August 2025 Archives by thread
Starting: Fri Aug 1 03:31:01 BST 2025
Ending: Sun Aug 31 23:06:28 BST 2025
Messages: 1108
- [Git][security-tracker-team/security-tracker][master] LTS: claim libcommons-lang-java in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4262-1 for libcommons-lang-java
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-8454/devscripts assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-8454 as no-dsa for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for nvidia-graphics-drivers issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed via experimental for nvidia-open-gpu-kernel-modules issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32251/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new openexr issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- brtConsolidadora
BRT
- [Git][security-tracker-team/security-tracker][master] dla: drop golang-golang-x-net
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add a note about ca-certificates-java
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Two CVEs originally for Bootstrap rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32256/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54593/freshrss, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate some NFUs with itp'ed entry for freshrss
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54574/squid
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Two openexr issues are actually not clear not-affected, back to unfixed and add TODO
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48074/openexr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-48072
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-48073
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-48074
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54386/traefik, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-45767/node-jose
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-45768pyjwt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-53156/rust-transpose
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-48074/openexr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-49656/apache-jena
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-13978
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-48074 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for one chromium issue fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update association for CVE-2015-10141
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DLA-4260-1 now released.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Remove notes from now rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-49832/asterisk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Review missing suffixes for 2007 DSAs
Salvatore Bonaccorso ( at carnil)
- Processing 4662c839a6e36113912d29c1dbdd0909ce0f6f6f failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add reference for collection on fixes for CVE-2025-53399
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-53399/rtpengine
Salvatore Bonaccorso ( at carnil)
- Processing 4a654508620adbc53f4cb20d3d34ab6ce959f6ed failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Build new cross-references after suffix addition to some old DSAs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-49832/asterisk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-45768/pyjwt
Salvatore Bonaccorso ( at carnil)
- Processing dd28c261baa83f4a4543bf004149b299d70de51f failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54955/opennebula
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new iperf3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32255/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32253/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] update note in dla-needed.txt
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for redict issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for asterisk issue fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2015-10141
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update CVE-2024-10041: Add follow fix and ignore for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial mapping for WebKitGTK and WPE WebKit issues from WSA-2025-0005
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-54351/iperf3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-54350/iperf3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-54349/iperf3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-8042/firefox
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct entry for historic DSA-1237-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Review first batch of DSA suffixes from 2006
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Complete tracking of fixes in DSA-1214-2/1 for gv
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Review a small set of 2006 DSAs for correct suffix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-10041/pam bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-53399/rtpengine
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct references for CVE-2025-5362{8,9}/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add notes for ruby-graphql
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2025-48074/openexr as postponed for bullseye
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Take ruby-saml for bullseye as doing that work for DSA
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add webkit2gtk to dla-needed
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4263-1 for ruby-graphql
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4264-1 for exempi
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for iperf3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] reclaim nextcloud-desktop in dla-needed.txt
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] lts: take webkit2gtk
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] dla: add notes
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2025-7394/wolfssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-27407 as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-45767/node-jose
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-43023/hplip
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54410/docker.io
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-54388 according to upstream
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46206/mupdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new poppler issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add wordpress to dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add docker.io
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54410/moby
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add iperf3
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add dla-needed jackrabbit
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add libhtp
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add mupdf
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-8262/node-yarnpkg bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add sqlite
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla: take iperf3
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: take jackrabbit
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54410/docker.io: Link to prerequisite changes for older versions
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: take libhtp
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Refer to non-merge commit for CVE-2025-54410
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop notes
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two iperf3 issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify status for libxslt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-46094 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: reclaim openjdk-17 and update notes
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add description based rule for Portabilis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update notes for VE-2025-54349, CVE-2025-54350 and CVE-2025-54351
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take wordpress for DLA
