[Git][security-tracker-team/security-tracker][master] 2 commits: Merge changes for updates with CVEs via trixie 13.2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 15 10:47:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9dfea0f5 by Salvatore Bonaccorso at 2025-11-14T21:19:55+01:00
Merge changes for updates with CVEs via trixie 13.2
- - - - -
1d226d46 by Salvatore Bonaccorso at 2025-11-15T11:46:49+01:00
Merge branch 'trixie-13.2' into 'master'
Merge changes accepted for trixie 13.2 release
See merge request security-tracker-team/security-tracker!249
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3579,7 +3579,7 @@ CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints c
NOTE: compatibility with the OSSA-2025-002/keystone update.
CVE-2025-11563
- curl 8.17.0-2
- [trixie] - curl <no-dsa> (Minor issue)
+ [trixie] - curl 8.14.1-2+deb13u2
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: Introduced with: https://github.com/curl/wcurl/commit/e01d578582a23695ee3cec08a2bff29d61a0bfb4 (v2024.12.08)
@@ -8601,12 +8601,12 @@ CVE-2025-11679 (Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebs
NOTE: Fixed in: https://libwebsockets.org/git/libwebsockets/commit?id=7df24cca7144d7bc9233b6b0a71108bd154ce101
CVE-2025-11678 (Stack-based Buffer Overflowin lws_adns_parse_label in warmcat libwebso ...)
- libwebsockets 4.3.5-3 (bug #1118746)
- [trixie] - libwebsockets <no-dsa> (Minor issue)
+ [trixie] - libwebsockets 4.3.5-1+deb13u1
[bookworm] - libwebsockets <no-dsa> (Minor issue)
NOTE: https://libwebsockets.org/git/libwebsockets/commit?id=2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a
CVE-2025-11677 (Use After Free in WebSocket server implementation in lws_handshake_ser ...)
- libwebsockets 4.3.5-3 (bug #1118747)
- [trixie] - libwebsockets <no-dsa> (Minor issue)
+ [trixie] - libwebsockets 4.3.5-1+deb13u1
[bookworm] - libwebsockets <no-dsa> (Minor issue)
NOTE: https://libwebsockets.org/git/libwebsockets/commit?id=2f082ec31261f556969160143ba94875d783971a
CVE-2025-10678 (NetBird VPN when installed using vendor's provided script failed to re ...)
@@ -8897,7 +8897,7 @@ CVE-2025-62353 (A path traversal vulnerability in all versions of the Windsurf I
CVE-2025-62171 (ImageMagick is an open source software suite for displaying, convertin ...)
{DLA-4339-1}
- imagemagick 8:7.1.2.7+dfsg1-1 (bug #1118340)
- [trixie] - imagemagick <no-dsa> (Minor issue; can be fixed in point release)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u3
[bookworm] - imagemagick <no-dsa> (Minor issue; can be fixed in point release)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 (7.1.2-7)
@@ -9347,7 +9347,7 @@ CVE-2025-0274 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affe
NOT-FOR-US: HCL
CVE-2025-11683 (YAML::Syck versions before 1.36 for Perl has missing null-terminators ...)
- libyaml-syck-perl 1.34-4
- [trixie] - libyaml-syck-perl <no-dsa> (Minor issue)
+ [trixie] - libyaml-syck-perl 1.34-2+deb13u1
[bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
[bullseye] - libyaml-syck-perl <postponed> (Minor issue)
NOTE: https://github.com/cpan-authors/YAML-Syck/pull/65
@@ -9517,7 +9517,7 @@ CVE-2025-11619 (Improper certificate validation when connecting to gateways in D
NOT-FOR-US: Devolutions
CVE-2025-11568 (A data corruption vulnerability has been identified in the luksmeta ut ...)
- luksmeta 10-1 (bug #1118280)
- [trixie] - luksmeta <no-dsa> (Minor issue)
+ [trixie] - luksmeta 9-4+deb13u1
[bookworm] - luksmeta <no-dsa> (Minor issue)
[bullseye] - luksmeta <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2404244
@@ -9601,13 +9601,13 @@ CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to limite
NOT-FOR-US: WordPress plugin
CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module, where unin ...)
- samba 2:4.23.2+dfsg-1
- [trixie] - samba <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - samba 2:4.22.6+dfsg-0+deb13u1
[bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15885
CVE-2025-10230 (A flaw was found in Samba, in the front-end WINS hook handling: NetBIO ...)
