[Git][security-tracker-team/security-tracker][master] 2 commits: lts: add info that CVE-2025-65187/civicrm is not fixed in 6.7.0 through 6.9.0

Daniel Leidert (@dleidert) dleidert at debian.org
Mon Dec 15 10:33:30 GMT 2025 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7113a047 by Daniel Leidert at 2025-12-15T11:30:25+01:00
lts: add info that CVE-2025-65187/civicrm is not fixed in 6.7.0 through 6.9.0

Upstream verified that they are actively working on this issue and will likely
address it with the next release. We (LTS) should revisit it then.

- - - - -
49ae4ce1 by Daniel Leidert at 2025-12-15T11:31:48+01:00
dla: add roundcube

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5835,6 +5835,7 @@ CVE-2025-65215 (Sourcecodester Web-based Pharmacy Product Management System v1.0
 	NOT-FOR-US: SourceCodester
 CVE-2025-65187 (A Stored Cross Site Scripting vulnerability exists in CiviCRM before v ...)
 	- civicrm <removed>
+	NOTE: Vulnerability still open in release 6.9.0. Revisit when fixed upstream.
 CVE-2025-65186 (Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). The page  ...)
 	NOT-FOR-US: Grav CMS
 CVE-2025-65105 (Apptainer is an open source container platform. In Apptainer versions  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -380,6 +380,10 @@ rails (rouca)
   NOTE: 20251120: Import old security release and fix. Will likely do a partial release due to number of CVEs (rouca)
   NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
 --
+roundcube
+  NOTE: 20251215: Added by Front-Desk (dleidert)
+  NOTE: 20251215: Follow DSA (dleidert/front-desk)
+--
 runc
   NOTE: 20251105: Added by Front-Desk (Beuc)
   NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0721b68fd07ddd6ed1bc29c6ddd0e2f431b8ab37...49ae4ce1f18698175d132bd03496f055ae8f458f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0721b68fd07ddd6ed1bc29c6ddd0e2f431b8ab37...49ae4ce1f18698175d132bd03496f055ae8f458f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251215/ba02a88c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list