[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Dec 15 15:08:00 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
078fdc61 by Moritz Muehlenhoff at 2025-12-15T16:07:24+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,6 +8,8 @@ CVE-2025-67900 (NXLog Agent before 6.11 can load a file specified by the OPENSSL
NOT-FOR-US: NXLog Agent
CVE-2025-67899 (uriparser through 0.9.9 allows unbounded recursion and stack consumpti ...)
- uriparser <unfixed>
+ [trixie] - uriparser <no-dsa> (Minor issue)
+ [bookworm] - uriparser <no-dsa> (Minor issue)
NOTE: https://github.com/uriparser/uriparser/issues/282
NOTE: https://github.com/uriparser/uriparser/pull/284
CVE-2025-67898 (MJML through 4.18.0 allows mj-include directory traversal to test file ...)
@@ -1190,7 +1192,11 @@ CVE-2025-14526 (A security flaw has been discovered in Tenda CH22 1.0.0.1. This
NOT-FOR-US: Tenda
CVE-2025-14523 (A flaw in libsoup\u2019s HTTP header handling allows multiple Host: he ...)
- libsoup3 <unfixed> (bug #1122667)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/472
CVE-2025-14522 (A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c1 ...)
NOT-FOR-US: baowzh hfly
@@ -1347,6 +1353,7 @@ CVE-2025-67716 (The Auth0 Next.js SDK is a library for implementing user authent
NOT-FOR-US: Next.js
CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and below tr ...)
- miniflux <unfixed> (bug #1122583)
+ [trixie] - miniflux <no-dsa> (Minor issue)
NOTE: https://github.com/miniflux/v2/security/advisories/GHSA-wqv2-4wpg-8hc9
NOTE: Fixed by: https://github.com/miniflux/v2/commit/76df99f3a3db234cf6b312be5e771485213d03c7 (2.2.15)
CVE-2025-67694
@@ -2892,6 +2899,8 @@ CVE-2024-47570 (An insertion of sensitive information into log file vulnerabilit
NOT-FOR-US: Fortinet
CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
- edk2 <unfixed> (bug #1122288)
+ [trixie] - edk2 <no-dsa> (Minor issue)
+ [bookworm] - edk2 <no-dsa> (Minor issue)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
NOTE: Fixed by: https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249 (edk2-stable202511)
CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird ESR 140.5 ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -73,5 +73,7 @@ tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
--
+wordpress/stable
+--
zabbix/oldstable
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078fdc611135d8c18d0a3fceb4b466a3ee29449e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078fdc611135d8c18d0a3fceb4b466a3ee29449e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251215/9c6ce362/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list