[Git][security-tracker-team/security-tracker][master] Add CVE-2025-62875/opensmtpd
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 1 08:22:31 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ac7685a by Salvatore Bonaccorso at 2025-11-01T09:22:00+01:00
Add CVE-2025-62875/opensmtpd
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,12 @@
+CVE-2025-62875 [Denial-of-Service via UNIX Domain Socket]
+ - opensmtpd <unfixed>
+ [trixie] - opensmtpd <no-dsa> (Minor issue)
+ [bookworm] - opensmtpd <no-dsa> (Minor issue)
+ NOTE: https://www.openwall.com/lists/oss-security/2025/10/31/3
+ NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510 (7.8.0p0)
+ NOTE: 270e23a6eb upstream (7.7.0p0) made major changes to the message parsing code
+ NOTE: including the call to fatal(), but it is not excluded that earlier versions
+ NOTE: are affected by (a variant of this issue) as well.
CVE-2025-6990 (The kallyas theme for WordPress is vulnerable to Remote Code Execution ...)
NOT-FOR-US: WordPress plugin
CVE-2025-6988 (The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ac7685ac5f1191e7541aa258cfccf6085f48b6b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ac7685ac5f1191e7541aa258cfccf6085f48b6b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251101/c5f9ccf5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list