[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Dec 18 09:32:06 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1579c88e by Moritz Muehlenhoff at 2025-12-18T10:31:34+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,8 @@ CVE-2025-6324 (Improper Neutralization of Input During Web Page Generation ('Cro
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68463 (Bio.Entrez in Biopython through 186 allows doctype XXE.)
 	- python-biopython <unfixed>
+	[trixie] - python-biopython <no-dsa> (Minor issue)
+	[bookworm] - python-biopython <no-dsa> (Minor issue)
 	NOTE: https://github.com/biopython/biopython/issues/5109
 CVE-2025-68459 (RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Rui ...)
 	NOT-FOR-US: RG - AP180, Indoor Wall Plate Wireless AP AP180 series
@@ -546,6 +548,8 @@ CVE-2025-14856 (A security vulnerability has been detected in y_project RuoYi up
 	NOT-FOR-US: RuoYi
 CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element ...)
 	- dcmtk <unfixed>
+	[trixie] - dcmtk <no-dsa> (Minor issue)
+	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1183
 	NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030 (DCMTK-3.7.0)
 CVE-2025-14837 (A vulnerability has been found in ZZCMS 2025. Affected by this issue i ...)
@@ -17943,8 +17947,12 @@ CVE-2025-62777 (Use of Hard-Coded Credentials issue exists in MZK-DP300N version
 	NOT-FOR-US: MZK-DP300N
 CVE-2025-62725 (Docker Compose trusts the path information embedded in remote OCI comp ...)
 	- docker-compose <unfixed> (bug #1119298)
+	[trixie] - docker-compose <not-affected> (Vulnerable code introduced later)
+	[bookworm] - docker-compose <not-affected> (Vulnerable code introduced later)
 	[bullseye] - docker-compose <not-affected> (Vulnerable code was introduced later)
 	NOTE: https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q
+	NOTE: Introduced in: https://github.com/docker/compose/commit/66a47169d51ef4be5e230dda982661248b20f60a (v2.34.0)
+	NOTE: Introduced in: https://github.com/docker/compose/commit/840288895e673fcccd56a7830dee30d8a75523ef (v2.33.0)
 	NOTE: Fixed by: https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176 (v2.40.2)
 CVE-2025-62594 (ImageMagick is a software suite to create, edit, compose, or convert b ...)
 	- imagemagick 8:7.1.2.8+dfsg1-1 (bug #1119296)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1579c88e9639927587c527a99e22e2f0d0b65be7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1579c88e9639927587c527a99e22e2f0d0b65be7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/af9c4be9/attachment.htm>

More information about the debian-security-tracker-commits mailing list