- samba 2:4.23.2+dfsg-1
- [trixie] - samba <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - samba 2:4.22.6+dfsg-0+deb13u1
[bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
NOTE: https://www.samba.org/samba/security/CVE-2025-10230.html
@@ -11334,7 +11334,7 @@ CVE-2025-23345 (NVIDIA Display Driver for Windows and Linux contains a vulnerabi
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1118688)
- [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
+ [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1118689)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703
@@ -11361,7 +11361,7 @@ CVE-2025-23332 (NVIDIA Display Driver for Linux contains a vulnerability in a ke
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1118688)
- [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
+ [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1118689)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703
@@ -11388,7 +11388,7 @@ CVE-2025-23330 (NVIDIA Display Driver for Linux contains a vulnerability where a
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1118688)
- [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
+ [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1118689)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703
@@ -11415,7 +11415,7 @@ CVE-2025-23300 (NVIDIA Display Driver for Linux contains a vulnerability in the
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1118688)
- [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
+ [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1118689)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703
@@ -11443,7 +11443,7 @@ CVE-2025-23282 (NVIDIA Display Driver for Linux contains a vulnerability where a
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1118688)
- [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
+ [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1118689)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703
@@ -11470,7 +11470,7 @@ CVE-2025-23280 (NVIDIA Display Driver for Linux contains a vulnerability where a
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1118688)
- [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
+ [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1118689)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5703
@@ -11496,7 +11496,7 @@ CVE-2025-11188 (The Kiwire Captive Portal contains a blind SQL injection in the
NOT-FOR-US: Kiwire Captive Portal
CVE-2025-11002
- 7zip 25.00+dfsg-1
- [trixie] - 7zip <no-dsa> (Minor issue)
+ [trixie] - 7zip 25.01+dfsg-1~deb13u1
[bookworm] - 7zip <no-dsa> (Minor issue)
- p7zip 16.02+transitional.1
[bookworm] - p7zip <no-dsa> (Minor issue)
@@ -11507,7 +11507,7 @@ CVE-2025-11002
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-950/
CVE-2025-11001
- 7zip 25.00+dfsg-1
- [trixie] - 7zip <no-dsa> (Minor issue)
+ [trixie] - 7zip 25.01+dfsg-1~deb13u1
[bookworm] - 7zip <no-dsa> (Minor issue)
- p7zip 16.02+transitional.1
[bookworm] - p7zip <no-dsa> (Minor issue)
@@ -15109,7 +15109,7 @@ CVE-2025-59148 (Suricata is a network IDS, IPS and NSM engine developed by the O
NOTE: https://redmine.openinfosecfoundation.org/issues/7838
CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.1-1
- [trixie] - suricata <no-dsa> (Minor issue)
+ [trixie] - suricata 1:7.0.10-1+deb13u1
[bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
NOTE: https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b (suricata-8.0.1)
@@ -16516,7 +16516,7 @@ CVE-2025-41245 (VMware Aria Operations contains an information disclosure vulner
CVE-2025-41244 (VMware Aria Operations and VMware Tools contain a local privilege esca ...)
{DLA-4316-1}
- open-vm-tools 2:13.0.5-1
- [trixie] - open-vm-tools <no-dsa> (Will be fixed via point release)
+ [trixie] - open-vm-tools 2:12.5.0-2+deb13u1
[bookworm] - open-vm-tools <no-dsa> (Will be fixed via point release)
NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2025-41244.patch
NOTE: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
@@ -17352,7 +17352,7 @@ CVE-2025-59422 (Dify is an open-source LLM app development platform. In version
NOT-FOR-US: Dify
CVE-2025-57632 (libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 ch ...)
- libsmb2 6.2+dfsg-3 (bug #1116446)
- [trixie] - libsmb2 <no-dsa> (Minor issue)
+ [trixie] - libsmb2 6.2+dfsg-2+deb13u1
NOTE: https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e
NOTE: https://github.com/sahlberg/libsmb2/pull/431
CVE-2025-57623 (A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2 ...)
@@ -19328,7 +19328,7 @@ CVE-2025-59670
REJECTED
CVE-2025-59431 (MapServer is a system for developing web-based GIS applications. Prior ...)
