[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Dec 17 11:50:32 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d0de4fdf by Moritz Muehlenhoff at 2025-12-17T12:47:24+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -10,17 +10,25 @@ CVE-2025-59374 ("UNSUPPORTED WHEN ASSIGNED"Certain versions of the ASUS Live Upd
 	NOT-FOR-US: ASUS
 CVE-2025-53619 (An out-of-bounds read vulnerability exists in the JPEGBITSCodec::Inter ...)
 	- gdcm <unfixed>
+	[trixie] - gdcm <no-dsa> (Minor issue)
+	[bookworm] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210
 CVE-2025-53618 (An out-of-bounds read vulnerability exists in the JPEGBITSCodec::Inter ...)
 	- gdcm <unfixed>
+	[trixie] - gdcm <no-dsa> (Minor issue)
+	[bookworm] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210
 CVE-2025-53524 (Fuji Electric Monitouch V-SFT-6 is vulnerable to an out-of-bounds writ ...)
 	NOT-FOR-US: Fuji Electric
 CVE-2025-52582 (An out-of-bounds read vulnerability exists in the Overlay::GrabOverlay ...)
 	- gdcm <unfixed>
+	[trixie] - gdcm <no-dsa> (Minor issue)
+	[bookworm] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211
 CVE-2025-48429 (An out-of-bounds read vulnerability exists in the RLECodec::DecodeBySt ...)
 	- gdcm <unfixed>
+	[trixie] - gdcm <no-dsa> (Minor issue)
+	[bookworm] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2214
 CVE-2025-34288 (Nagios XI versions prior to 2026R1.1 arevulnerable to local privilege  ...)
 	NOT-FOR-US: Nagios XI
@@ -746,11 +754,15 @@ CVE-2025-68150 (Parse Server is an open source backend that can be deployed to a
 	NOT-FOR-US: Parse Server
 CVE-2025-68146 (filelock is a platform-independent file lock for Python. In versions p ...)
 	- python-filelock <unfixed> (bug #1123510)
+	[trixie] - python-filelock <no-dsa> (Minor issue)
+	[bookworm] - python-filelock <no-dsa> (Minor issue)
 	NOTE: https://github.com/tox-dev/filelock/security/advisories/GHSA-w853-jp5j-5j7f
 	NOTE: https://github.com/tox-dev/filelock/pull/461
 	NOTE: Fixed by: https://github.com/tox-dev/filelock/commit/4724d7f8c3393ec1f048c93933e6e3e6ec321f0e (3.20.1)
 CVE-2025-68142 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...)
 	- pymdown-extensions <unfixed>
+	[trixie] - pymdown-extensions <no-dsa> (Minor issue)
+	[bookworm] - pymdown-extensions <no-dsa> (Minor issue)
 	NOTE: https://github.com/facelessuser/pymdown-extensions/security/advisories/GHSA-r6h4-mm7h-8pmq
 	NOTE: Fixed by: https://github.com/facelessuser/pymdown-extensions/commit/b50d15a56850ed1408a284bba81cc019c6bd72e8 (10.16.1)
 CVE-2025-68130 (tRPC allows users to build and consume fully typesafe APIs without sch ...)
@@ -7423,6 +7435,7 @@ CVE-2025-41086 (Vulnerability in the access control system of the GAMS licensing
 	NOT-FOR-US: GAMS licensing system
 CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability that allo ...)
 	- php-horde-groupware <unfixed> (bug #1123000)
+	[bookworm] - php-horde-groupware <no-dsa> (Minor issue)
 	NOTE: https://www.incibe.es/en/incibe-cert/notices/aviso/disclosure-sensitive-information-horde-groupware
 CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This ...)
 	NOT-FOR-US: TCMAN GIM


=====================================
data/dsa-needed.txt
=====================================
@@ -15,14 +15,14 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
-c-ares/stable
+c-ares/stable (carnil)
 --
 chromium (dilinger)
 --
 cpp-httplib
   Maintainer preparing updates, waiting for feedback on bookworm status
 --
-dropbear
+dropbear (jmm)
   Guilhem Moulin prepared an update
 --
 frr/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0de4fdf4ab8ae16fc2e9cb94d7c55d3284593a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d0de4fdf4ab8ae16fc2e9cb94d7c55d3284593a2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/b98db4e3/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list