[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Dec 21 20:23:44 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7bcbf7ec by security tracker role at 2025-12-21T20:13:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-14995 (A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected ...)
+	TODO: check
 CVE-2025-9343 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin for Wor ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-68644 (Yealink RPS before 2025-06-27 allows unauthorized access to informatio ...)
@@ -1623,18 +1625,21 @@ CVE-2025-11009 (Cleartext Storage of Sensitive Information vulnerability in Mits
 CVE-2025-0852
 	REJECTED
 CVE-2025-14180
+	{DSA-6088-1}
 	- php8.4 <unfixed> (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj
 	NOTE: Fixed by: https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 (php-8.4.16)
 CVE-2025-14178
+	{DSA-6088-1}
 	- php8.4 <unfixed> (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
 	NOTE: Fixed by: https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8 (php-8.4.16)
 CVE-2025-14177
+	{DSA-6088-1}
 	- php8.4 <unfixed> (bug #1123574)
 	- php8.2 <removed>
 	- php7.4 <removed>
@@ -1647,9 +1652,11 @@ CVE-2025-68462 (Freedombox before 25.17.1 does not set proper permissions for th
 	NOTE: Fixed by: https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229 (v25.17.1)
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2554 (not public)
 CVE-2025-14766 (Out of bounds read and write in V8 in Google Chrome prior to 143.0.749 ...)
+	{DSA-6089-1}
 	- chromium 143.0.7499.169-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-14765 (Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allo ...)
+	{DSA-6089-1}
 	- chromium 143.0.7499.169-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-9460 (A maliciously crafted SLDPRT file, when parsed through certain Autodes ...)
@@ -30864,7 +30871,7 @@ CVE-2025-59534 (CryptoLib provides a software-only solution using the CCSDS Spac
 CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was discovered in ...)
 	NOT-FOR-US: Click Plus PLC
 CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	{DSA-6075-1 DLA-4358-1}
+	{DSA-6091-1 DSA-6075-1 DLA-4358-1}
 	- wordpress 6.8.3+dfsg1-1 (bug #1117047)
 	NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -30877,7 +30884,7 @@ CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks proper validation of the user-
 CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data vulnerability in Wor ...)
-	{DSA-6075-1 DLA-4358-1}
+	{DSA-6091-1 DSA-6075-1 DLA-4358-1}
 	- wordpress 6.8.3+dfsg1-1 (bug #1117047)
 	NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 	NOTE: https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -35083,6 +35090,7 @@ CVE-2025-10477 (A vulnerability was identified in kidaze CourseSelectionSystem u
 CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
 	NOT-FOR-US: Vega Master
 CVE-2025-24293
+	{DSA-6090-1 DLA-4416-1}
 	- rails 2:7.2.2.2+dfsg-1
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
 	NOTE: https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce (v8.0.2.1)
@@ -46230,6 +46238,7 @@ CVE-2025-55196 (External Secrets Operator is a Kubernetes operator that integrat
 CVE-2025-55194 (Part-DB is an open source inventory management system for electronic c ...)
 	NOT-FOR-US: Part-DB
 CVE-2025-55193 (Active Record connects classes to relational database tables. Prior to ...)
+	{DSA-6090-1 DLA-4416-1}
 	- rails 2:7.2.2.2+dfsg-1 (bug #1111106)
 	NOTE: https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
 	NOTE: https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 (v7.1.5.2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bcbf7eced46c78f597d5fb85fbb63091963891a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bcbf7eced46c78f597d5fb85fbb63091963891a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251221/9b9af849/attachment.htm>

More information about the debian-security-tracker-commits mailing list