- mapserver 8.4.1-1
- [trixie] - mapserver <no-dsa> (Minor issue)
+ [trixie] - mapserver 8.4.0-4+deb13u1
[bookworm] - mapserver <no-dsa> (Minor issue)
[bullseye] - mapserver <postponed> (Minor issue)
NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w
@@ -20237,7 +20237,7 @@ CVE-2022-50375 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/316ae95c175a7d770d1bfe4c011192712f57aa4a (6.1-rc1)
CVE-2025-30187 (In some circumstances, when DNSdist is configured to use the nghttp2 l ...)
- dnsdist 2.0.1-1 (bug #1115643)
- [trixie] - dnsdist <no-dsa> (Minor issue, will be fixed via point release)
+ [trixie] - dnsdist 1.9.10-1+deb13u1
[bookworm] - dnsdist <not-affected> (Vulnerable code not present)
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
@@ -23326,7 +23326,7 @@ CVE-2025-10359 (A vulnerability was detected in Wavlink WL-WN578W2 221110. This
NOT-FOR-US: Wavlink
CVE-2025-59518 (In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS ...)
- lemonldap-ng 2.21.3+ds-1
- [trixie] - lemonldap-ng <no-dsa> (Minor issue)
+ [trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
[bookworm] - lemonldap-ng <no-dsa> (Minor issue)
[bullseye] - lemonldap-ng <postponed> (Minor issue; can be piggybacked with future DLA)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3462
@@ -23337,7 +23337,7 @@ CVE-2025-59518 (In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/8b5ce4de7716f550d353f406b4867378c81aee7c (v2.16.7)
CVE-2025-XXXX [session id exposed in portal AJAX responses]
- lemonldap-ng 2.21.3+ds-1
- [trixie] - lemonldap-ng <no-dsa> (Minor issue)
+ [trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
[bookworm] - lemonldap-ng <no-dsa> (Minor issue)
[bullseye] - lemonldap-ng <postponed> (Minor issue; can be piggybacked with future DLA)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3446
@@ -24390,7 +24390,7 @@ CVE-2025-10200 (Use after free in Serviceworker in Google Chrome on Desktop prio
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9086 (1. A cookie is set using the `secure` keyword for `https://target` 2. ...)
- curl 8.16.0~rc2-1
- [trixie] - curl <no-dsa> (Minor issue)
+ [trixie] - curl 8.14.1-2+deb13u1
[bookworm] - curl <no-dsa> (Minor issue)
[bullseye] - curl <postponed> (Minor issue)
NOTE: https://curl.se/docs/CVE-2025-9086.html
@@ -24398,7 +24398,7 @@ CVE-2025-9086 (1. A cookie is set using the `secure` keyword for `https://target
NOTE: Fixed by: https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb62b45dd37711300 (rc-8_16_0-1)
CVE-2025-10148 (curl's websocket code did not update the 32 bit mask pattern for each ...)
- curl 8.16.0-1
- [trixie] - curl <no-dsa> (Minor issue)
+ [trixie] - curl 8.14.1-2+deb13u1
[bookworm] - curl <ignored> (Minor issue; WebSocket support considered experimental feature, only enabled in builds since 8.8.0-2)
[bullseye] - curl <not-affected> (WebSocket support introduced later)
NOTE: https://curl.se/docs/CVE-2025-10148.html
@@ -24433,7 +24433,7 @@ CVE-2025-8711 (CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti P
NOT-FOR-US: Ivanti
CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX) processes ...)
- libssh 0.11.3-1 (bug #1114859)
- [trixie] - libssh <no-dsa> (Minor issue)
+ [trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
[bullseye] - libssh <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383888
@@ -27278,7 +27278,7 @@ CVE-2023-3666 (The Sticky Side Buttons WordPress plugin before 2.0.0 does not sa
CVE-2025-9714 (Uncontrolled recursion inXPath evaluationin libxml2 up to and includin ...)
{DLA-4319-1}
- libxml2 2.14.5+dfsg-0.1
- [trixie] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
+ [trixie] - libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
[bookworm] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2392605
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
@@ -27855,7 +27855,7 @@ CVE-2025-58156 (Centurion ERP is an ERP with a focus on ITSM and automation. In
CVE-2025-58068 (Eventlet is a concurrent networking library for Python. Prior to versi ...)
