[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Aug 26 10:07:18 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0fe091ce by Moritz Muehlenhoff at 2025-08-26T11:06:59+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1920,6 +1920,8 @@ CVE-2025-9132 (Out of bounds write in V8 in Google Chrome prior to 139.0.7258.13
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9165 (A flaw has been found in LibTIFF 4.7.0. This affects the function _TIF ...)
- tiff 4.7.0-4 (bug #1111878)
+ [trixie] - tiff <no-dsa> (Minor issue)
+ [bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/728
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/747
NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
@@ -2968,6 +2970,7 @@ CVE-2025-55203 (Plane is open-source project management software. Prior to versi
CVE-2025-54989 (Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, an ...)
{DLA-4282-1}
- firebird3.0 3.0.13.ds7-1 (bug #1111321)
+ [trixie] - firebird3.0 <no-dsa> (Minor issue)
[bookworm] - firebird3.0 <no-dsa> (Minor issue)
- firebird4.0 4.0.6.3221.ds6-1 (bug #1111320)
NOTE: https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
@@ -3163,6 +3166,8 @@ CVE-2025-8962 (A vulnerability was found in code-projects Hostel Management Syst
NOT-FOR-US: code-projects
CVE-2025-8961 (A weakness has been identified in LibTIFF 4.7.0. This affects the func ...)
- tiff <unfixed> (bug #1111317)
+ [trixie] - tiff <no-dsa> (Minor issue)
+ [bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/721
CVE-2025-8960 (A vulnerability has been found in Campcodes Online Flight Booking Mana ...)
NOT-FOR-US: Campcodes
@@ -6876,6 +6881,8 @@ CVE-2025-4588 (The 360 Photo Spheres plugin for WordPress is vulnerable to Store
NOT-FOR-US: WordPress plugin
CVE-2024-13978 (A vulnerability was found in LibTIFF up to 4.7.0. It has been declared ...)
- tiff 4.7.0-4 (bug #1111323)
+ [trixie] - tiff <no-dsa> (Minor issue)
+ [bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/649
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/650
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/667
@@ -8465,6 +8472,7 @@ CVE-2025-23286 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 <unfixed> (bug #1109916)
+ [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1109917)
CVE-2025-23279 (NVIDIA .run Installer for Linux and Solaris contains a vulnerability w ...)
@@ -71372,6 +71380,7 @@ CVE-2025-21312 (Windows Smart Card Reader Information Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-21311 (Windows NTLM V1 Elevation of Privilege Vulnerability)
- squid 7.1-1
+ [trixie] - squid <no-dsa> (Minor issue)
[bookworm] - squid <no-dsa> (Minor issue)
[bullseye] - squid <postponed> (Minor issue, generic deprecation of NTLMv1 auth)
NOTE: 7.1 removes the ntlm_smb_lm_auth module
@@ -136826,7 +136835,7 @@ CVE-2024-3155 (The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post
NOT-FOR-US: WordPress plugin
CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making requests thro ...)
- requests 2.32.3+dfsg-1 (bug #1071593)
- [bookworm] - requests <no-dsa> (Minor issue)
+ [bookworm] - requests <ignored> (Minor issue, too intrusive to backport)
[bullseye] - requests <no-dsa> (Minor issue)
[buster] - requests <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
@@ -339196,6 +339205,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cros
NOT-FOR-US: Sofico
CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...)
- squirrel3 <unfixed> (bug #1016212)
+ [trixie] - squirrel3 <no-dsa> (Minor issue)
[bullseye] - squirrel3 <no-dsa> (Minor issue)
[buster] - squirrel3 <no-dsa> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fe091cebb915a8ebeef3f016952e2f1235966d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fe091cebb915a8ebeef3f016952e2f1235966d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250826/4e719bf0/attachment.htm>
More information about the debian-security-tracker-commits
mailing list