[Git][security-tracker-team/security-tracker][master] 5 commits: Triage CVE-2025-4673 in golang-1.15 bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Thu Jun 19 17:29:56 BST 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2d926bf6 by Chris Lamb at 2025-06-19T09:29:25-07:00
Triage CVE-2025-4673 in golang-1.15 bullseye LTS.
- - - - -
f4027c34 by Chris Lamb at 2025-06-19T09:29:27-07:00
Triage CVE-2025-6119 & CVE-2025-6120 in assimp for bullseye LTS.
- - - - -
29af0ad6 by Chris Lamb at 2025-06-19T09:29:28-07:00
Triage CVE-2025-6196 in libgepub for bullseye LTS.
- - - - -
b3e6c37c by Chris Lamb at 2025-06-19T09:29:30-07:00
Triage CVE-2025-6141 in ncurses for bullseye LTS.
- - - - -
cec12245 by Chris Lamb at 2025-06-19T09:29:31-07:00
Triage CVE-2025-6069 in python3.9 for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1600,6 +1600,7 @@ CVE-2025-6199 (A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW decode
CVE-2025-6196 (A flaw was found in libgepub, a library used to read EPUB files. The s ...)
- libgepub 0.7.3-1
[bookworm] - libgepub <no-dsa> (Minor issue)
+ [bullseye] - libgepub <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libgepub/-/issues/18
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c (0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complexity w ...)
@@ -1608,6 +1609,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complex
- python3.11 <removed>
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
+ [bullseye] - python3.9 <postponed> (Minor issue; can be fixed in next update)
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- jython <unfixed>
@@ -1964,6 +1966,7 @@ CVE-2025-6142 (A vulnerability was found in Intera InHire up to 20250530. It has
CVE-2025-6141 (A vulnerability has been found in GNU ncurses up to 6.5-20250322 and c ...)
- ncurses <unfixed> (bug #1107937)
[bookworm] - ncurses <no-dsa> (Minor issue)
+ [bullseye] - ncurses <postponed> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20250329
@@ -2085,11 +2088,13 @@ CVE-2025-6120 (A vulnerability classified as critical was found in Open Asset Im
- assimp <unfixed> (bug #1107936)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6220
CVE-2025-6119 (A vulnerability classified as critical has been found in Open Asset Im ...)
- assimp <unfixed> (bug #1107935)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6219
CVE-2025-6118 (A vulnerability was found in Das Parking Management System \u505c\u8f6 ...)
NOT-FOR-US: Das Parking Management System
@@ -5162,6 +5167,7 @@ CVE-2025-4673 (Proxy-Authorization and Proxy-Authenticate headers persisted on c
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
+ [bullseye] - golang-1.15 <postponed> (Limited support, minor issue)
NOTE: https://github.com/golang/go/issues/73816
NOTE: Fixed by: https://github.com/golang/go/commit/85897ca220a149333a88b1e4d63f3b751f1141f5 (go1.24.4)
NOTE: Fixed by: https://github.com/golang/go/commit/b897e97c36cb62629a458bc681723ca733404e32 (go1.23.10)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e023ff2c0af85360ec9f77a8d7fdd70c2c1fb11...cec122451c9163867bc194cae2c290fd5c0ea182
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e023ff2c0af85360ec9f77a8d7fdd70c2c1fb11...cec122451c9163867bc194cae2c290fd5c0ea182
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250619/02212e96/attachment.htm>
More information about the debian-security-tracker-commits
mailing list