[Git][security-tracker-team/security-tracker][master] 2 commits: Add new chromium issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab32d1b9 by Salvatore Bonaccorso at 2025-12-02T22:57:29+01:00
Add new chromium issues

- - - - -
f35de58d by Salvatore Bonaccorso at 2025-12-02T22:58:22+01:00
Add chromium to dsa-needed list

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -157,33 +157,46 @@ CVE-2025-13731 (The Nexter Extension \u2013 Site Enhancements Toolkit plugin for
 CVE-2025-13724 (The VikRentCar Car Rental Management System plugin for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13721 (Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote at ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13720 (Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a r ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13658 (A vulnerability in Longwatch devices allows unauthenticated HTTP GET r ...)
 	NOT-FOR-US: Industrial Video & Control
 CVE-2025-13640 (Inappropriate implementation in Passwords in Google Chrome prior to 14 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13639 (Inappropriate implementation in WebRTC in Google Chrome prior to 143.0 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13638 (Use after free in Media Stream in Google Chrome prior to 143.0.7499.41 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13637 (Inappropriate implementation in Downloads in Google Chrome prior to 14 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13636 (Inappropriate implementation in Split View in Google Chrome prior to 1 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13635 (Inappropriate implementation in Downloads in Google Chrome prior to 14 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13634 (Inappropriate implementation in Downloads in Google Chrome on Windows  ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13633 (Use after free in Digital Credentials in Google Chrome prior to 143.0. ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13632 (Inappropriate implementation in DevTools in Google Chrome prior to 143 ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13631 (Inappropriate implementation in Google Updater in Google Chrome on Mac ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13630 (Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a ...)
-	TODO: check
+	- chromium <unfixed>
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-13542 (The DesignThemes LMS plugin for WordPress is vulnerable to Privilege E ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13534 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
+chromium (dilinger)
+--
 cpp-httplib
   Maintainer preparing updates, waiting for feedback on bookworm status
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/74f45c9498430a367add79a4e2b1ea6984bbb1b8...f35de58df29f08439b83fe63c29a7db25f9ed382

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/74f45c9498430a367add79a4e2b1ea6984bbb1b8...f35de58df29f08439b83fe63c29a7db25f9ed382
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/f1dee412/attachment-0001.htm>