[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 27 21:12:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82459c9d by security tracker role at 2025-07-27T20:12:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2025-8240 (A vulnerability, which was classified as critical, has been found in c ...)
+	TODO: check
+CVE-2025-8239 (A vulnerability classified as critical was found in code-projects Exam ...)
+	TODO: check
+CVE-2025-8238 (A vulnerability classified as critical has been found in code-projects ...)
+	TODO: check
+CVE-2025-8237 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
+	TODO: check
+CVE-2025-8236 (A vulnerability was found in code-projects Online Ordering System 1.0. ...)
+	TODO: check
+CVE-2025-8235 (A vulnerability was found in code-projects Online Ordering System 1.0. ...)
+	TODO: check
+CVE-2025-8234 (A vulnerability was found in code-projects Online Ordering System 1.0  ...)
+	TODO: check
+CVE-2025-8233 (A vulnerability has been found in code-projects Online Ordering System ...)
+	TODO: check
+CVE-2025-8232 (A vulnerability, which was classified as critical, was found in code-p ...)
+	TODO: check
+CVE-2025-8231 (A vulnerability, which was classified as critical, has been found in D ...)
+	TODO: check
+CVE-2025-8230 (A vulnerability classified as critical was found in Campcodes Courier  ...)
+	TODO: check
+CVE-2025-8229 (A vulnerability classified as critical has been found in Campcodes Cou ...)
+	TODO: check
+CVE-2025-8228 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has  ...)
+	TODO: check
+CVE-2025-8227 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has  ...)
+	TODO: check
+CVE-2025-8226 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has  ...)
+	TODO: check
+CVE-2024-58263 (The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows  ...)
+	TODO: check
+CVE-2024-58262 (The curve25519-dalek crate before 4.1.3 for Rust has a constant-time o ...)
+	TODO: check
+CVE-2024-58261 (The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infi ...)
+	TODO: check
 CVE-2025-8225 (A vulnerability was found in GNU Binutils 2.44 and classified as probl ...)
 	- binutils <unfixed> (unimportant)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
@@ -1230,7 +1266,7 @@ CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond e
 	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
 	NOTE: Fixed by: https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
 CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128. ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1241,7 +1277,7 @@ CVE-2025-8040 (Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
 CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12,  ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1252,7 +1288,7 @@ CVE-2025-8044 (Memory safety bugs present in Firefox 140 and Thunderbird 140. So
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
 CVE-2025-8033 (The JavaScript engine did not handle closed generators correctly and i ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1266,7 +1302,7 @@ CVE-2025-8038 (Thunderbird ignored paths when checking the validity of navigatio
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
 CVE-2025-8032 (XSLT document loading did not correctly propagate the source document  ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1274,7 +1310,7 @@ CVE-2025-8032 (XSLT document loading did not correctly propagate the source docu
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
 CVE-2025-8031 (The `username:password` part was not correctly stripped from URLs in C ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1285,7 +1321,7 @@ CVE-2025-8043 (Focus incorrectly truncated URLs towards the beginning instead of
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
 CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature could po ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1299,7 +1335,7 @@ CVE-2025-8036 (Thunderbird cached CORS preflight responses across IP address cha
 	- firefox 141.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
 CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object` and `emb ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1313,7 +1349,7 @@ CVE-2025-8041
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
 CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries could le ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -1321,7 +1357,7 @@ CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries cou
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
 CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit ret ...)
-	{DSA-5964-1 DLA-4253-1 DLA-4250-1}
+	{DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
 	- firefox 141.0-1
 	- firefox-esr 128.13.0esr-1
 	- thunderbird 1:128.13.0esr-1
@@ -6677,18 +6713,21 @@ CVE-2025-49087 (In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepan
 	[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md
 CVE-2025-6491 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
+	{DLA-4254-1}
 	- php8.4 8.4.10-1
 	- php8.2 <removed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x
 	NOTE: Fixed by: https://github.com/php/php-src/commit/9cb3d8d200f0c822b17bda35a2a67a97b039d3e1 (php-8.1.33)
 CVE-2025-1220 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
+	{DLA-4254-1}
 	- php8.4 8.4.10-1
 	- php8.2 <removed>
 	- php7.4 <removed>
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r
 	NOTE: Fixed by: https://github.com/php/php-src/commit/cac8f7f1cf4939f55f06b68120040f057682d89c (php-8.1.33)
 CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
+	{DLA-4254-1}
 	- php8.4 8.4.10-1
 	- php8.2 <removed>
 	- php7.4 <removed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82459c9d07863ae0d50752951ecea5d8a2c74093

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82459c9d07863ae0d50752951ecea5d8a2c74093
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250727/082b5c83/attachment.htm>

More information about the debian-security-tracker-commits mailing list