[Git][security-tracker-team/security-tracker][master] bookworm triage

Thu Jun 12 22:19:54 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52da126b by Moritz Muehlenhoff at 2025-06-12T23:19:43+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -261,9 +261,12 @@ CVE-2025-0163 (IBM Security Verify Access Appliance and Docker 10.0 through 10.0
 	NOT-FOR-US: IBM
 CVE-2025-5991 (There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandle ...)
 	- qt6-base <unfixed>
+	[bookworm] - qt6-base <no-dsa> (Minor issue)
 	- qtbase-opensource-src <unfixed>
-	- qtbase-opensource-src-gles <unfixed>
+	[bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+	- qtbase-opensource-src-gles <unfixed> (unimportant)
 	NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/643777
+	NOTE: The -gles package doesn't build the HTTP2 code, only included in the source package
 CVE-2025-5985 (A vulnerability was found in code-projects School Fees Payment System  ...)
 	NOT-FOR-US: code-projects
 CVE-2025-5984 (A vulnerability has been found in SourceCodester Online Student Cleara ...)
@@ -1399,6 +1402,7 @@ CVE-2025-5890 (A vulnerability classified as problematic has been found in actio
 	NOT-FOR-US: Node @actions/*
 CVE-2025-5889 (A vulnerability was found in juliangruber brace-expansion up to 1.1.11 ...)
 	- node-brace-expansion 2.0.1+~1.1.0-2 (bug #1107695)
+	[bookworm] - node-brace-expansion <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466
 	NOTE: https://github.com/juliangruber/brace-expansion/pull/65
 	NOTE: https://github.com/juliangruber/brace-expansion/commit/0b6a9781e18e9d2769bb2931f4856d1360243ed2 (v1.1.12)
@@ -3441,6 +3445,7 @@ CVE-2025-48494 (Gokapi is a self-hosted file sharing server with automatic expir
 CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions prior to  ...)
 	{DLA-4214-1}
 	- node-tar-fs 3.0.9+~cs2.0.4-1
+	[bookworm] - node-tar-fs <no-dsa> (Minor issue)
 	NOTE: https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v
 	NOTE: Fixed by: https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f (v3.0.9)
 CVE-2025-47585 (Missing Authorization vulnerability in Mage people team Booking and Re ...)
@@ -11703,6 +11708,7 @@ CVE-2025-46813 (Discourse is an open-source community platform. A data leak vuln
 	NOT-FOR-US: Discourse
 CVE-2025-46734 (league/commonmark is a PHP Markdown parser. A cross-site scripting (XS ...)
 	- php-league-commonmark 2.7.0-1
+	[bookworm] - php-league-commonmark <no-dsa> (Minor issue)
 	NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-3527-qv2q-pfvx
 	NOTE: https://github.com/thephpleague/commonmark/commit/f0d626cf05ad3e99e6db26ebcb9091b6cd1cd89b (2.7.0)
 CVE-2025-46731 (Craft is a content management system. Versions of Craft CMS on the 4.x ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52da126bceffdaa278e401b0687a688d687e0005

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52da126bceffdaa278e401b0687a688d687e0005
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/ede84efe/attachment.htm>