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Note that Utkarsh plans to contribute wordpress update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54874/openjpeg2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54874/openjpeg2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add ros-ros-com to dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8534/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54802/pyload, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54119/libphp-adodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new set of chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional reference for CVE-2022-29977/libsixel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-7844/wolftpm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reassign CVE-2025-50422 to track fix in cairo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-54119 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-50420/poppler
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54119/libphp-adodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add SQUID
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixes for chromium via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-47874/starlette [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: status for PAM
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8556/golang-github-cloudflare-circl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add dla-needed hplip
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] add CVE-2025-54879/mastodon, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Google p0 reference for CVE-2025-38236
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Deassociate CVE-2025-43023 from the hplip source package
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: remove hplip
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add three CVEs for the dead fork libav of ffmpeg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim mupdf.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Document embedded copy of fpdi in icingaweb2-module-pdfexport
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54869/icingaweb2-module-pdfexport
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54571/modsecurity-apache
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2012-10024/xbmc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54956/r-cran-gh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Unify comments in embedded-code-copies
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54571/modsecurity-apache
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-46206/mupdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54956/r-cran-gh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-46206/mupdf as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Andres Salomon ( at dilinger)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8419/keycloak
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-45766/poco, but not yet clear status
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim pytorch in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] LTS: claim u-boot in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-46206/mupdf via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-54571/modsecurity-apache as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-8101 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop missclassified CVE-2025-6499 as NFU for linkifyjs and add todo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add embedded copy tracking for libucl in rspamd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54799/golang-github-xenolf-lego
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add wolfssl
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: libphp-adodb
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47906/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47907/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54798/node-tmp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-3770/edk2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add another covered product for checkpoint CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add notes on mitigations on libxml2 for CVE-2025-7425/libxslt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54799
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54798/node-tmp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-3770/edk2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-7054/quiche
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-44779/ollama
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-50952/openjpeg2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54571/mod-security [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: node-tmp
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54799/golang-github-xenolf-lego [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add rcran-rh
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54869
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-3770/edk2 [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Fix typo in NOTE for CVE-2025-54799
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-54799 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Demote CVE-2025-54869 to unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8698/open5gs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add asterisk
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla: take node-tmp
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-49832/asterisk does not affect bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-55014/stardict affects us
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2025-55014
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54368/uv, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-45765/ruby-jwt, mark as unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to where problems start earliest for CVE-2025-46206
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47908/golang-github-rs-cors
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new cflow issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new bison issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8732/libxml2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2010-10013/ajaxplorer, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2012-10048/zenoss, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2012-10050/cuteflow, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reassign one older NFU to itp'ed entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2019-11388/modsecurity-crs has already been fixed
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4265-1 for modsecurity-crs
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-50420/poppler [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-53022
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47183/gst-plugins-good1.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47219/gst-plugins-good1.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-4780{6,7,8}/gst-plugins-base1.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Process some NFUs
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] Revert "Add CVE-2025-50340/sogo"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add sogo issues with todo item to check state
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 6 commits: data/config.json: Update mapping release -> codenames
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-50340
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-8733
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for bison issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-50422/cairo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-8262/node-yarnpkg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-8197/libsoup3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track proposed imagemagick update via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add redis forks to data/embedded-code-copies
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add back todo for CVE-2011-10008
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] golang [bullseye] triage issue
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4266-1 for distro-info-data
