[Git][security-tracker-team/security-tracker][master] 2 commits: erlang spu updated with a second CVE fix

Thu Jun 26 22:08:28 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77544f46 by Moritz Mühlenhoff at 2025-06-26T23:08:15+02:00
erlang spu updated with a second CVE fix

- - - - -
7849c17b by Moritz Mühlenhoff at 2025-06-26T23:08:15+02:00
icu DSA

- - - - -


4 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3877,6 +3877,7 @@ CVE-2025-5309 (The chat feature within Remote Support (RS) and Privileged Remote
 	NOT-FOR-US: BeyondTrust
 CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	- erlang <unfixed> (bug #1107939)
+	[bookworm] - erlang <no-dsa> (Minor issue, will be fixed via spu)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
 	NOTE: https://github.com/erlang/otp/pull/9941
 	NOTE: https://github.com/erlang/otp/commit/10608879c81332af2d3c00db61ee173c93c1ea4e (OTP-26.2.5.13, OTP-27.3.4.1)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jun 2025] DSA-5951-1 icu - security update
+	{CVE-2025-5222}
+	[bookworm] - icu 72.1-3+deb12u1
 [25 Jun 2025] DSA-5950-1 firefox-esr - security update
 	{CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430}
 	[bookworm] - firefox-esr 128.12.0esr-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -28,8 +28,6 @@ frr
 gh
   Santiago Vila might work on preparing an update
 --
-icu
---
 jpeg-xl
 --
 libreswan


=====================================
data/next-point-update.txt
=====================================
@@ -1,5 +1,7 @@
 CVE-2025-46712
 	[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
+CVE-2025-4748
+	[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
 CVE-2025-46397
 	[bookworm] - fig2dev 1:3.2.8b-3+deb12u2
 CVE-2025-46398



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/376e5925bc6e811c702d43dbe31dfc5114133ad1...7849c17bbd164daf2f5876192f75e39c3dee3053

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/376e5925bc6e811c702d43dbe31dfc5114133ad1...7849c17bbd164daf2f5876192f75e39c3dee3053
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/b517e546/attachment-0001.htm>
