[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Nov 2 08:13:00 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4c0ddf0e by security tracker role at 2025-11-02T08:12:52+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-12593 (A vulnerability was identified in code-projects Simple Online Hotel Re ...)
+ TODO: check
CVE-2025-36367 (IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalatio ...)
NOT-FOR-US: IBM
CVE-2025-12603 (/etc/timezone can be Arbitrarily Written.This issue affects BLU-IC2: t ...)
@@ -6859,6 +6861,7 @@ CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID Connec
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
NOTE: https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e (v1.6.5)
CVE-2025-61919 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
+ {DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117856)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-6xw4-3v39-52mm
NOTE: https://github.com/rack/rack/commit/e179614c4a653283286f5f046428cbb85f21146f (v3.2.3)
@@ -6883,6 +6886,7 @@ CVE-2025-61857 (An out-of-bounds write vulnerability exists in VS6ComFile!CItemE
CVE-2025-61856 (A stack-based buffer overflow vulnerability exists in VS6ComFile!CV7Ba ...)
NOT-FOR-US: FUJI
CVE-2025-61780 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
+ {DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117855)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557
NOTE: https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784 (v3.2.3)
@@ -8189,18 +8193,21 @@ CVE-2025-11458
- chromium 141.0.7390.65-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-61772 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
+ {DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117627)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-wpv5-97wm-hp9c
NOTE: Fixed by: https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e (v3.2.2)
NOTE: Fixed by: https://github.com/rack/rack/commit/e08f78c656c9394d6737c022bde087e0f33336fd (v3.1.17)
NOTE: Fixed by: https://github.com/rack/rack/commit/d869fed663b113b95a74ad53e1b5cae6ab31f29e (v2.2.19)
CVE-2025-61771 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
+ {DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117628)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-w9pc-fmgc-vxvw
NOTE: Fixed by: https://github.com/rack/rack/commit/3beacfcd494ec5600c9022d561cfa2f556a524d1 (v3.2.2)
NOTE: Fixed by: https://github.com/rack/rack/commit/f224f93bb3f16e9b968493fbd7bac751e66d2fdc (v3.1.17)
NOTE: Fixed by: https://github.com/rack/rack/commit/c370dcd9405a6799763b70a83f06ae2d1aaa0e87 (v2.2.19)
CVE-2025-61770 (Rack is a modular Ruby web server interface. In versions prior to 2.2. ...)
+ {DLA-4357-1}
- ruby-rack 3.1.18-1 (bug #1117627)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-p543-xpfm-54cp
NOTE: Fixed by: https://github.com/rack/rack/commit/589127f4ac8b5cf11cf88fb0cd116ffed4d2181e (v3.2.2)
@@ -12907,6 +12914,7 @@ CVE-2025-59832 (Horilla is a free and open source Human Resource Management Syst
CVE-2025-59831 (git-commiters is a Node.js function module providing committers stats ...)
NOT-FOR-US: git-commiters Node.js module
CVE-2025-59830 (Rack is a modular Ruby web server interface. Prior to version 2.2.18, ...)
+ {DLA-4357-1}
- ruby-rack 3.0.8-2 (bug #1116431)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm
NOTE: Fixed by: https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71 (v2.2.18)
@@ -57954,6 +57962,7 @@ CVE-2025-46826 (insa-auth is an authentication server for INSA Rouen. A minor is
CVE-2025-46821 (Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1 ...)
- envoyproxy <itp> (bug #987544)
CVE-2025-46727 (Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...)
+ {DLA-4357-1}
- ruby-rack 3.1.16-0.1 (bug #1104927)
NOTE: https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
NOTE: Fixed by: https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74 (v3.1.14)
@@ -57992,6 +58001,7 @@ CVE-2025-46336 (Rack::Session is a session management implementation for Rack. I
NOTE: https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
NOTE: Fixed by: https://github.com/rack/rack-session/commit/c58ad7952cc7d0649f0ea9c78d55049739c49e5a (v2.1.1)
CVE-2025-32441 (Rack is a modular Ruby web server interface. Prior to version 2.2.14, ...)
+ {DLA-4357-1}
- ruby-rack 3.0.8-2
NOTE: https://github.com/rack/rack/security/advisories/GHSA-vpfw-47h7-xj4g
NOTE: Fixed by: https://github.com/rack/rack/commit/c48e52f7c57e99e1e1bf54c8760d4f082cd1c89d (2.2.14)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c0ddf0eee74455df6adf14f3aa1deb2703f8d25
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c0ddf0eee74455df6adf14f3aa1deb2703f8d25
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251102/b27bef92/attachment.htm>
More information about the debian-security-tracker-commits
mailing list