[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Nov 3 12:52:51 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c79722e4 by Moritz Muehlenhoff at 2025-11-03T13:10:47+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,13 +69,19 @@ CVE-2025-12599 (Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP
 	NOT-FOR-US: Azure Access Technology
 CVE-2025-45663 [Disclosure of uninitialized memory in _dom_event_initialise]
 	- netsurf <unfixed> (bug #1119918)
+	[trixie] - netsurf <no-dsa> (Minor issue)
+	[bookworm] - netsurf <no-dsa> (Minor issue)
 	NOTE: https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-45663
 	NOTE: https://github.com/netsurf-browser/libdom/commit/9ea069f36e5de5f52d7155a71e2d536eb94de141
 CVE-2025-29699 [Use-after-free in _dom_node_set_text_content]
 	- netsurf <unfixed> (bug #1119918)
+	[trixie] - netsurf <no-dsa> (Minor issue)
+	[bookworm] - netsurf <no-dsa> (Minor issue)
 	NOTE: https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-29699
 CVE-2024-51317 [Use-after-free in _dom_node_normalize]
 	- netsurf <unfixed> (bug #1119918)
+	[trixie] - netsurf <no-dsa> (Minor issue)
+	[bookworm] - netsurf <no-dsa> (Minor issue)
 	NOTE: https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2024-51317
 	NOTE: https://github.com/netsurf-browser/libdom/commit/7d317df204d18f161f0a8ffed958ef60eb2692fe
 CVE-2025-62875 [Denial-of-Service via UNIX Domain Socket]
@@ -166,14 +172,17 @@ CVE-2025-7846 (The WordPress User Extra Fields plugin for WordPress is vulnerabl
 CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Abis Technology BAPSIS
 CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of service (Do ...)
-	- python-scrapy <unfixed>
+	- python-scrapy <unfixed> (unimportant)
 	NOTE: https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
+	NOTE: Negligible security impact
 CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled a  perf ...)
 	- python3.14 <unfixed>
 	- python3.13 <unfixed>
 	- python3.11 <removed>
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/issues/136065
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/
 	NOTE: https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c (main)
@@ -289,12 +298,18 @@ CVE-2025-58152 (FutureNet MA and IP-K series provided by Century Systems Co., Lt
 	NOT-FOR-US: Century Systems
 CVE-2025-57108 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use- ...)
 	- vtk9 <unfixed> (bug #1119823)
+	[trixie] - vtk9 <no-dsa> (Minor issue)
+	[bookworm] - vtk9 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19736
 CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buff ...)
 	- vtk9 <unfixed> (bug #1119822)
+	[trixie] - vtk9 <no-dsa> (Minor issue)
+	[bookworm] - vtk9 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19732
 CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffe ...)
 	- vtk9 <unfixed> (bug #1119821)
+	[trixie] - vtk9 <no-dsa> (Minor issue)
+	[bookworm] - vtk9 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19733
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19734
 CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co., Ltd. con ...)
@@ -655,6 +670,8 @@ CVE-2025-5342 (Zohocorp ManageEngine Exchange Reporter Plus through 5721 are vul
 	NOT-FOR-US: Zoho
 CVE-2025-57109 (Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to Heap Use-Af ...)
 	- vtk9 <unfixed> (bug #1119824)
+	[trixie] - vtk9 <no-dsa> (Minor issue)
+	[bookworm] - vtk9 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19735
 CVE-2025-56313 (A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in ...)
 	NOT-FOR-US: JATOS
@@ -36697,6 +36714,7 @@ CVE-2024-10029 (In Eclipse GlassFish version 7.0.15 is possible to perform Refle
 	NOT-FOR-US: Eclipse
 CVE-2025-40777 (If a `named` caching resolver is configured with `serve-stale-enable`  ...)
 	- bind9 1:9.20.11-1
+	[bookworm] - bind9 <postponed> (9.18 is affected, but no patches are currently available for the open source version)
 	[bullseye] - bind9 <postponed> (Minor issue)
 	NOTE: https://kb.isc.org/docs/cve-2025-40777
 	NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/9c7a63142dacb2e16c64719f57d1191298af4393 (v9.20.11)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c79722e446b0683d37853479420a16f086d4951c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c79722e446b0683d37853479420a16f086d4951c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251103/b160e3e7/attachment.htm>

More information about the debian-security-tracker-commits mailing list