[Git][security-tracker-team/security-tracker][master] Add new allocated CVEs for chromium update released as DSA 5993-1

Sat Nov 8 08:59:31 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e245a2c by Salvatore Bonaccorso at 2025-11-08T09:58:44+01:00
Add new allocated CVEs for chromium update released as DSA 5993-1

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -53,19 +53,29 @@ CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability has been identified i
 CVE-2025-37736 (Improper Authorization in Elastic Cloud Enterprise can lead to Privile ...)
 	NOT-FOR-US: Elastic Cloud Enterprise
 CVE-2025-12911 (Inappropriate implementation in Permissions in Google Chrome prior to  ...)
-	TODO: check
+	{DSA-5993-1}
+	- chromium 140.0.7339.80-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-12910 (Inappropriate implementation in Passkeys in Google Chrome prior to 140 ...)
-	TODO: check
+	{DSA-5993-1}
+	- chromium 140.0.7339.80-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-12909 (Insufficient policy enforcement in Devtools in Google Chrome prior to  ...)
-	TODO: check
+	{DSA-5993-1}
+	- chromium 140.0.7339.80-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-12908 (Insufficient validation of untrusted input in Downloads in Google Chro ...)
-	TODO: check
+	- chromium <not-affected> (Only affects Google Chrome on Android)
 CVE-2025-12907 (Insufficient validation of untrusted input in Devtools in Google Chrom ...)
-	TODO: check
+	{DSA-5993-1}
+	- chromium 140.0.7339.80-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-12906 (Inappropriate implementation in Permissions in Google Chrome prior to  ...)
-	TODO: check
+	{DSA-5993-1}
+	- chromium 140.0.7339.80-1
+	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-12905 (Inappropriate implementation in Downloads in Google Chrome on Windows  ...)
-	TODO: check
+	- chromium <not-affected> (Only affects Google Chrome on Windows)
 CVE-2025-12902 (Improper resource management in firmware of some Solidigm DC Products  ...)
 	NOT-FOR-US: Solidigm DC
 CVE-2025-12896 (Improper resource management in firmware of some Solidigm DC Products  ...)


=====================================
data/DSA/list
=====================================
@@ -216,7 +216,7 @@
 	[bookworm] - shibboleth-sp 3.4.1+dfsg-2+deb12u1
 	[trixie] - shibboleth-sp 3.5.0+dfsg-2+deb13u1
 [05 Sep 2025] DSA-5993-1 chromium - security update
-	{CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867}
+	{CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867 CVE-2025-12906 CVE-2025-12907 CVE-2025-12909 CVE-2025-12910 CVE-2025-12911}
 	[bookworm] - chromium 140.0.7339.80-1~deb12u1
 	[trixie] - chromium 140.0.7339.80-1~deb13u1
 [30 Aug 2025] DSA-5992-1 firebird4.0 - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e245a2ca35b30c6aba397d8550a9cd1fbdc4664

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e245a2ca35b30c6aba397d8550a9cd1fbdc4664
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251108/3e8313ef/attachment.htm>
