[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 27 15:31:54 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
537cc7e3 by Moritz Muehlenhoff at 2025-06-27T16:31:38+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,6 +8,7 @@ CVE-2025-6751 (A vulnerability, which was classified as critical, was found in L
 	NOT-FOR-US: Linksys
 CVE-2025-6750 (A vulnerability, which was classified as problematic, has been found i ...)
 	- hdf5 <unfixed>
+	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5549
 CVE-2025-6749 (A vulnerability classified as critical was found in huija bicycleShari ...)
 	NOT-FOR-US: bicycleSharingServer
@@ -1006,8 +1007,9 @@ CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute she
 	NOTE: Not considered a security issue by upstream
 	NOTE: https://github.com/skraft9/clickhouse-security-research
 CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests containing SameS ...)
-	- xdg-utils <unfixed>
+	- xdg-utils <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/06/23/1
+	NOTE: Hardening/security enhancement, not a security issue in xdg-utils
 CVE-2025-52967 (gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path valida ...)
 	NOT-FOR-US: mlflow
 CVE-2025-52939 (Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src ...)
@@ -1807,11 +1809,13 @@ CVE-2025-6272 (A vulnerability has been found in wasm3 0.5.0 and classified as p
 CVE-2025-6271 (A vulnerability, which was classified as problematic, was found in swf ...)
 	- swftools <removed>
 CVE-2025-6270 (A vulnerability, which was classified as critical, has been found in H ...)
-	- hdf5 <unfixed> (bug #1108156)
+	- hdf5 <unfixed> (bug #1108156; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5580
+	NOTE: Negligible security impact
 CVE-2025-6269 (A vulnerability classified as critical was found in HDF5 up to 1.14.6. ...)
-	- hdf5 <unfixed> (bug #1108155)
+	- hdf5 <unfixed> (bug #1108155; unimportant)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5579
+	NOTE: Negligible security impact
 CVE-2025-6268 (A vulnerability classified as problematic has been found in Luna Imagi ...)
 	NOT-FOR-US: Luna Imaging
 CVE-2025-6267 (A vulnerability was found in zhilink \u667a\u4e92\u8054(\u6df1\u5733)\ ...)
@@ -3927,8 +3931,9 @@ CVE-2025-6177 (Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and
 CVE-2025-6172 (Permission vulnerability in the mobile application (com.afmobi.boompla ...)
 	NOT-FOR-US: TECNO Mobile
 CVE-2025-6170 (A flaw was found in the interactive shell of the xmllint command-line  ...)
-	- libxml2 <unfixed> (bug #1107938)
+	- libxml2 <unfixed> (bug #1107938; unimportant)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-6137 (A vulnerability classified as critical has been found in TOTOLINK T10  ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-6136 (A vulnerability was found in Projectworlds Life Insurance Management S ...)
@@ -4029,6 +4034,7 @@ CVE-2025-48988 (Allocation of Resources Without Limits or Throttling vulnerabili
 	NOTE: https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106)
 CVE-2025-48976 (Allocation of resources for multipart headers with insufficient limits ...)
 	- libcommons-fileupload-java <unfixed> (bug #1108120)
+	[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
 	- tomcat11 <unfixed> (bug #1108118)
 	- tomcat10 <unfixed> (bug #1108119)
 	- tomcat9 9.0.70-2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/537cc7e36bfc8cf50c2462bf47d12b3d0f61c3cc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/537cc7e36bfc8cf50c2462bf47d12b3d0f61c3cc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250627/8271ef46/attachment.htm>

More information about the debian-security-tracker-commits mailing list