfixed> (unimportant)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/appneta/tcpreplay/issues/972
CVE-2025-9384 (A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacte ...)
- - tcpreplay <unfixed>
+ - tcpreplay <unfixed> (unimportant)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/appneta/tcpreplay/issues/971
CVE-2025-9383 (A security vulnerability has been detected in FNKvision Y215 CCTV Came ...)
NOT-FOR-US: FNKvision
@@ -354,13 +360,13 @@ CVE-2025-36042 (IBM QRadar SIEM 7.5 through 7.5.0Dashboard is vulnerable to cros
CVE-2025-33120 (IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated us ...)
NOT-FOR-US: IBM
CVE-2025-29366 (In mupen64plus v2.6.0 there is an array overflow vulnerability in the ...)
- - mupen64plus-core <unfixed>
+ - mupen64plus-core <unfixed> (unimportant)
NOTE: https://github.com/Giles-one/mupen64plusEscape/tree/main/BUG1
NOTE: https://github.com/mupen64plus/mupen64plus-core/pull/1080
NOTE: https://github.com/mupen64plus/mupen64plus-core/pull/1119
NOTE: https://github.com/mupen64plus/mupen64plus-core/pull/1122
NOTE: https://github.com/mupen64plus/mupen64plus-core/pull/1123
- TODO: check details
+ NOTE: Negligible security impact
CVE-2025-29365 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow ...)
- spim <unfixed> (unimportant)
NOTE: https://github.com/Giles-one/spimsimulatorEscape?tab=readme-ov-file#bug1-out-of-bounds-write-in-read_input-function
@@ -701,6 +707,8 @@ CVE-2025-9301 (A vulnerability was determined in cmake 4.1.20250725-gb5cce23. Th
NOTE: Negligible security impact
CVE-2025-9300 (A vulnerability was found in saitoha libsixel up to 1.10.3. Affected b ...)
- libsixel <unfixed> (bug #1111877)
+ [trixie] - libsixel <no-dsa> (Minor issue)
+ [bookworm] - libsixel <no-dsa> (Minor issue)
NOTE: https://github.com/saitoha/libsixel/issues/200
NOTE: https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1
CVE-2025-9299 (A vulnerability has been found in Tenda M3 1.0.0.12. Affected by this ...)
@@ -808,6 +816,8 @@ CVE-2025-52351 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a n
NOT-FOR-US: Aikaan IoT management platform
CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version 1.2.2 and ...)
- libsndfile <unfixed> (bug #1111876)
+ [trixie] - libsndfile <no-dsa> (Minor issue)
+ [bookworm] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/libsndfile/libsndfile/issues/1082
CVE-2025-51989 (HTML injection vulnerability in the registration interface in Evolutio ...)
NOT-FOR-US: HRmaster
=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ ark/oldstable (jmm)
--
firebird4.0/stable
--
+ffmpeg/oldstable (jmm)
+--
firefox-esr(jmm)
--
frr/oldstable
@@ -55,7 +57,7 @@ netty
--
node-cipher-base (jmm)
--
-nodejs/oldstable
+nodejs/oldstable (jmm)
Bastien Roucaries (rouca) showed interest to prepare an update and is working on it
--
opennds/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e637bc8575b73ee9c1829e80bb07d7e60a282979
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e637bc8575b73ee9c1829e80bb07d7e60a282979
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250825/40e9c740/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list