[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 24 12:27:17 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
59bf9c05 by Moritz Muehlenhoff at 2025-06-24T13:26:43+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -150,8 +150,9 @@ CVE-2025-6518 (A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It h
 CVE-2025-6517 (A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified ...)
 	NOT-FOR-US: Dromara MaxKey
 CVE-2025-6516 (A vulnerability has been found in HDF5 up to 1.14.6 and classified as  ...)
-	- hdf5 <unfixed>
+	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5581
+	NOTE: Negligible security impact
 CVE-2025-6513 (Standard Windows users can access the configuration file for database  ...)
 	NOT-FOR-US: Bizerba
 CVE-2025-6512 (On a client with a non-admin user, a script can be integrated into a r ...)
@@ -163,8 +164,9 @@ CVE-2025-6510 (A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It
 CVE-2025-6509 (A vulnerability was found in seaswalker spring-analysis up to 4379cce8 ...)
 	NOT-FOR-US: seaswalker spring-analysis
 CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute shell com ...)
-	- clickhouse <removed>
-	TODO: check details
+	- clickhouse <removed> (unimportant)
+	NOTE: Not considered a security issue by upstream
+	NOTE: https://github.com/skraft9/clickhouse-security-research
 CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests containing SameS ...)
 	- xdg-utils <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/23/1
@@ -428,6 +430,7 @@ CVE-2025-6393 (A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and
 	NOT-FOR-US: TOTOLINK
 CVE-2025-6375 (A vulnerability was found in poco up to 1.14.1. It has been rated as p ...)
 	- poco <unfixed> (bug #1108157)
+	[bookworm] - poco <no-dsa> (Minor issue)
 	NOTE: https://github.com/pocoproject/poco/issues/4915
 	NOTE: https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf (poco-1.14.2-release)
 CVE-2025-6374 (A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as ...)
@@ -788,6 +791,7 @@ CVE-2025-44635 (There are multiple unauthorized remote command execution vulnera
 	NOT-FOR-US: H3C
 CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose S ...)
 	- hoteldruid <unfixed> (bug #1108154)
+	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://github.com/IvanT7D3/CVE-2025-44203
 CVE-2025-3319 (IBM Spectrum Protect Server 8.1 through 8.1.26 could allow attacker to ...)
 	NOT-FOR-US: IBM
@@ -75259,12 +75263,14 @@ CVE-2024-50052 (Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <=
 CVE-2024-49769 (Waitress is a Web Server Gateway Interface server for Python 2 and 3.  ...)
 	{DLA-3955-1}
 	- waitress 3.0.1-1 (bug #1086468)
+	[bookworm] - waitress <no-dsa> (Minor issue)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
 	NOTE: https://github.com/Pylons/waitress/issues/418
 	NOTE: https://github.com/Pylons/waitress/pull/435
 	NOTE: Fixed by: https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c (v3.0.1)
 CVE-2024-49768 (Waitress is a Web Server Gateway Interface server for Python 2 and 3.  ...)
 	- waitress 3.0.1-1 (bug #1086467)
+	[bookworm] - waitress <no-dsa> (Minor issue)
 	[bullseye] - waitress <not-affected> (The vulnerable code was introduced in version 2.0)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
 	NOTE: Fixed by: https://github.com/Pylons/waitress/commit/6943dcf556610ece2ff3cddb39e59a05ef110661 (v3.0.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59bf9c050b532dac011cc53090620ac8d0c70ff4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59bf9c050b532dac011cc53090620ac8d0c70ff4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/d2185c97/attachment.htm>

More information about the debian-security-tracker-commits mailing list