[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Nov 4 09:50:11 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
667be635 by Moritz Muehlenhoff at 2025-11-04T10:49:51+01:00
bookworm/trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,6 @@
CVE-2025-11563
- curl <unfixed>
+ [trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: Introduced with: https://github.com/curl/wcurl/commit/e01d578582a23695ee3cec08a2bff29d61a0bfb4 (v2024.12.08)
@@ -617,6 +618,7 @@ CVE-2025-10487 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress
NOT-FOR-US: WordPress plugin
CVE-2025-12464 (A stack-based buffer overflow was found in the QEMU e1000 network devi ...)
- qemu <unfixed> (bug #1119917)
+ [trixie] - qemu <no-dsa> (Minor issue)
[bookworm] - qemu <not-affected> (Vulnerable code introduced later)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/3043
@@ -16396,7 +16398,7 @@ CVE-2022-50375 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/316ae95c175a7d770d1bfe4c011192712f57aa4a (6.1-rc1)
CVE-2025-30187 (In some circumstances, when DNSdist is configured to use the nghttp2 l ...)
- dnsdist 2.0.1-1 (bug #1115643)
- [trixie] - dnsdist <no-dsa> (Minor issue)
+ [trixie] - dnsdist <no-dsa> (Minor issue, will be fixed via point release)
[bookworm] - dnsdist <not-affected> (Vulnerable code not present)
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
@@ -54150,6 +54152,8 @@ CVE-2025-40633 (A Stored Cross-Site Scripting (XSS) vulnerability has been found
NOT-FOR-US: Koibox
CVE-2025-30193 (In some circumstances, when DNSdist is configured to allow an unlimite ...)
- dnsdist 1.9.10-1 (bug #1106207)
+ [trixie] - dnsdist <no-dsa> (Minor issue, will be fixed via point release)
+ [bullseye] - dnsdist <end-of-life> (see #1119290)
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-03.html
NOTE: https://github.com/PowerDNS/pdns/pull/15572
NOTE: Fixed by: https://github.com/PowerDNS/pdns/commit/096c0fc0c015e80f815eb99aea1bc0eca28cb269 (dnsdist-1.9.10)
=====================================
data/next-point-update.txt
=====================================
@@ -63,6 +63,8 @@ CVE-2025-62171
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u3
CVE-2025-30187
[trixie] - dnsdist 1.9.10-1+deb13u1
+CVE-2025-30193
+ [trixie] - dnsdist 1.9.10-1+deb13u1
CVE-2025-9640
[trixie] - samba 2:4.22.6+dfsg-0+deb13u1
CVE-2025-10230
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/667be6359807ee48e3040e15200695620407b0fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/667be6359807ee48e3040e15200695620407b0fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251104/8dd9d3f9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list