[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Tue Dec 16 09:56:05 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6a9ebdeb by Moritz Muehlenhoff at 2025-12-16T10:52:52+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2963,6 +2963,7 @@ CVE-2025-33213 (NVIDIA Merlin Transformers4Rec for Linux contains a vulnerabilit
 	NOT-FOR-US: NVIDIA
 CVE-2025-2296 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
 	- edk2 2025.02-1
+	[bookworm] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-6pp6-cm5h-86g5
 	NOTE: https://github.com/tianocore/edk2/pull/10628
 	NOTE: https://www.kraxel.org/blog/2025/12/analyzing-cve-2025-2296/
@@ -4870,6 +4871,7 @@ CVE-2025-66550 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7
 	NOT-FOR-US: Nextcloud Calendar
 CVE-2025-66549 (Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3 ...)
 	- nextcloud-desktop 3.16.6-3
+	[bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h9xj-qh76-q3hw
 	NOTE: https://github.com/nextcloud/desktop/pull/8330
 	NOTE: Fixed by: https://github.com/nextcloud/desktop/commit/27ede927d4a86939a4243cc6a1fb656ce04512ef (v3.17.0-rc1)
@@ -16897,6 +16899,8 @@ CVE-2025-62707 (pypdf is a free and open-source pure-python PDF library. Prior t
 CVE-2025-62706 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	{DLA-4352-1}
 	- python-authlib 1.6.5-1
+	[trixie] - python-authlib <no-dsa> (Minor issue)
+	[bookworm] - python-authlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m
 	NOTE: Fixed by: https://github.com/authlib/authlib/commit/4b5b5703394608124cd39e547cc7829feda05a13 (v1.6.5)
 CVE-2025-62705 (OpenBao is an open source identity-based secrets management system. Pr ...)
@@ -21142,6 +21146,8 @@ CVE-2025-61921 (Sinatra is a domain-specific language for creating web applicati
 CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	{DLA-4352-1}
 	- python-authlib 1.6.5-1
+	[trixie] - python-authlib <no-dsa> (Minor issue)
+	[bookworm] - python-authlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
 	NOTE: https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e (v1.6.5)
 CVE-2025-61919 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
@@ -28398,6 +28404,8 @@ CVE-2025-59430 (Mesh Connect JS SDK contains JS libraries for integrating with M
 CVE-2025-59420 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	{DLA-4352-1}
 	- python-authlib 1.6.4-1
+	[trixie] - python-authlib <no-dsa> (Minor issue)
+	[bookworm] - python-authlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32
 	NOTE: https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df (v1.6.4)
 CVE-2025-59418 (BunnyPad is a note taking software. Prior to version 11.0.27000.0915,  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -52,6 +52,8 @@ php-laravel-framework/oldstable
 --
 python-django
 --
+python-tornado
+--
 rails
 --
 roundcube
@@ -65,6 +67,8 @@ ruby-saml/oldstable
 --
 runc
 --
+smb4k
+--
 sogo
 --
 sympa/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a9ebdeb3bfe1b3ea62e42796aa09f13ad41e88d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a9ebdeb3bfe1b3ea62e42796aa09f13ad41e88d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251216/bc2e743f/attachment-0001.htm>