Stefano Rivera ( at stefanor)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-7039/glib2.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-32989/gnutls28 does not affect bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4267-1 for gnutls28
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] cflow [bullseye] mark as ignored
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-50422/cairo [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2018-16375/openjpeg2 is already fixed in >= bullseye
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-50952/openjpeg2: Fix URL in note
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Remove one no-dsa level tagged entry from unimportant CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Specifiy distribution to oldstable when only there a DSA is needed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Update Apache list
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dsa-needed: Typo fix
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Track new issues in openbao, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two python3.13 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add note to CVE-2025-8746
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] Add a note about CVE-2025-45768/pyjwt
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: NFUs
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] Triage openjpeg2 issues for bookworm and trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed openjpeg2 update via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-45512/u-boot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-57868 as no-dsa for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-40923 as no-dsa for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-58036 as no-dsa for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-40914 as no-dsa for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-40924 as no-dsa for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-40918 as no-dsa for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add explicit references for CVE-2025-40918
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Pushed new branch python-pip-embed
Stefano Rivera ( at stefanor)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-40923/libplack-middleware-session-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-7394/wolfssl via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-6545/node-pbkdf2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-53382/node-prismjs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for various wpewebkit issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-45512
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-8746 as unimportant issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-55188
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Demote CVE-2025-45768 to unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for same class of issues with disputed security impact
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] remove NFU entry for rejected issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-50952/openjpeg2 [bulleyes]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-55188/bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-40924 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-40914/libcryptx-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-40918/libauthen-sasl-perl via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track fixes for webkit2gtk via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for ros-ros-comm issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim hdf5 in dla-needed.txt
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2025-7394/wolfssl as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two jasper issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8747/keras
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2024-55459 with src:keras
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] wpewebkit is not covered by security support in trixie
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] security-team overview: Sync table with real situation
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4268-1 for node-tmp
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add reference to report for CVE-2025-55188
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-32776/openrazer was fixed in the latest bookworm point release
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Drop tracking for openrazer, it was already fixed in the last bookworm point release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop two CVEs which got rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Demote severity for ros-ros-comm issues to unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-5456{6,7}/qemu via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2020-24352/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via unstable for CVE-2025-2814
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2024-58036 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DLA-4269-1 ca-certificates-java - bugfix update
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: ros-ros-com
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: ca-certificates
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for wolfssl fix via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: pip included an embedded python-typing-extensions until 25.2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Deleted branch python-pip-embed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-23048/apache2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Sophos
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] commons-beanutils ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-48734 as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8851/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8837/jasper
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38499/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Partial revert of CVE-2025-23048/apache2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 4 commits: bin/check-syntax: drop dead code
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add new nasm issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40920/libcatalyst-authentication-credential-http-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-40920
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking for new libcsp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] drop NFU for rejected issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark stardict as fixed in 3.0.7+git20220909+dfsg-7, that version no longer
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-54874/openjpeg2 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Update Nvidia rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: NFU CVE-2025-55161
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55158/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55157/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55156/pyload, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55012/zed-editor
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-55157/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-55158
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8672/gimp
Maytham Alsudany ( at Maytha8)
- [Git][security-tracker-team/security-tracker][master] lts-cve-triage: factor out dla-needed checks for clarity and robustness
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-8845 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2022-29978
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to upstream report for CVE-2025-8197
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-40920
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-54798/node-tmp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4270-1 for apache2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,...
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2025-8845 in nasm for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Remove listing of CVE-2025-54090 in DLA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Revert "Triage CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,...