{DLA-4289-1}
- python-eventlet 0.40.1-3 (bug #1112515)
- [trixie] - python-eventlet <no-dsa> (Minor issue)
+ [trixie] - python-eventlet 0.39.1-2+deb13u1
[bookworm] - python-eventlet <no-dsa> (Minor issue)
NOTE: https://github.com/eventlet/eventlet/security/advisories/GHSA-hw6f-rjfj-j7j7
NOTE: https://github.com/eventlet/eventlet/pull/1062
@@ -29372,7 +29372,7 @@ CVE-2025-54370 (PhpOffice/PhpSpreadsheet is a pure PHP library for reading and w
NOT-FOR-US: PHPOffice
CVE-2025-53510 (A memory corruption vulnerability exists in the PSD Image Decoding fun ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2218
NOTE: https://github.com/HappySeaFox/sail/issues/226
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
@@ -29384,18 +29384,18 @@ CVE-2025-53118 (An authentication bypass vulnerability exists which allows an un
NOT-FOR-US: Securden Unified PAM
CVE-2025-53085 (A memory corruption vulnerability exists in the PSD RLE Decoding funct ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2219
NOTE: https://github.com/HappySeaFox/sail/issues/227
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
CVE-2025-52930 (A memory corruption vulnerability exists in the BMPv3 RLE Decoding fun ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2221
NOTE: https://github.com/HappySeaFox/sail/issues/229
CVE-2025-52456 (A memory corruption vulnerability exists in the WebP Image Decoding fu ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2224
NOTE: https://github.com/HappySeaFox/sail/issues/230
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
@@ -29411,7 +29411,7 @@ CVE-2025-50383 (alextselegidis Easy!Appointments v1.5.1 was discovered to contai
NOT-FOR-US: alextselegidis Easy!Appointments
CVE-2025-50129 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2220
NOTE: https://github.com/HappySeaFox/sail/issues/228
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
@@ -29419,7 +29419,7 @@ CVE-2025-48303 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Langley
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46407 (A memory corruption vulnerability exists in the BMPv3 Palette Decoding ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2215
NOTE: https://github.com/HappySeaFox/sail/issues/223
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
@@ -29440,13 +29440,13 @@ CVE-2025-3456 (On affected platforms running Arista EOS, the global common encry
NOT-FOR-US: Arista Networks
CVE-2025-35984 (A memory corruption vulnerability exists in the PCX Image Decoding fun ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2217
NOTE: https://github.com/HappySeaFox/sail/issues/225
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
CVE-2025-32468 (A memory corruption vulnerability exists in the BMPv3 Image Decoding f ...)
- sail 0.9.9-1 (bug #1112346)
- [trixie] - sail <no-dsa> (Minor issue)
+ [trixie] - sail 0.9.8-1+deb13u1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2216
NOTE: https://github.com/HappySeaFox/sail/issues/224
NOTE: Tests: https://github.com/HappySeaFox/sail/commit/463a80236406a52f59e34f9a4ff0327a3995862b
@@ -29874,7 +29874,7 @@ CVE-2025-55398 (An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03
CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in Apache Log4cx ...)
{DLA-4322-1}
- log4cxx 1.4.0-1.1 (bug #1111881)
- [trixie] - log4cxx <no-dsa> (Minor issue)
+ [trixie] - log4cxx 1.4.0-1+deb13u1
[bookworm] - log4cxx <no-dsa> (Minor issue)
NOTE: https://logging.apache.org/security.html#CVE-2025-54813
NOTE: https://github.com/apache/logging-log4cxx/pull/512
@@ -29882,7 +29882,7 @@ CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in Apache
CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in Apache Log4cx ...)
