[Git][security-tracker-team/security-tracker][master] bookworm triage

Fri Jun 20 09:27:33 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
224e12c4 by Moritz Muehlenhoff at 2025-06-20T10:26:55+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1759,6 +1759,7 @@ CVE-2025-1562 (The Recover WooCommerce Cart Abandonment, Newsletter, Email Marke
 	NOT-FOR-US: WordPress plugin
 CVE-2025-48945
 	- pycares <unfixed>
+	[bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
 	NOTE: https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
 	NOTE: Fixed by: https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4 (v4.9.0)
 CVE-2025-6199 (A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW decoder. Wh ...)
@@ -2294,6 +2295,7 @@ CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory ('Pat
 	NOTE: https://github.com/erlang/otp/commit/10608879c81332af2d3c00db61ee173c93c1ea4e (OTP-26.2.5.13, OTP-27.3.4.1)
 CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse untrusted P ...)
 	- protobuf <unfixed> (bug #1108057)
+	[bookworm] - protobuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
 CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
 	- tomcat11 <unfixed>
@@ -43663,6 +43665,7 @@ CVE-2025-24811 (A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C
 	NOT-FOR-US: Siemens
 CVE-2025-24807 (eprosima Fast DDS is a C++ implementation of the DDS (Data Distributio ...)
 	- fastdds 3.1.2+ds-1 (bug #1095838)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983
 	NOTE: https://github.com/eProsima/Fast-DDS/pull/5530
 CVE-2025-24532 (A vulnerability has been identified in SCALANCE WAB762-1 (6GK5762-1AJ0 ...)
@@ -174828,10 +174831,11 @@ CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue
 CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...)
-	- libxslt <unfixed> (bug #1108074)
+	- libxslt <unfixed> (bug #1108074; unimportant)
 	NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d (v1.1.38)
 	NOTE: Backports: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94#note_1855467
+	NOTE: Hardening to improve ASLR, not a security issue by itself
 CVE-2023-40402 (A permissions issue was addressed with additional restrictions. This i ...)
 	NOT-FOR-US: Apple
 CVE-2023-40400 (This issue was addressed with improved checks. This issue is fixed in  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ gdk-pixbuf (jmm)
 gh
   Santiago Vila might work on preparing an update
 --
+icu
+--
 jpeg-xl
 --
 konsole (jmm)
@@ -73,9 +75,13 @@ sympa
 --
 tomcat10
 --
+trafficserver (jmm)
+--
 wordpress
 --
 xen
 --
+xorg-server
+--
 zabbix
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/224e12c4beeab2d5663ac624c76768762df77f09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/224e12c4beeab2d5663ac624c76768762df77f09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250620/69e95527/attachment-0001.htm>