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] openjdk-17 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts-cve-triage: from_elts: add annotations
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38500/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-55159/rust-slab
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for nasm issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8885/bouncycastle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one more NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add one more product for the checkpoint CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new intel-microcode issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add intel-microcode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add one new edk2 issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: lts-cve-triage: bookworm is oldstable now
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] lts-cve-triage: mark some reports as low-priority
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4271-1 for linux-6.1
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] lts-cve-triage: to_forward: link salsa issue tracker
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] unsupported_packages: new 'supported' state not supported
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: reclaim luajit and unbound in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for CVE-2025-8860
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Convert CVE-2025-8672 to NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DSA for pgpool2
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] take libxslt from carnil as discussed
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] lts-cve-triage: typo
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-7462 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add notes to mitigation of CVE-2025-7425
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-36331/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for intel-microcode issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54472/brpc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate some older CVEs with brpc, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark lxd as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixes for two libxslt issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track CVE-2015-9019 is fixed in libxslt/1.1.32-1
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] trixia triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim sqlite3 in dla-needed.txt
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2023-53156/rust-transpose
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update references for CVE-2025-7425
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-8860/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-53859/nginx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-8941
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8916/bouncycastle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48989/tomcat
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Initial bootstrap for CVE-2025-8671
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new gitlab issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55668/tomcat
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add varnish for CVE-2025-8671
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add h2o for CVE-2025-8671
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: data/dla-needed.txt: Triage intel-microcode for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55163/netty
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track more gitlab CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-8197 as rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Annotate git entry to clarify for proposed update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track fix via experimental for CVE-2025-8860
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] varnish fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add note on libxml2 mitigation
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA based rule for Netskope
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix typo in key for Netskope rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Two CVEs for helm-kubernetes, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55193/rails
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-55188/7zip
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new aide issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add commit references for CVE-2025-54409 and CVE-2025-54389
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for aide update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4272-1 for aide
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add new postgresql issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for postgresql via {bookworm,trixie}-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Update Apache rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4273-1 for postgresql-13
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for tomcat issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage netty for bullseye LTS (CVE-2025-55163)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-38805/edk2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-55193/rails
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-55163/netty
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two aide issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add GHSA references for aide issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55197/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-50340 as unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add commit references for CVE-2024-3536{7,8}/ffmpeg in 5.1.y branch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add lighttpd for CVE-2025-8671
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-53859/nginx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for pypdf issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-8671/lighttpd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8961/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9019/tcpreplay
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] ffmpeg triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark haproxy n/a for madeyoureset
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new python-future issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim mbedtls
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] git spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add initial rule for Intel
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Update Cisco rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Update Intel rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Slighly reorder packages for CVE-2025-8671
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove git from dsa-needed, will be fixed in next point releases
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark now git as no-dsa for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-50518/libcoap3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-8671 and lighttpd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed/ceph
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-50200/rabbitmq-server
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-24975/firebird4.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-5342 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54989/firebird
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] (CVE-2025-54574|CVE-2023-5824)/squid
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed/squid
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38501/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2025-7207/mruby via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Annotate introducing commits for CVE-2025-50200
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-24975
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify upstream commits for CVE-2023-5824
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark mysql-workbench as removed from every suite supported in the archive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8959/golang-github-hashicorp-go-getter
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38502
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2023-32246/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2025-53859/nginx via experimental
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update note for mupdf.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Clarify status for CVE-2025-25724
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Record regression fix for CVE-2025-5918
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-9019 and add Debian bug reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference forCVE-2025-8959/golang-github-hashicorp-go-getter
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-8961/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for firebird issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-13978/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-9092 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] mark tar as non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for nvidia-graphics-drivers via bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mention that Bastien Roucariès wors on bookworm updates for squid
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-54989/firebird3.0 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes via experimental for cpp-httplib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla/sqlite3: update notes
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] lts: CVE-2025-43967/sqlite3: mark as not-affected in bullseye
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-9019 in tcpreplay for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track fix via unstable for CVE-2025-53537/libhtp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two firebird4.0 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Revert "Track CVE-2015-9019 is fixed in libxslt/1.1.32-1"
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] dla-needed: remove sqlite3
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for glib2.0 via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] .gitignore: Also ignore ELA-* in ELTS
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for CVE-2025-54874/openjpeg2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for node-tmp via CVE-2025-54798/node-tmp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for node-tmp via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-21988/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-47081/requests
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: reclaim webkit2gtk
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-5978-1
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4274-1 for mbedtls
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] dla: take ruby-saml
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add commit to fixing commit for CVE-2025-50200
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-50200/rabbitmq-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55291/shaarli
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add p0 reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add rsync references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new spring issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new ognl issue (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] DSA for libxslt
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVE changes from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38553/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4275-1 for openjdk-17
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] one cpp-httplib issue n/a for bookworm/trixie
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] imagemagick fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] imagemagick triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] two additional imagemagick CVEs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] binutils fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] more binutils fixes in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add reference to one linux issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-52927/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update reference for CVE-2025-41242
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add list reference for CVE-2025-53192
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-52887 as there was no vulnerable version in unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim libcommons-lang3-java in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add (upcoming) GHSA references for imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-8224
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-53192/ognl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-55291/shaarli
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new batch of Linux CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9165/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9157/tcpreplay
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9136/retroarch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new issues in node-mermaid
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Ad dCVE-2024-45062/ippusbxd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new chromium issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new firefox-esr issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new thunderbird issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add CNA rule for Lexmark
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr via unstable for mfsa2025-66
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2025-8747
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Remove association for tensorflow, itp'ed in CVE-2024-3660
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Update associations for CVE-2025-8747 and CVE-2025-1550
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new keycloak issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-9136/retroarch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Marking CVE-2023-28999 as ignored for Bullseye.
