[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 27 09:13:13 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7b8922ae by security tracker role at 2025-07-27T08:13:05+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2025-8225 (A vulnerability was found in GNU Binutils 2.44 and classified as probl ...)
+	TODO: check
+CVE-2025-8224 (A vulnerability has been found in GNU Binutils 2.44 and classified as  ...)
+	TODO: check
+CVE-2025-8223 (A vulnerability, which was classified as problematic, was found in jer ...)
+	TODO: check
+CVE-2025-8222 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-8221 (A vulnerability classified as problematic was found in jerryshensjf JP ...)
+	TODO: check
+CVE-2025-8220 (A vulnerability classified as critical has been found in Engeman Web u ...)
+	TODO: check
+CVE-2025-8219 (A vulnerability was found in Shanghai Lingdang Information Technology  ...)
+	TODO: check
+CVE-2025-8211 (A vulnerability was found in Roothub up to 2.6. It has been declared a ...)
+	TODO: check
+CVE-2025-8210 (A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Andro ...)
+	TODO: check
+CVE-2025-8104 (The Memory Usage plugin for WordPress is vulnerable to Cross-Site Requ ...)
+	TODO: check
+CVE-2025-6241 (LsiAgent.exe, a component of SysTrack from Lakeside Software, attempts ...)
+	TODO: check
+CVE-2025-5120 (A sandbox escape vulnerability was identified in huggingface/smolagent ...)
+	TODO: check
+CVE-2025-54597 (LinuxServer.io Heimdall before 2.7.3 allows XSS via the q parameter.)
+	TODO: check
 CVE-2025-8207 (A vulnerability was found in Canara ai1 Mobile Banking App 3.6.23 on A ...)
 	TODO: check
 CVE-2025-8206 (A vulnerability, which was classified as problematic, was found in Com ...)
@@ -1198,7 +1224,7 @@ CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond e
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
 	NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
 CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1209,7 +1235,7 @@ CVE-2025-8040 (Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
 CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12,  ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1220,7 +1246,7 @@ CVE-2025-8044 (Memory safety bugs present in Firefox 140 and Thunderbird 140. So
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
 CVE-2025-8033 (The JavaScript engine did not handle closed generators correctly and i ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1234,7 +1260,7 @@ CVE-2025-8038 (Thunderbird ignored paths when checking the validity of navigatio
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
 CVE-2025-8032 (XSLT document loading did not correctly propagate the source document  ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1242,7 +1268,7 @@ CVE-2025-8032 (XSLT document loading did not correctly propagate the source docu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
 CVE-2025-8031 (The `username:password` part was not correctly stripped from URLs in C ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1253,7 +1279,7 @@ CVE-2025-8043 (Focus incorrectly truncated URLs towards the beginning instead of
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
 CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1267,7 +1293,7 @@ CVE-2025-8036 (Thunderbird cached CORS preflight responses across IP address cha
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
 CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object` and `emb ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1281,7 +1307,7 @@ CVE-2025-8041
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
 CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries could le ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1289,7 +1315,7 @@ CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries cou
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
 CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit ret ...)
-	{DSA-5964-1 DLA-4250-1}
+	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -163516,7 +163542,7 @@ CVE-2023-38625 (A post-authenticated server-side request forgery (SSRF) vulnerab
 CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF) vulnerability  ...)
 	NOT-FOR-US: Trend Micro
 CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0, allows remo ...)
-	{DSA-5847-1}
+	{DSA-5847-1 DLA-4252-1}
 	- snapcast 0.30.0-1
 	NOTE: Introduced with: https://github.com/badaix/snapcast/commit/b26d8929505a30bb6177bd1b905f13eace1530dc (v0.16.0)
 	NOTE: Fixed by: https://github.com/badaix/snapcast/commit/9e6009cad0ef6e2e88f64a1b2504eb4749af287f (v0.30.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8922ae1a4ebb943de8d760c906d3c5aa5147ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8922ae1a4ebb943de8d760c906d3c5aa5147ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250727/eac87ca2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list