[Git][security-tracker-team/security-tracker][master] 10 commits: CVE-2025-34457,direwolf: bullseye is postponed

Markus Koschany (@apo) apo at debian.org
Mon Dec 29 06:54:06 GMT 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ba50d8e4 by Markus Koschany at 2025-12-29T07:34:52+01:00
CVE-2025-34457,direwolf: bullseye is postponed

Minor issue

- - - - -
091f222e by Markus Koschany at 2025-12-29T07:41:14+01:00
CVE-2025-66034,fonttools: bullseye is postponed

Minor issue

- - - - -
8cfd8ed7 by Markus Koschany at 2025-12-29T07:42:50+01:00
CVE-2025-68462,freedombox: bullseye is postponed

Minor issue

- - - - -
dd96d49e by Markus Koschany at 2025-12-29T07:44:32+01:00
CVE-2025-50681,igmpproxy: bullseye is postponed

Minor issue

- - - - -
5aca2bbf by Markus Koschany at 2025-12-29T07:45:49+01:00
CVE-2025-14874,node-nodemailer: bullseye is postponed

Minor issue

- - - - -
79fe2c3b by Markus Koschany at 2025-12-29T07:47:43+01:00
CVE-2025-34451,proxychains-ng: bullseye is postponed

Minor issue

- - - - -
20655fdb by Markus Koschany at 2025-12-29T07:48:51+01:00
CVE-2025-68480,python-marshmallow: bullseye is postponed

Minor issue

- - - - -
86d9f941 by Markus Koschany at 2025-12-29T07:50:38+01:00
CVE-2025-14308,CVE-2025-14307,CVE-2025-14306,robocode: bullseye is ignored

Java game. Minor issues.

- - - - -
50161d27 by Markus Koschany at 2025-12-29T07:51:40+01:00
CVE-2025-34450,rtl-433: bullseye is postponed

Minor issue

- - - - -
27ef1d7d by Markus Koschany at 2025-12-29T07:53:19+01:00
CVE-2025-68696,ruby-httparty: bullseye is postponed

