[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jul 15 13:53:41 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
662629f7 by Moritz Muehlenhoff at 2025-07-15T14:53:11+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2025-53640 (Indico is an event management system that uses Flask-Multipass,
CVE-2025-3621 (Vulnerabilities* in ActADUR local server product, developed and mainta ...)
NOT-FOR-US: ActADUR
CVE-2025-53643 (AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...)
- - python-aiohttp <unfixed>
+ - python-aiohttp <unfixed> (bug #1109336)
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
NOTE: https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a (v3.12.14)
CVE-2025-7628 (A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fb ...)
@@ -132,29 +132,29 @@ CVE-2025-7588 (A vulnerability classified as critical has been found in PHPGuruk
CVE-2025-7587 (A vulnerability was found in code-projects Online Appointment Booking ...)
NOT-FOR-US: code-projects
CVE-2025-7519 (A flaw was found in polkit. When processing an XML policy with 32 or m ...)
- - policykit-1 <unfixed>
+ - policykit-1 <unfixed> (bug #1109334)
[bookworm] - policykit-1 <no-dsa> (Minor issue; need high privilege account to place malicious policy file)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379675
NOTE: Fixed by: https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245
CVE-2025-53689 (Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabbit-cor ...)
- - jackrabbit <unfixed>
+ - jackrabbit <unfixed> (bug #1109335)
NOTE: https://lists.apache.org/thread/5pf9n76ny13pzzk765og2h3gxdxw7p24
CVE-2025-53639 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
NOT-FOR-US: MeterSphere
CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make jobs ...)
NOT-FOR-US: Shopify extension
CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
NOTE: https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 (7.1.2-0)
CVE-2025-53019 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc
CVE-2025-53015 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
CVE-2025-53014 (ImageMagick is free and open-source software used for editing and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
CVE-2025-52363 (Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root password h ...)
NOT-FOR-US: Tenda
@@ -512,7 +512,7 @@ CVE-2025-53871
CVE-2025-53636 (Open OnDemand is an open-source HPC portal. Users can flood logs by in ...)
NOT-FOR-US: Open OnDemand
CVE-2025-24294 (The attack vector is a potential Denial of Service (DoS). The vulnerab ...)
- - ruby3.3 <unfixed>
+ - ruby3.3 <unfixed> (bug #1109337)
- ruby3.1 <removed>
- ruby2.7 <removed>
NOTE: https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
@@ -844,11 +844,11 @@ CVE-2025-53630 (llama.cpp is an inference of several LLM models in C/C++. Intege
NOTE: https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8
NOTE: Fixed by: https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579 (b5854)
CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
- - cpp-httplib <unfixed>
+ - cpp-httplib <unfixed> (bug #1109340)
NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w
NOTE: https://github.com/yhirose/cpp-httplib/commit/17ba303889b8d4d719be3879a70639ab653efb99 (v0.23.0)
CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
- - cpp-httplib <unfixed>
+ - cpp-httplib <unfixed> (bug #1109340)
NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw
NOTE: https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e (v0.20.1)
CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI. The expr ...)
@@ -1613,7 +1613,7 @@ CVE-2025-7209 (A vulnerability has been found in 9fans plan9port up to 9da5b44 a
CVE-2025-7208 (A vulnerability was found in 9fans plan9port up to 9da5b44. It has bee ...)
NOT-FOR-US: plan9port
CVE-2025-7207 (A vulnerability, which was classified as problematic, was found in mru ...)
- - mruby <unfixed>
+ - mruby <unfixed> (bug #1109338)
[bookworm] - mruby <no-dsa> (Minor issue)
[bullseye] - mruby <postponed> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/6509
@@ -4802,11 +4802,11 @@ CVE-2025-53076 (Improper Input Validation vulnerability in Samsung Open Source r
NOTE: Introduces with: https://github.com/Samsung/rlottie/commit/ee18d81c463df64052de3680366971cfdb179f4a
NOTE: Fxied by: https://github.com/Samsung/rlottie/commit/36ddb42d78d1b13c1b1d7e1699aef8a9f339ab6f
CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source rLottie ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1109341)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1109341)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-46014 (Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 ...)
@@ -4832,7 +4832,7 @@ CVE-2025-38087 (In the Linux kernel, the following vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b160766e26d4e2e2d6fe2294e0b02f92baefcec5 (6.16-rc3)
CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie allows Rem ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1109341)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2015-20112 (RLPx 5 has two CTR streams based on the same key, IV, and nonce. This ...)
@@ -5576,10 +5576,9 @@ CVE-2025-52902 (File Browser provides a file managing interface within a specifi
CVE-2025-52900 (File Browser provides a file managing interface within a specified dir ...)
NOT-FOR-US: filebrowser
CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
- - cpp-httplib <unfixed>
+ - cpp-httplib <unfixed> (bug #1109340)
NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjhg-gf59-p92h
NOTE: https://github.com/yhirose/cpp-httplib/commit/28dcf379e82a2cdb544d812696a7fd46067eb7f9 (v0.22.0)
- TODO: double check if only affects 0.21.0 version
CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protoc ...)
NOT-FOR-US: iOS Simulator MCP Server (ios-simulator-mcp)
CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token Service (STS) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/662629f7c7fb32e7e7774ab482529e0817acafac
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/662629f7c7fb32e7e7774ab482529e0817acafac
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250715/4167fd97/attachment.htm>
More information about the debian-security-tracker-commits
mailing list