[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Fri Dec 19 10:54:34 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a517570 by Moritz Muehlenhoff at 2025-12-19T11:53:55+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -192,6 +192,8 @@ CVE-2025-11774 (Improper Neutralization of Special Elements used in an OS Comman
 	NOT-FOR-US: Mitsubishi
 CVE-2025-14876
 	- qemu <unfixed>
+	[trixie] - qemu <no-dsa> (Minor issue)
+	[bookworm] - qemu <no-dsa> (Minor issue)
 	NOTE: https://lore.kernel.org/qemu-devel/20251214090939.408436-1-zhenwei.pi@linux.dev/T/#u
 	NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/0e660a6f90abf8b517d7317595bcc8e8da31f2a1 (v7.1.0-rc0)
 CVE-2025-9787 (Zohocorp ManageEngine Applications Manager versions 177400 and below a ...)
@@ -340,6 +342,8 @@ CVE-2025-14877 (A vulnerability was identified in Campcodes Supplier Management
 	NOT-FOR-US: Campcodes
 CVE-2025-14874 (A flaw was found in Nodemailer. This vulnerability allows a denial of  ...)
 	- node-nodemailer <unfixed>
+	[trixie] - node-nodemailer <no-dsa> (Minor issue)
+	[bookworm] - node-nodemailer <no-dsa> (Minor issue)
 	NOTE: https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
 	NOTE: Fixed by: https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150 (v7.0.11)
 CVE-2025-14861 (Memory safety bugs present in Firefox 146. Some of these bugs showed e ...)
@@ -6819,6 +6823,7 @@ CVE-2025-12956 (A reflected Cross-site Scripting (XSS) vulnerability affecting E
 CVE-2025-59030 (An attacker can trigger the removal of cached records by sending a NOT ...)
 	{DSA-6077-1}
 	- pdns-recursor 5.3.3-1 (bug #1122197)
+	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html
 CVE-2025-59029 (An attacker can trigger an assertion failure by requesting crafted DNS ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,10 @@ netty
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
+php8.2/oldstable (jmm)
+--
+php8.4/stable (jmm)
+--
 php-laravel-framework/oldstable
 --
 python-django
@@ -59,7 +63,7 @@ python-urllib3
 --
 python-tornado
 --
-rails
+rails (jmm)
 --
 roundcube (carnil)
   Maintainer is taking care of preparing updates
@@ -82,6 +86,8 @@ tomcat10/oldstable (apo)
 --
 tomcat11/stable (apo)
 --
+usbmuxd (corsac)
+--
 wordpress/stable
   Utkarsh Gupta is preparing an update based on 6.8.3
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a517570bedaac79eafdd03c5f8c47ac81dfa63d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a517570bedaac79eafdd03c5f8c47ac81dfa63d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/cbb5e45f/attachment-0001.htm>
