[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 4 08:13:02 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbb92bcc by security tracker role at 2025-12-04T08:12:54+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2025-66293 [Out-of-bounds read in png_image_read_composite]
+CVE-2025-66404 (MCP Server Kubernetes is an MCP Server that can connect to a Kubernete ...)
+	TODO: check
+CVE-2025-65868 (XML external entity (XXE) injection in eyoucms v1.7.1 allows remote at ...)
+	TODO: check
+CVE-2025-64055 (An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthentic ...)
+	TODO: check
+CVE-2025-62173 (## Summary  Authenticated SQL Injection Vulnerability in Endpoint Modu ...)
+	TODO: check
+CVE-2025-13513 (The Clik stats plugin for WordPress is vulnerable to Reflected Cross-S ...)
+	TODO: check
+CVE-2025-12826 (The Custom Post Type UI plugin for WordPress is vulnerable to authoriz ...)
+	TODO: check
+CVE-2025-12782 (The Beaver Builder \u2013 WordPress Page Builder plugin for WordPress  ...)
+	TODO: check
+CVE-2025-11727 (The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integr ...)
+	TODO: check
+CVE-2025-11379 (The WebP Express plugin for WordPress is vulnerable to information exp ...)
+	TODO: check
+CVE-2025-66293 (LIBPNG is a reference library for use in applications that read, creat ...)
 	- libpng1.6 1.6.52-1 (bug #1121877)
 	NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f
 	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1 (v1.6.52)
@@ -3136,6 +3154,7 @@ CVE-2025-12106 (Insufficient argument validation in OpenVPN 2.7_alpha1 through 2
 	- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
 	NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
 CVE-2025-13086 (Improper validation of source IP addresses in OpenVPN version 2.6.0 th ...)
+	{DSA-6069-1}
 	[experimental] - openvpn 2.7.0~rc2-1
 	- openvpn 2.7.0~rc2-2 (bug #1121086)
 	[bullseye] - openvpn <not-affected> (Vulnerable code not present)
@@ -7681,6 +7700,7 @@ CVE-2025-43445 (An out-of-bounds read was addressed with improved input validati
 CVE-2025-43444 (A permissions issue was addressed with additional restrictions. This i ...)
 	NOT-FOR-US: Apple
 CVE-2025-43443 (This issue was addressed with improved checks. This issue is fixed in  ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7692,6 +7712,7 @@ CVE-2025-43442 (A permissions issue was addressed with additional restrictions.
 CVE-2025-43441 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2025-43440 (This issue was addressed with improved checks This issue is fixed in S ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7707,6 +7728,7 @@ CVE-2025-43436 (A permissions issue was addressed with additional restrictions.
 CVE-2025-43435 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2025-43434 (A use-after-free issue was addressed with improved memory management.  ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7716,6 +7738,7 @@ CVE-2025-43434 (A use-after-free issue was addressed with improved memory manage
 CVE-2025-43433 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2025-43432 (A use-after-free issue was addressed with improved memory management.  ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7723,6 +7746,7 @@ CVE-2025-43432 (A use-after-free issue was addressed with improved memory manage
 	[bullseye] - wpewebkit <end-of-life> (see #1035997)
 	NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
 CVE-2025-43431 (The issue was addressed with improved memory handling. This issue is f ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7730,6 +7754,7 @@ CVE-2025-43431 (The issue was addressed with improved memory handling. This issu
 	[bullseye] - wpewebkit <end-of-life> (see #1035997)
 	NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
 CVE-2025-43430 (This issue was addressed through improved state management. This issue ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7737,6 +7762,7 @@ CVE-2025-43430 (This issue was addressed through improved state management. This
 	[bullseye] - wpewebkit <end-of-life> (see #1035997)
 	NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
 CVE-2025-43429 (A buffer overflow was addressed with improved bounds checking. This is ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7744,6 +7770,7 @@ CVE-2025-43429 (A buffer overflow was addressed with improved bounds checking. T
 	[bullseye] - wpewebkit <end-of-life> (see #1035997)
 	NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
 CVE-2025-43427 (This issue was addressed through improved state management. This issue ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7753,6 +7780,7 @@ CVE-2025-43427 (This issue was addressed through improved state management. This
 CVE-2025-43426 (A logging issue was addressed with improved data redaction. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2025-43425 (The issue was addressed with improved memory handling. This issue is f ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)
@@ -7808,6 +7836,7 @@ CVE-2025-43395 (This issue was addressed with improved handling of symlinks. Thi
 CVE-2025-43394 (This issue was addressed with improved handling of symlinks. This issu ...)
 	NOT-FOR-US: Apple
 CVE-2025-43392 (The issue was addressed with improved handling of caches. This issue i ...)
+	{DSA-6070-1 DLA-4394-1}
 	- webkit2gtk 2.50.2-1
 	- wpewebkit 2.50.2-1
 	[trixie] - wpewebkit <ignored> (wpewebkit not covered by security support in Trixie)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb92bccab860441ceecaed1a5b05c59f8d206d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb92bccab860441ceecaed1a5b05c59f8d206d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/2a4ce6de/attachment.htm>

More information about the debian-security-tracker-commits mailing list