{DLA-4322-1}
- log4cxx 1.4.0-1.1 (bug #1111879)
- [trixie] - log4cxx <no-dsa> (Minor issue)
+ [trixie] - log4cxx 1.4.0-1+deb13u1
[bookworm] - log4cxx <no-dsa> (Minor issue)
NOTE: https://logging.apache.org/security.html#CVE-2025-54812
NOTE: https://github.com/apache/logging-log4cxx/pull/509
@@ -30502,10 +30502,10 @@ CVE-2024-45438 (An issue was discovered in TitanHQ SpamTitan Email Security Gate
NOT-FOR-US: TitanHQ SpamTitan Email Security Gateway
CVE-2025-XXXX [OSSN-0094]
- nova 2:31.0.0-7 (bug #1111689)
- [trixie] - nova <no-dsa> (Will be fixed via point release)
+ [trixie] - nova 2:31.0.0-6+deb13u1
[bookworm] - nova <no-dsa> (Will be fixed via point release)
- watcher 14.0.0-3 (bug #1111692)
- [trixie] - watcher <no-dsa> (Will be fixed via point release)
+ [trixie] - watcher 14.0.0-1+deb13u1
[bookworm] - watcher <no-dsa> (Will be fixed via point release)
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0094
NOTE: https://bugs.launchpad.net/nova/+bug/2112187
@@ -34738,7 +34738,7 @@ CVE-2025-6573 (Kernel software installed and running inside an untrusted/rich ex
NOT-FOR-US: Imagination Technologies
CVE-2025-55188 (7-Zip before 25.01 does not always properly handle symbolic links duri ...)
- 7zip 25.01+dfsg-1 (bug #1111068)
- [trixie] - 7zip <no-dsa> (Minor issue)
+ [trixie] - 7zip 25.01+dfsg-1~deb13u1
[bookworm] - 7zip <no-dsa> (Minor issue)
- p7zip 16.02+transitional.1
[bookworm] - p7zip <no-dsa> (Minor issue)
@@ -35607,7 +35607,7 @@ CVE-2025-54594 (react-native-bottom-tabs is a library of Native Bottom Tabs for
CVE-2025-54571 (ModSecurity is an open source, cross platform web application firewall ...)
{DLA-4294-1}
- modsecurity-apache 2.9.12-2 (bug #1110480)
- [trixie] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - modsecurity-apache 2.9.11-1+deb13u1
[bookworm] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v
NOTE: https://github.com/owasp-modsecurity/ModSecurity/issues/2514
@@ -36057,7 +36057,7 @@ CVE-2025-5988 (A flaw was found in the Ansible aap-gateway. Cross-site request f
NOT-FOR-US: Ansible Automation Platform
CVE-2025-55014 (The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+ ...)
- stardict 3.0.7+git20220909+dfsg-8 (bug #1110370)
- [trixie] - stardict <no-dsa> (Minor issue)
+ [trixie] - stardict 3.0.7+git20220909+dfsg-8~deb13u1
[bookworm] - stardict <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/08/04/1
NOTE: https://lists.debian.org/debian-user/2025/08/msg00076.html
@@ -36087,7 +36087,7 @@ CVE-2025-50422 (Cairo through 1.18.4, as used in Poppler through 25.08.0, has an
NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621
CVE-2025-50420 (An issue in the pdfseparate utility of freedesktop poppler v25.04.0 al ...)
- poppler 25.03.0-6 (bug #1110463)
- [trixie] - poppler <no-dsa> (Minor issue)
+ [trixie] - poppler 25.03.0-5+deb13u2
[bookworm] - poppler <no-dsa> (Minor issue)
[bullseye] - poppler <postponed> (minor issue; Local DoS)
NOTE: https://github.com/Landw-hub/CVE-2025-50420
@@ -38822,7 +38822,7 @@ CVE-2025-8115 (A vulnerability has been found in PHPGurukul Taxi Stand Managemen
NOT-FOR-US: PHPGurukul
CVE-2025-8114 (A flaw was found in libssh, a library that implements the SSH protocol ...)
- libssh 0.11.3-1 (bug #1109860)
- [trixie] - libssh <no-dsa> (Minor issue)
+ [trixie] - libssh 0.11.2-1+deb13u1
[bookworm] - libssh <no-dsa> (Minor issue)
[bullseye] - libssh <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383220
@@ -38944,7 +38944,7 @@ CVE-2025-53942 (authentik is an open-source Identity Provider that emphasizes fl
NOT-FOR-US: authentik
CVE-2025-53537 (LibHTP is a security-aware parser for the HTTP protocol and its relate ...)
