[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2d31e962 by Moritz Muehlenhoff at 2025-12-04T17:14:53+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -116,6 +116,8 @@ CVE-2025-50360 (A heap buffer overflow in compiler.c and compiler.h in Pepper la
 	TODO: check
 CVE-2025-39665 (User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.4 ...)
 	- nagvis 1:1.9.48-1
+	[trixie] - nagvis <no-dsa> (Minor issue)
+	[bookworm] - nagvis <no-dsa> (Minor issue)
 	NOTE: https://github.com/NagVis/nagvis/pull/411
 	NOTE: Fixed by: https://github.com/NagVis/nagvis/commit/1a3d3ed21fb974da952ce2df13f20c2884626ebe (nagvis-1.9.48)
 CVE-2025-34319 (TOTOLINK N300RT wireless router firmware versions prior toV3.4.0-B2025 ...)
@@ -198,7 +200,11 @@ CVE-2025-12084 (When building nested elements using xml.dom.minidom methods such
 	- python3.9 <removed>
 	- python2.7 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- jython <unfixed>
+	[trixie] - jython <no-dsa> (Minor issue)
+	[bookworm] - jython <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/pull/142146
 	NOTE: https://github.com/python/cpython/issues/142145
 	NOTE: Fixed by: https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4 (main)
@@ -237,13 +243,15 @@ CVE-2025-61940 (NMIS/BioDose V22.02 and previous versions rely on a common SQL S
 CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31 bytes tri ...)
 	NOT-FOR-US: Meta software not packaged in Debian
 CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 t ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (unimportant)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-08.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20884
+	NOTE: Hang in CLI tool, no security impact
 CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of se ...)
-	- wireshark <unfixed>
+	- wireshark <unfixed> (unimportant)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-07.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20860
+	NOTE: Hang in CLI tool, no security impact
 CVE-2025-13646 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13645 (The Modula Image Gallery plugin for WordPress is vulnerable to arbitra ...)
@@ -322,6 +330,7 @@ CVE-2025-61727 (An excluded subdomain constraint in a certificate chain does not
 	- golang-1.25 <unfixed> (bug #1121847)
 	- golang-1.24 <unfixed> (bug #1121848)
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
 	NOTE: https://github.com/golang/go/issues/76442
@@ -331,6 +340,7 @@ CVE-2025-61729 (Within HostnameError.Error(), when constructing an error string,
 	- golang-1.25 <unfixed> (bug #1121847)
 	- golang-1.24 <unfixed> (bug #1121848)
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
 	NOTE: https://go-review.googlesource.com/c/go/+/725920



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d31e96286b65fca09ea01dee552b36e93a97b09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d31e96286b65fca09ea01dee552b36e93a97b09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251204/bc7a8ba6/attachment.htm>