Minor issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2017,6 +2017,7 @@ CVE-2025-68696 (httparty is an API tool. In versions 0.23.2 and prior, httparty
 	- ruby-httparty <unfixed> (bug #1123966)
 	[trixie] - ruby-httparty <no-dsa> (Minor issue)
 	[bookworm] - ruby-httparty <no-dsa> (Minor issue)
+	[bullseye] - ruby-httparty <postponed> (Minor issue)
 	NOTE: https://github.com/jnunemaker/httparty/security/advisories/GHSA-hm5p-x4rq-38w4
 	NOTE: Fixed by: https://github.com/jnunemaker/httparty/commit/0529bcd6309c9fd9bfdd50ae211843b10054c240
 CVE-2025-68695
@@ -2448,6 +2449,7 @@ CVE-2025-68480 (Marshmallow is a lightweight library for converting complex obje
 	- python-marshmallow <unfixed> (bug #1123888)
 	[trixie] - python-marshmallow <no-dsa> (Minor issue)
 	[bookworm] - python-marshmallow <no-dsa> (Minor issue)
+	[bullseye] - python-marshmallow <postponed> (Minor issue)
 	NOTE: https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5
 	NOTE: https://github.com/marshmallow-code/marshmallow/commit/218d98a785d3bd25dad8880bb07e9cce70340f31 (4.1.2)
 	NOTE: https://github.com/marshmallow-code/marshmallow/commit/70141f4180fb94ced3544cdefdaff89172dd3956 (4.1.2)
@@ -2482,6 +2484,7 @@ CVE-2025-34457 (wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, pr
 	- direwolf 1.8.1+dfsg-2 (bug #1123925)
 	[trixie] - direwolf <no-dsa> (Minor issue)
 	[bookworm] - direwolf <no-dsa> (Minor issue)
+	[bullseye] - direwolf <postponed> (Minor issue)
 	NOTE: https://github.com/wb2osz/direwolf/issues/617
 	NOTE: Fixed by: https://github.com/wb2osz/direwolf/commit/694c95485b21c1c22bc4682703771dec4d7a374b (dev)
 CVE-2025-15034 (A security flaw has been discovered in itsourcecode Student Management ...)
@@ -2902,6 +2905,7 @@ CVE-2025-50681 (igmpproxy 0.4 before commit 2b30c36 allows remote attackers to c
 	- igmpproxy <unfixed> (bug #1123741)
 	[trixie] - igmpproxy <no-dsa> (Minor issue)
 	[bookworm] - igmpproxy <no-dsa> (Minor issue)
+	[bullseye] - igmpproxy <postponed> (Minor issue)
 	NOTE: https://github.com/pali/igmpproxy/issues/97
 	NOTE: Fixed by: https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
 CVE-2025-34433 (AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote ...)
@@ -3137,12 +3141,14 @@ CVE-2025-34451 (rofl0r/proxychains-ng versions up to and including 4.17 and prio
 	- proxychains-ng <unfixed> (bug #1123676)
 	[trixie] - proxychains-ng <no-dsa> (Minor issue)
 	[bookworm] - proxychains-ng <no-dsa> (Minor issue)
+	[bullseye] - proxychains-ng <postponed> (Minor issue)
 	NOTE: https://github.com/rofl0r/proxychains-ng/issues/606
 	NOTE: https://github.com/httpsgithu/proxychains-ng/commit/cc005b7132811c9149e77b5e33cff359fc95512e
 CVE-2025-34450 (merbanan/rtl_433 versions up to and including 25.02 and prior to commi ...)
 	- rtl-433 25.12-1
 	[trixie] - rtl-433 <no-dsa> (Minor issue)
 	[bookworm] - rtl-433 <no-dsa> (Minor issue)
+	[bullseye] - rtl-433 <postponed> (Minor issue)
 	NOTE: https://github.com/merbanan/rtl_433/issues/3375
 	NOTE: https://github.com/dd32/rtl_433/commit/25e47f8932f0401392ef1d3c8cc9ed5595bc894a
 CVE-2025-34449 (Genymobile/scrcpy versions up to and including 3.3.3, prior to commit  ...)
@@ -3358,6 +3364,7 @@ CVE-2025-14874 (A flaw was found in Nodemailer. This vulnerability allows a deni
 	- node-nodemailer <unfixed> (bug #1123669)
 	[trixie] - node-nodemailer <no-dsa> (Minor issue)
 	[bookworm] - node-nodemailer <no-dsa> (Minor issue)
+	[bullseye] - node-nodemailer <postponed> (Minor issue)
 	NOTE: https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
 	NOTE: Fixed by: https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150 (v7.0.11)
 CVE-2025-14861 (Memory safety bugs present in Firefox 146. Some of these bugs showed e ...)
@@ -4379,6 +4386,7 @@ CVE-2025-68462 (Freedombox before 25.17.1 does not set proper permissions for th
 	- freedombox 25.17.1
 	[trixie] - freedombox <no-dsa> (Minor issue)
 	[bookworm] - freedombox <no-dsa> (Minor issue)
+	[bullseye] - freedombox <postponed> (Minor issue)
 	NOTE: Fixed by: https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229 (v25.17.1)
 	NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2554 (not public)
 CVE-2025-14766 (Out of bounds read and write in V8 in Google Chrome prior to 143.0.749 ...)
@@ -8925,6 +8933,7 @@ CVE-2025-14308 (An integer overflow vulnerability exists in the write method of
 	- robocode <unfixed> (bug #1122289)
 	[trixie] - robocode <no-dsa> (Minor issue)
 	[bookworm] - robocode <no-dsa> (Minor issue)
+	[bullseye] - robocode <ignored> (Minor issue)
 	NOTE: https://github.com/robo-code/robocode/pull/70
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/5ca52e3af7e35cd0a7309d573595dcb78cce7fa7 (VER_1_9_5_6)
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/9f616173e5ed3b7b6c02c2b230b1014822bee363 (VER_1_9_5_6)
@@ -8933,6 +8942,7 @@ CVE-2025-14307 (An insecure temporary file creation vulnerability exists in the
 	- robocode <unfixed> (bug #1122289)
 	[trixie] - robocode <no-dsa> (Minor issue)
 	[bookworm] - robocode <no-dsa> (Minor issue)
+	[bullseye] - robocode <ignored> (Minor issue)
 	NOTE: https://github.com/robo-code/robocode/pull/68
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/964b10f74064d04a3ea05a52b74ed86f485a13d5 (VER_1_9_5_6)
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/1638298ac872d7a92daf02de758f35f8012eae96 (VER_1_9_5_6)
@@ -8940,6 +8950,7 @@ CVE-2025-14306 (A directory traversal vulnerability exists in the CacheCleaner c
 	- robocode <unfixed> (bug #1122289)
 	[trixie] - robocode <no-dsa> (Minor issue)
 	[bookworm] - robocode <no-dsa> (Minor issue)
+	[bullseye] - robocode <ignored> (Minor issue)
 	NOTE: https://github.com/robo-code/robocode/pull/67
 	NOTE: Fixed by: https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f (VER_1_9_5_6)
 CVE-2025-14286 (A vulnerability was determined in Tenda AC9 15.03.05.14_multi. Affecte ...)
@@ -12507,6 +12518,7 @@ CVE-2025-66034 (fontTools is a library for manipulating fonts, written in Python
 	- fonttools <unfixed> (bug #1121605)
 	[trixie] - fonttools <no-dsa> (Minor issue)
 	[bookworm] - fonttools <no-dsa> (Minor issue)
+	[bullseye] - fonttools <postponed> (Minor issue)
 	NOTE: https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv
 	NOTE: Fixed by: https://github.com/fonttools/fonttools/commit/a696d5ba93270d5954f98e7cab5ddca8a02c1e32 (4.61.0)
 CVE-2025-66027 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f263798604f726eedcc3731465a5b80442c64dde...27ef1d7dda3d31e3bb4bf7ae839ae4c4e3d01738

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f263798604f726eedcc3731465a5b80442c64dde...27ef1d7dda3d31e3bb4bf7ae839ae4c4e3d01738
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251229/ac3ff4ff/attachment.htm>

More information about the debian-security-tracker-commits mailing list