[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Dec 27 14:25:31 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3566b4b2 by Moritz Mühlenhoff at 2025-12-27T15:25:05+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2350,6 +2350,8 @@ CVE-2025-68614 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network mon
 	NOT-FOR-US: LibreNMS
 CVE-2025-68480 (Marshmallow is a lightweight library for converting complex objects to ...)
 	- python-marshmallow <unfixed> (bug #1123888)
+	[trixie] - python-marshmallow <no-dsa> (Minor issue)
+	[bookworm] - python-marshmallow <no-dsa> (Minor issue)
 	NOTE: https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5
 	NOTE: https://github.com/marshmallow-code/marshmallow/commit/218d98a785d3bd25dad8880bb07e9cce70340f31 (4.1.2)
 	NOTE: https://github.com/marshmallow-code/marshmallow/commit/70141f4180fb94ced3544cdefdaff89172dd3956 (4.1.2)
@@ -2935,6 +2937,8 @@ CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to 5
 	NOT-FOR-US: Weblate
 CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...)
 	- apache-log4j2 <unfixed> (bug #1123744)
+	[trixie] - apache-log4j2 <no-dsa> (Minor issue)
+	[bookworm] - apache-log4j2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/apache/logging-log4j2/pull/4002
 	NOTE: https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx
 CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before 2025-11-15 a ...)
@@ -3827,10 +3831,9 @@ CVE-2025-53430 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2025-53429 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53000 (The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to v ...)
-	- nbconvert <unfixed>
+	- nbconvert <not-affected> (Windows-specific)
 	NOTE: https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports/
 	NOTE: https://github.com/jupyter/nbconvert/issues/2258
-	TODO: check, might only have a security impact on Windows
 CVE-2025-52768 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52745 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3566b4b2fcd220a2cd4b347bb2fe17da34e41be3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3566b4b2fcd220a2cd4b347bb2fe17da34e41be3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251227/049577b2/attachment.htm>

More information about the debian-security-tracker-commits mailing list