[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Dec 13 19:14:57 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7258bea8 by Moritz Muehlenhoff at 2025-12-13T20:14:15+01:00
bookworm/trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,12 +35,11 @@ CVE-2025-67863
 CVE-2025-67750 (Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and  ...)
 	NOT-FOR-US: Lightning Flow Scanner
 CVE-2025-67749 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versi ...)
-	- pcsx2 <unfixed> (bug #1122861)
-	[trixie] - pcsx2 <no-dsa> (Minor issue)
-	[bookworm] - pcsx2 <no-dsa> (Minor issue)
+	- pcsx2 <unfixed> (bug #1122861; unimportant)
 	NOTE: https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w
 	NOTE: https://github.com/PCSX2/pcsx2/pull/13693
 	NOTE: Fixed by: https://github.com/PCSX2/pcsx2/commit/8164f2b2db6993170aced27d171bdc4e1f2eb5c8 (v2.5.378)
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-67721 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zst ...)
 	NOT-FOR-US: Aircompressor
 CVE-2025-67634 (The CISA Software Acquisition Guide Supplier Response Web Tool before  ...)
@@ -1321,8 +1320,10 @@ CVE-2025-65814 (A lack of security checks in the file import process of RHOPHI A
 	NOT-FOR-US: RHOPHI Analytics LLP Office App-Edit Word
 CVE-2025-65807 (An issue in sd command v1.0.0 and before allows attackers to escalate  ...)
 	- rust-sd <unfixed>
+	[trixie] - rust-sd <no-dsa> (Minor issue)
+	[bookworm] - rust-sd <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/faabbi/827f10e144fdd342e13a3dd838902e83
-	TODO: check details and impact/severity
+	NOTE: https://github.com/chmln/sd/issues/323
 CVE-2025-65803 (An integer overflow in the psdParser::ReadImageData function of FreeIm ...)
 	- freeimage <unfixed> (bug #1122826)
 	[trixie] - freeimage <postponed> (Minor issue, revisit when fixed upstream)
@@ -2813,17 +2814,23 @@ CVE-2025-14309 (NULL Pointer Dereference vulnerability in ravynsoft ravynos.This
 	NOT-FOR-US: ravynos
 CVE-2025-14308 (An integer overflow vulnerability exists in the write method of the Bu ...)
 	- robocode <unfixed> (bug #1122289)
+	[trixie] - robocode <no-dsa> (Minor issue)
+	[bookworm] - robocode <no-dsa> (Minor issue)
 	NOTE: https://github.com/robo-code/robocode/pull/70
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/5ca52e3af7e35cd0a7309d573595dcb78cce7fa7 (VER_1_9_5_6)
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/9f616173e5ed3b7b6c02c2b230b1014822bee363 (VER_1_9_5_6)
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/9787e2cc90942d94ae341cf5562e42495443084b (VER_1_9_5_6)
 CVE-2025-14307 (An insecure temporary file creation vulnerability exists in the AutoEx ...)
 	- robocode <unfixed> (bug #1122289)
+	[trixie] - robocode <no-dsa> (Minor issue)
+	[bookworm] - robocode <no-dsa> (Minor issue)
 	NOTE: https://github.com/robo-code/robocode/pull/68
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/964b10f74064d04a3ea05a52b74ed86f485a13d5 (VER_1_9_5_6)
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/1638298ac872d7a92daf02de758f35f8012eae96 (VER_1_9_5_6)
 CVE-2025-14306 (A directory traversal vulnerability exists in the CacheCleaner compone ...)
 	- robocode <unfixed> (bug #1122289)
+	[trixie] - robocode <no-dsa> (Minor issue)
+	[bookworm] - robocode <no-dsa> (Minor issue)
 	NOTE: https://github.com/robo-code/robocode/pull/67
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f (VER_1_9_5_6)
 CVE-2025-14286 (A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affecte ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
+c-ares/stable
+--
 cpp-httplib
   Maintainer preparing updates, waiting for feedback on bookworm status
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7258bea870551dc5be590b1a99f98a3a0ac33aa5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7258bea870551dc5be590b1a99f98a3a0ac33aa5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251213/0341153c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list