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Marking CVE-2022-41882 as <not-affected> for Bullseye.
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] glib2.0 ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4276-1 for webkit2gtk
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8364 from mfsa2025-56
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-23942 as ignored for Bullseye.
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Add two new knack issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed/rabbitmq
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed/netty
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] LTS: claim libxslt in dla-needed.txt
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] LTS: claim git in dla-needed.txt
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] Remove one rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed waitress update via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] firefox-esr DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add new issues for intellij-idea, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Revert ".gitignore: Also ignore ELA-* in ELTS"
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new tika issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-47806, CVE-2025-47807, and CVE-2025-47808 in gst-plugins-base1.0 for Bullseye
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-47183 and CVE-2025-47219 in gst-plugins-good1.0 for Bullseye
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add note for intel-microcode
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Add thunderbird
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-9132/chromium via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-5115/jetty
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking of two Movable Type CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add tika commit reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Softing
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new node-sha.js issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add temporary entry for OSSN-0094 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for OSSN-0094/watcher via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4277-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: take thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] update status for CVE-2025-5262
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] disassociate CVE-2017-0641 from libvpx
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add qemu to dla-needed.txt and claim it
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Track proposed rabbitmq-server update via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] squid DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVe-2025-54988: Add reference from 3.2.2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove trailing whitespaces
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-54988/tika
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference pull request for CVE-2024-39133
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DSA 5982-1 released for squid
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for jetty issue CVE-2025-5115
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2025-9288
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2025-9287
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-9288
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-9287/node-cipher-base
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add cpp-httplib to dsa-needed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add commit that fixes CVE-2025-53101 for imagemagick v6
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] dla-needed: Add imagemagick
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Both CVE-2025-54363 and CVE-2025-54364 now reference same upstream issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for two knack CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9308/node-yarnpkg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9301/cmake
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new mattermost-server issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-57751/pyload, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9300/libsixel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-7969/node-markdown-it
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add more products for Esri CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-48956/vllm, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-8860/qemu via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-52194/libsndfile
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-9287/node-cipher-base via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-54119 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove some notes from CVEs which got withdrawn
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFU, concludes external check
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] firefox fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] LTS: claim libphp-adodb in dla-needed.txt
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] disassociate CVE-2017-17520 from src:tin
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] lts: add firefox-esr for 140
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] update fixed version for historic sqwebmail issue, thanks for Soeren Stoutner for following up
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] shaarli fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] disassociate various old bogus dnsmasq issues from src:dnsmasq
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: mark CVE-2025-53537/libhtp postponed
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4278-1 for mupdf
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] dla: take modsecurity-apache
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] libfcgi spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Merge Linux changes from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new qemu issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] qemu DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove todo item for CVE-2025-24975
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for qemu issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note for watcher and nova temporary entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add clamav as requested by @topodelapradera on IRC
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add two new log4cxx issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-29366/mupen64plus-core
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-29365/spim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-45134/mahara
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix reason for nvidia-open-gpu-kernel-modules in bookworm's no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add link to github issue that tracks behavior mentioned in CVE-2025-50817
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-53689/jackrabbit does not affect the binary package
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: take node-cipher-base
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: take firebird3.0
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] 3 commits: lts: mark CVE-2025-54363,CVE-2025-54364/knack postponed
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-53689
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add another covered product for Apache CNA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-45133/mahara
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-52194/libsndfile
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-9300/libsixel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-9165/tiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for log4cxx issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: triage CVE-2025-7969/node-markdown-it
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] 3 commits: lts: triage CVE-2025-9308/node-yarnpkg for Bullseye
