[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 7 19:26:29 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cda35d46 by Moritz Mühlenhoff at 2025-06-07T20:25:48+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -846,7 +846,9 @@ CVE-2025-5690 (PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that
 	NOT-FOR-US: PostgreSQL Anonymizer
 CVE-2025-5683 (When loading a specifically crafted ICNS format image file in QImage t ...)
 	- qtimageformats-opensource-src 5.15.15-4 (bug #1107318)
+	[bookworm] - qtimageformats-opensource-src <no-dsa> (Minor issue)
 	- qt6-imageformats 6.8.2-4 (bug #1107317)
+	[bookworm] - qt6-imageformats <no-dsa> (Minor issue)
 	NOTE: https://codereview.qt-project.org/c/qt/qtimageformats/+/644548
 	NOTE: https://github.com/qt/qtimageformats/commit/efd332516f510144927121fa749ce819b82ec633
 CVE-2025-5646 (A vulnerability has been found in Radare2 5.9.9 and classified as prob ...)
@@ -977,6 +979,7 @@ CVE-2025-5602 (A vulnerability, which was classified as critical, was found in C
 CVE-2025-5601 (Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.1 ...)
 	[experimental] - wireshark 4.4.7-0exp1
 	- wireshark <unfixed>
+	[bookworm] - wireshark <no-dsa> (Minor issue)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-02.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20509
 CVE-2025-5600 (A vulnerability, which was classified as critical, has been found in T ...)
@@ -1683,6 +1686,7 @@ CVE-2025-37089 (A command injection remote code execution vulnerability exists i
 	NOT-FOR-US: HPE
 CVE-2025-29785 (quic-go is an implementation of the QUIC protocol in Go. The loss reco ...)
 	- golang-github-lucas-clemente-quic-go 0.50.1-1
+	[bookworm] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
 	NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-j972-j939-p2v3
 	NOTE: https://github.com/quic-go/quic-go/issues/4981
 	NOTE: Fixed by: https://github.com/quic-go/quic-go/commit/b90058aba5f65f48e0e150c89bbaa21a72dda4de (v0.50.1)
@@ -5780,10 +5784,12 @@ CVE-2025-37890 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/141d34391abbb315d68556b7c67ad97885407547 (6.15-rc5)
 CVE-2025-XXXX [Buffer overflow in range of chars in evaluated expressions]
 	- weechat 4.6.3-1 (bug #1104554)
+	[bookworm] - weechat <no-dsa> (Minor issue)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-7/
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/3db2f71112ea85fa88b57f2c91be66a91ad7c078 (v4.6.3)
 CVE-2025-XXXX [Buffer overflow in base 32 encoding in evaluated expressions]
 	- weechat 4.6.3-1 (bug #1104554)
+	[bookworm] - weechat <no-dsa> (Minor issue)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-6/
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/09917a807bcd71adf25e51f24200e7b7a5b8ff6f (v4.6.3)
 CVE-2025-XXXX [Buffer overflow in syntax highlighting of evaluated expressions]
@@ -5795,19 +5801,23 @@ CVE-2025-XXXX [Buffer overflow in syntax highlighting of evaluated expressions]
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/334f88ae2c5f221e63b163a3c3ad4c98e437be35 (v4.6.3)
 CVE-2025-XXXX [Buffer overflow in parsing of date/time]
 	- weechat 4.6.3-1 (bug #1104554)
+	[bookworm] - weechat <no-dsa> (Minor issue)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-4/
 	NOTE: Introduced with: https://github.com/weechat/weechat/commit/f6ba789c3d33bdc1bcc6c00e9660ffbd9f2ba514 (v4.2.0)
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/2e146456913b6bc21b65dc89c69bce17b83e6264 (v4.6.3)
 CVE-2025-XXXX [Integer overflow in conversion of version to an integer]
 	- weechat 4.6.3-1 (bug #1104554)
+	[bookworm] - weechat <no-dsa> (Minor issue)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-3/
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/5839df90e7d4f5680186c2d2993d5701115d8c78 (v4.6.3)
 CVE-2025-XXXX [Integer overflow in base32 decode/encode functions]
 	- weechat 4.6.3-1 (bug #1104554)
+	[bookworm] - weechat <no-dsa> (Minor issue)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-2/
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/60824530026d2461220fa7c7c99c0278665e2150 (v4.6.3)
 CVE-2025-XXXX [Integer overflow with decimal numbers in calculation of expression]
 	- weechat 4.6.3-1 (bug #1104554)
+	[bookworm] - weechat <no-dsa> (Minor issue)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-1/
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/d0568dce79c350a4c11609c66587bc3e4cc00eba (v4.6.3)
 CVE-2025-4759 (Versions of the package lockfile-lint-api before 5.9.2 are vulnerable  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ frr
 gh
   Santiago Vila might work on preparing an update
 --
+gst-plugins-bad1.0 (jmm)
+--
 jpeg-xl
 --
 libreswan



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cda35d46493130af61f78598089390a8bf3ea7f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cda35d46493130af61f78598089390a8bf3ea7f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250607/14b06f98/attachment.htm>

More information about the debian-security-tracker-commits mailing list