[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE of devscripts as postponed for Bullseye

Wed Jul 23 23:04:39 BST 2025


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cac7b133 by Thorsten Alteholz at 2025-07-23T23:39:02+02:00
mark CVE of devscripts as postponed for Bullseye

- - - - -
0a470bf4 by Thorsten Alteholz at 2025-07-23T23:57:31+02:00
add goldendict

- - - - -
b338e2bb by Thorsten Alteholz at 2025-07-24T00:04:28+02:00
add node-form-data

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2626,6 +2626,7 @@ CVE-2024-26291 (An Unauthenticated Arbitrary File Read vulnerability affects the
 	NOT-FOR-US: Avid Nexis
 CVE-2025-XXXX [uscan must not skip OpenPGP check after failed check in previous run]
 	- devscripts <unfixed> (bug #1109251)
+	[bullseye] - devscripts <postponed> (Minor issue)
 CVE-2025-7620 (The cross-browser document creation component produced by Digitware Sy ...)
 	NOT-FOR-US: Digitware System
 CVE-2025-7619 (BatchSignCS, a background Windows application developed by WellChoose, ...)


=====================================
data/dla-needed.txt
=====================================
@@ -139,6 +139,11 @@ golang-golang-x-net
   NOTE: 20250502: NB. golang - will need to check and schedule binNMUs. (lamby)
   NOTE: 20250621: https://salsa.debian.org/go-team/packages/golang-golang-x-net/-/commits/debian/bullseye (ah)
 --
+goldendict
+  NOTE: 20250723: Added by Front-Desk (ta)
+  NOTE: 20250723: there is no upstream fix yet
+  NOTE: 20250723: package has been renamed to goldendict-ng
+--
 grub2
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: high-profile package but not enough details yet. (apo)
@@ -260,6 +265,9 @@ nextcloud-desktop
 node-axios
   NOTE: 20250308: Added by Front-Desk (rouca)
 --
+node-form-data
+  NOTE: 20250724: Added by Front-Desk (ta)
+--
 node-prismjs
   NOTE: 20250303: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ac865c4da4c58acefb473c9ca34c59e35d896833...b338e2bb588e498302ef59daace9b4179d011788

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ac865c4da4c58acefb473c9ca34c59e35d896833...b338e2bb588e498302ef59daace9b4179d011788
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/3611e245/attachment-0001.htm>