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: add patch link for CVE-2024-4227/gsoap
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Remove one reference for CVE-2025-7969
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-44905
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two tiff issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] nvidia-open-gpu-kernel-modules ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gst-plugins-base1.0 ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-4316[78]/unbound: Add links to follow-up commits
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] botan ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4279-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-8941: temporarily reference question to Red Hat about scope
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4280-1 for unbound
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] libsndfile ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: add libsndfile
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4281-1 for iperf3
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] lts: triage CVE-2025-29366/mupen64plus-core
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] CVE-2020-24372/luajit: Add link to fixing commits and fixed version
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Demote CVE-2025-5436{3,4}/knack to unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-7462/ghostscript
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9405/open5gs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new vim issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9394/libpodofo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three new tcpreplay issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] golang-github-gin-contrib-cors fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] take imagemagick
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] new biosig issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4282-1 for firebird3.0
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dla: retake libhtp
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-48385 does not affect git/bullseye
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] ruby-saml: Add notes regarding the relationship between CVE-2025-54572 and CVE-2025-25293
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] LTS: Mark CVE-2024-45157, CVE-2025-27809, CVE-2025-27810 as not actionable
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] ffmpeg DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] golang-github-gin-contrib-cors spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] firebird3.0 spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gst-plugins-good1.0 ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add more biosig issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim suricata
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4283-1 for luajit
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reference discussion about CVE-2005-1308 with upstream
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for luajit via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-7458/sqlite3 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add unbound to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa entries for unbound as they will get an update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54989: Add ZDI reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs (external check)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new src:sail issues from TALOS reports
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] nginx fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libcoap3 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] modsecurity-apache ospu/spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] lts: tiff issues postponed/ignored
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Adjust NFU note
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts-cve-triage: fix crash when sid is unfixed
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Pass FD to Bastien
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reference 3.6.3 commit for CVE-2025-27810
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38676/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] node-cipher-base DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libtpms ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for sqlite3 via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-57804/python-h2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new Mahara issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for biosig issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-57810/jspdf, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-55298/imagemagick assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-55212/imagemagick assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-57803/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes about imagemagick issues not beeing public
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new mahara issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark 6.1.148-1 as uploded for Debian bookworm as released
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVEs updates from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libpodofo/bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-8671/h2o bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-9300/libsixel bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add another product for NVIDIA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-55014/stardict
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-9478/chromium via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] mark CVE-2023-51847 as not-affected in Bullseye, Bookworm, Trixie
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] xwayland fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Cover one more NVIDIA product
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark 6.12.43-1 as uploded for Debian trixie as released
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend rule for Tenable
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] iperf3 spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-53192/bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] bouncycastle/bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-58050/pcre2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for libarchive via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-51847
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40779/isc-kea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: claim clamav
Lucas Kanashiro ( at kanashiro)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2025-40779/isc-kea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-40779/isc-kea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-53105/glpi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] unbound DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add jetty9 to dla-needed
Bastien Roucariès ( at rouca)
- Processing 2c5ed3b81dfa29caf7c75cf751c6a3c49d0dd922 failed
security tracker role
- Processing 6645ecf016643dac4946f1f93ad96d9f18f9806c failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Update status for llhttp issue, entered the archive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Cisco rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-50420/poppler via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new k8s issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] pcre2 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-58240/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for pcre2 issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed pcre2 update via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark LLVM 21 as fixed for CVE-2024-7883, LLVM 20 won't get uploaded to sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-8067/udisks2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add udisks2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4284-1 for udisks2
