[Git][security-tracker-team/security-tracker][master] 4 commits: lts: CVE-2025-64702/golang-github-lucas-clemente-quic-go no-dsa
Emilio Pozuelo Monfort (@pochu)
pochu at debian.org
Wed Dec 17 13:10:56 GMT 2025
Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker
Commits:
62675743 by Emilio Pozuelo Monfort at 2025-12-17T14:10:36+01:00
lts: CVE-2025-64702/golang-github-lucas-clemente-quic-go no-dsa
- - - - -
e4bc8320 by Emilio Pozuelo Monfort at 2025-12-17T14:10:36+01:00
lts: add smb4k
- - - - -
b695428f by Emilio Pozuelo Monfort at 2025-12-17T14:10:38+01:00
lts: CVE-2025-66549/nextcloud-desktop postponed
- - - - -
4a03eaea by Emilio Pozuelo Monfort at 2025-12-17T14:10:39+01:00
lts: CVE-2025-67897/rust-sequoia-openpgp ignored
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2131,6 +2131,7 @@ CVE-2025-64702 (quic-go is an implementation of the QUIC protocol in Go. Version
- golang-github-lucas-clemente-quic-go <unfixed> (bug #1122814)
[trixie] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
[bookworm] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
+ [bullseye] - golang-github-lucas-clemente-quic-go <no-dsa> (Limited support, minor issue)
NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-g754-hx8w-x2g6
NOTE: Fixed by: https://github.com/quic-go/quic-go/commit/5b2d2129f8315da41e01eff0a847ab38a34e83a8 (v0.57.0)
CVE-2025-62192 (SQL Injection vulnerability exists in GroupSession Free edition prior ...)
@@ -2715,6 +2716,7 @@ CVE-2025-67897 (In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphe
- rust-sequoia-openpgp 2.1.0-1 (bug #1122582)
[trixie] - rust-sequoia-openpgp <no-dsa> (Minor issue)
[bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)
+ [bullseye] - rust-sequoia-openpgp <ignored> (Minor issue)
NOTE: Fixed by: https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5 (openpgp/v2.1.0)
CVE-2025-67484
- mediawiki 1:1.43.6+dfsg-1
@@ -6200,6 +6202,7 @@ CVE-2025-66550 (Nextcloud Calendar is a calendar app for Nextcloud. Prior to 4.7
CVE-2025-66549 (Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3 ...)
- nextcloud-desktop 3.16.6-3
[bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
+ [bullseye] - nextcloud-desktop <postponed> (Minor issue)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h9xj-qh76-q3hw
NOTE: https://github.com/nextcloud/desktop/pull/8330
NOTE: Fixed by: https://github.com/nextcloud/desktop/commit/27ede927d4a86939a4243cc6a1fb656ce04512ef (v3.17.0-rc1)
=====================================
data/dla-needed.txt
=====================================
@@ -378,6 +378,9 @@ rust-openssl
NOTE: 20251107: https://buildd.debian.org/status/package.php?p=rust-debcargo&suite=bullseye-security
NOTE: 20251107: Please coordinate with FTP masters to unblock the situation (Beuc/front-desk)
--
+smb4k
+ NOTE: 20251217: Added by Front-Desk (pochu)
+--
sogo (paride)
NOTE: 20251207: Added by Front-Desk (utkarsh)
NOTE: 20251207: Also consider fixing postponed CVEs. (utkarsh)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3baf35de4f30cdf6eceecd5c65134b72665f007...4a03eaead9f34d8dbfdaa131374d93380ddd9e1c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c3baf35de4f30cdf6eceecd5c65134b72665f007...4a03eaead9f34d8dbfdaa131374d93380ddd9e1c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251217/c4f046c9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list