[Git][security-tracker-team/security-tracker][master] 4 commits: lts: CVE-2025-41066/php-horde-groupware no-dsa

Thu Dec 18 17:22:18 GMT 2025


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a6711d0 by Emilio Pozuelo Monfort at 2025-12-18T18:22:00+01:00
lts: CVE-2025-41066/php-horde-groupware no-dsa

- - - - -
b84ee9bb by Emilio Pozuelo Monfort at 2025-12-18T18:22:02+01:00
lts: mark CVE-2025-68463/python-biopython as no-dsa

- - - - -
e0691f61 by Emilio Pozuelo Monfort at 2025-12-18T18:22:03+01:00
lts: triage ckermit issue as postponed

- - - - -
25ca4187 by Emilio Pozuelo Monfort at 2025-12-18T18:22:04+01:00
lts: lz4-java issues no-dsa on bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,6 +18,7 @@ CVE-2025-68463 (Bio.Entrez in Biopython through 186 allows doctype XXE.)
 	- python-biopython <unfixed>
 	[trixie] - python-biopython <no-dsa> (Minor issue)
 	[bookworm] - python-biopython <no-dsa> (Minor issue)
+	[bullseye] - python-biopython <no-dsa> (Minor issue)
 	NOTE: https://github.com/biopython/biopython/issues/5109
 CVE-2025-68459 (RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Rui ...)
 	NOT-FOR-US: RG - AP180, Indoor Wall Plate Wireless AP AP180 series
@@ -2125,6 +2126,7 @@ CVE-2025-XXXX [Malicious remote can overwrite and exfiltrate local files]
 	- ckermit 416~beta12-5 (bug #1123025)
 	[trixie] - ckermit <no-dsa> (Minor issue; documented; can be fixed via point release)
 	[bookworm] - ckermit <no-dsa> (Minor issue; documented; can be fixed via point release)
+	[bullseye] - ckermit <postponed> (Minor issue; documented)
 CVE-2025-67809 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-66963 (An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obt ...)
@@ -7033,6 +7035,7 @@ CVE-2025-66566 (yawkat LZ4 Java provides LZ4 compression for Java. Insufficient
 	- lz4-java <unfixed> (bug #1122026)
 	[trixie] - lz4-java <no-dsa> (Minor issue)
 	[bookworm] - lz4-java <no-dsa> (Minor issue)
+	[bullseye] - lz4-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q
 	NOTE: Fixed by: https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840 (v1.10.1)
 CVE-2025-66562 (TUUI is a desktop MCP client designed as a tool unitary utility integr ...)
@@ -8295,6 +8298,7 @@ CVE-2025-41086 (Vulnerability in the access control system of the GAMS licensing
 CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability that allo ...)
 	- php-horde-groupware <unfixed> (bug #1123000)
 	[bookworm] - php-horde-groupware <no-dsa> (Minor issue)
+	[bullseye] - php-horde-groupware <no-dsa> (Minor issue)
 	NOTE: https://www.incibe.es/en/incibe-cert/notices/aviso/disclosure-sensitive-information-horde-groupware
 CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This ...)
 	NOT-FOR-US: TCMAN GIM
@@ -9009,6 +9013,7 @@ CVE-2025-12183 (Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and ea
 	- lz4-java <unfixed> (bug #1122026)
 	[trixie] - lz4-java <no-dsa> (Minor issue)
 	[bookworm] - lz4-java <no-dsa> (Minor issue)
+	[bullseye] - lz4-java <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/12/01/5
 	NOTE: Releases 1.8.1, 1.9.0, and 1.10.0 of yawkat LZ4 Java contain multiple sparsely
 	NOTE: documented patches to address this CVE.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00ccf65260d0d149db82d69e3eae4fd383404223...25ca41875ddb729392726025d54345c438308fc0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00ccf65260d0d149db82d69e3eae4fd383404223...25ca41875ddb729392726025d54345c438308fc0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/24e2785d/attachment-0001.htm>