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4285-1 for golang-github-gin-contrib-cors
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-8067/udisks2 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new rust-xcb issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for udisks2 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-57804/python-h2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for sail issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct assessment for CVE-2025-40779/isc-kea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2021-41874
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-57767/asterisk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54995/asterisk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-49266
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct status for CVE-2025-38676
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40927/libcgi-simple-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-40927 as no-dsa for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] kanboard re-uploaded again into archive mark issues as unfixed for now
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-40927/libcgi-simple-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for already fixed kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed updates for libcgi-simple-perl via {trixie,bookworm}-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for CVE-2025-7425
Aron Xu ( at aron)
- [Git][security-tracker-team/security-tracker][master] various assimp issues fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] libcoap3 spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] nova/watcher spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for perl via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust watcher for garget version, cf #1112282
Salvatore Bonaccorso ( at carnil)
- Mutual Investment Proposal
Luis Fernandez Consultant
- [Git][security-tracker-team/security-tracker][master] 2 commits: nginx spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Note libxml2 mitigations for CVE-2025-7425 in libxslt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: openafs-client
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-9394/libpodofo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-57803
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-57767
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-50518
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Postpone CVE-2025-40927/bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-3016/assimp reference commited fix to master branch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust reference for CVE-2024-48423
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for rust-xcb issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-55763/civetweb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate source package for CVE-2018-12684 and add reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9670/node-turndown
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9649/tcpreplay
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-54080/exiv2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-58058/golang-github-ulikunitz-xz
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-57767 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2024-5594/openvpn: record regression and fixes on v2.6 and v2.5
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-58160/rust-tracing-subscriber
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-58068/python-eventlet
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-58066/rust-ntpd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add exiv2 bug references for issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-55763
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-58066/rust-ntpd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-58058
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-58068
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-38677/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4274-2 for mbedtls
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] Fix DLA-4274-2 for mbedtls
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] rust-xcb fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla-needed: claim libsndfile
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] Postpone CVE-2025-52194/bullseye
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] dla/libsndfile: update notes
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-53859/nginx
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-55197/pypdf2 [bullseye]
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add civetweb/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-54080/exiv2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Correct CVE-2025-54080/description
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-55304/bullseye exiv2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add node-sha.js
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed: python-h2
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed add python-eventlet
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add spim dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-54571/modsecurity-apache
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] firebird4.0 security update
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] shaarli spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9572
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add additional references for CVE-2025-58160/rust-tracing-subscriber
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-58160/rust-tracing-subscriber
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-9136/retroarch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-4227/gsoap bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] biosig/bullseye
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-58066/rust-ntpd via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-47909/golang-github-gorilla-csrf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Triage two exiv2 issue for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new adminer issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libnginx-mod-http-lua ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] exiv2 fixed in experimental
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track exiv2 issues fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-9688/mupen64plus-core
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] older podofo issues fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add ancient CVE-2005-10004/cacti
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag references for podofo upstream commits
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: tika
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] dla-needed add log4cxx
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4286-1 for libcommons-lang3-java
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-eventlet in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-h2 in dla-needed.txt
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] add note for u-boot
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] poppler spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for poppler via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for libcommons-lang-java via {bookworm,trixie}-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-48924/libcommons-lang-java via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: CVE-2022-33065/libsndfile/bullseye: no-dsa -> postponed
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add note on investigation done on wolfssl
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4287-1 for libsndfile
Paride Legovini ( at paride)
Last message date:
Sun Aug 31 23:06:28 BST 2025
Archived on: Sun Aug 31 23:06:31 BST 2025
This archive was generated by
Pipermail 0.09 (Mailman edition).