[Git][security-tracker-team/security-tracker][master] 3 commits: Mark apache2 CVEs as postponed for bullseye

Utkarsh Gupta (@utkarsh) utkarsh at debian.org
Sun Dec 7 13:33:14 GMT 2025 


Utkarsh Gupta pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f3b8d539 by Utkarsh Gupta at 2025-12-07T19:02:44+05:30
Mark apache2 CVEs as postponed for bullseye

- - - - -
fa68a610 by Utkarsh Gupta at 2025-12-07T19:02:47+05:30
Mark CVE-2025-13654/duc as postponed for bullseye

- - - - -
30eb2d82 by Utkarsh Gupta at 2025-12-07T19:02:51+05:30
Mark CVE-2025-32900/kdeconnect as ignored for bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -352,6 +352,7 @@ CVE-2025-13654 (A stack buffer overflow vulnerability exists in the buffer_get f
 	- duc 1.4.6-1 (bug #1122057)
 	[trixie] - duc <no-dsa> (Minor issue)
 	[bookworm] - duc <no-dsa> (Minor issue)
+	[bullseye] - duc <postponed> (Minor issue)
 	NOTE: Fixed by: https://github.com/zevv/duc/commit/8638c4365ffd9e1966bdef8af6339dbee8c17e66 (1.4.6)
 	NOTE: https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc
 CVE-2025-13620 (The Wp Social Login and Register Social Counter plugin for WordPress i ...)
@@ -454,6 +455,7 @@ CVE-2025-32901 (In KDE Connect before 1.33.0 on Android, malicious device IDs (s
 CVE-2025-32900 (In the KDE Connect information-exchange protocol before 2025-04-18, a  ...)
 	- kdeconnect 25.04.0-1
 	[bookworm] - kdeconnect <ignored> (Minor issue, design limitation of protocol version prior to 8)
+	[bullseye] - kdeconnect <ignored> (Minor issue, design limitation of protocol version prior to 8)
 	- gnome-shell-extension-gsconnect 62-1
 	[bookworm] - gnome-shell-extension-gsconnect <ignored> (Minor issue, design limitation of protocol version prior to 8)
 	NOTE: https://kde.org/info/security/advisory-20250418-2.txt
@@ -991,11 +993,13 @@ CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo vulnerabili
 	- apache2 2.4.66-1 (bug #1121926)
 	[trixie] - apache2 <no-dsa> (Minor issue)
 	[bookworm] - apache2 <no-dsa> (Minor issue)
+	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
 CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
 	- apache2 2.4.66-1 (bug #1121926)
 	[trixie] - apache2 <no-dsa> (Minor issue)
 	[bookworm] - apache2 <no-dsa> (Minor issue)
+	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
 CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability   in Apache HTTP Serv ...)
 	- apache2 <not-affected> (Only affects Apache on Windows)
@@ -1004,11 +1008,13 @@ CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side Includes
 	- apache2 2.4.66-1 (bug #1121926)
 	[trixie] - apache2 <no-dsa> (Minor issue)
 	[bookworm] - apache2 <no-dsa> (Minor issue)
+	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
 CVE-2025-55753 (An integer overflow in the case of failed ACME certificate renewal lea ...)
 	- apache2 2.4.66-1 (bug #1121926)
 	[trixie] - apache2 <no-dsa> (Minor issue)
 	[bookworm] - apache2 <no-dsa> (Minor issue)
+	[bullseye] - apache2 <postponed> (Minor issue)
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
 CVE-2025-40215 (In the Linux kernel, the following vulnerability has been resolved:  x ...)
 	- linux 6.16.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36b37246ac34ff2a60fa77eef22f870675c52698...30eb2d824b5483205d35fdc8c212dc848196bc7c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36b37246ac34ff2a60fa77eef22f870675c52698...30eb2d824b5483205d35fdc8c212dc848196bc7c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251207/3f5a7ee6/attachment.htm>

More information about the debian-security-tracker-commits mailing list