- libhtp 1:0.5.51-1 (bug #1109838)
- [trixie] - libhtp <no-dsa> (Minor issue)
+ [trixie] - libhtp 1:0.5.50-1+deb13u1
[bookworm] - libhtp <not-affected> (Vulnerable code introduced later)
[bullseye] - libhtp <not-affected> (Vulnerable code introduced later)
NOTE: https://redmine.openinfosecfoundation.org/issues/7766
@@ -39090,7 +39090,7 @@ CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data witho
NOT-FOR-US: DuraComm
CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:7.0.11-1 (bug #1109806)
- [trixie] - suricata <no-dsa> (Minor issue)
+ [trixie] - suricata 1:7.0.10-1+deb13u1
[bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3
NOTE: https://redmine.openinfosecfoundation.org/issues/7659
@@ -42175,7 +42175,7 @@ CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang. Th
[trixie] - libcommons-lang3-java <no-dsa> (Minor issue)
[bookworm] - libcommons-lang3-java <no-dsa> (Minor issue)
- libcommons-lang-java 2.6-11 (bug #1109126)
- [trixie] - libcommons-lang-java <no-dsa> (Minor issue)
+ [trixie] - libcommons-lang-java 2.6-10+deb13u1
[bookworm] - libcommons-lang-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/07/11/1
NOTE: https://github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53 (commons-lang-3.18.0-RC1)
@@ -49095,7 +49095,7 @@ CVE-2025-52464 (Meshtastic is an open source mesh networking solution. In versio
NOT-FOR-US: Meshtastic
CVE-2025-50200 (RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and p ...)
- rabbitmq-server 4.0.5-9 (bug #1108075)
- [trixie] - rabbitmq-server <no-dsa> (Will be fixed via poin release)
+ [trixie] - rabbitmq-server 4.0.5-6+deb13u2
[bookworm] - rabbitmq-server <not-affected> (vulnerable code introduced later)
[bullseye] - rabbitmq-server <not-affected> (vulnerable code introduced later)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8
@@ -70740,7 +70740,7 @@ CVE-2025-3573 (Versions of the package jquery-validation before 1.20.0 are vulne
[trixie] - znuny <no-dsa> (Non-free not supported)
[bookworm] - znuny <no-dsa> (Non-free not supported)
- phpmyadmin 4:5.2.2-really+dfsg-2 (bug #1104136)
- [trixie] - phpmyadmin <no-dsa> (Minor issue)
+ [trixie] - phpmyadmin 4:5.2.2-really+dfsg-1+deb13u1
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
[bullseye] - phpmyadmin <postponed> (Minor Issue; barely an issue in the phpmyadmin package XSS)
- node-jquery-validation <not-affected> (Fixed before initial upload to Debian)
=====================================
data/next-point-update.txt
=====================================
@@ -1,102 +1,3 @@
-CVE-2025-50420
- [trixie] - poppler 25.03.0-5+deb13u2
-CVE-2025-48924
- [trixie] - libcommons-lang-java 2.6-10+deb13u1
-CVE-2025-54571
- [trixie] - modsecurity-apache 2.9.11-1+deb13u1
-CVE-2025-XXXX [OSSN-0094]
- [trixie] - nova 2:31.0.0-6+deb13u1
- [trixie] - watcher 14.0.0-1+deb13u1
-CVE-2025-58068
- [trixie] - python-eventlet 0.39.1-2+deb13u1
-CVE-2025-55014
- [trixie] - stardict 3.0.7+git20220909+dfsg-8~deb13u1
-CVE-2025-53510
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-32468
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-35984
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-46407
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-50129
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-52456
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-52930
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-53085
- [trixie] - sail 0.9.8-1+deb13u1
-CVE-2025-3573
- [trixie] - phpmyadmin 4:5.2.2-really+dfsg-1+deb13u1
-CVE-2025-50200
- [trixie] - rabbitmq-server 4.0.5-6+deb13u2
-CVE-2025-53537
- [trixie] - libhtp 1:0.5.50-1+deb13u1
-CVE-2025-59431
- [trixie] - mapserver 8.4.0-4+deb13u1
-CVE-2025-41244
- [trixie] - open-vm-tools 2:12.5.0-2+deb13u1
-CVE-2025-53538
- [trixie] - suricata 1:7.0.10-1+deb13u1
-CVE-2025-59147
- [trixie] - suricata 1:7.0.10-1+deb13u1
-CVE-2025-9714
- [trixie] - libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
-CVE-2025-55188
- [trixie] - 7zip 25.01+dfsg-1~deb13u1
-CVE-2025-11002
- [trixie] - 7zip 25.01+dfsg-1~deb13u1
-CVE-2025-11001
- [trixie] - 7zip 25.01+dfsg-1~deb13u1
-CVE-2025-11683
- [trixie] - libyaml-syck-perl 1.34-2+deb13u1
-CVE-2025-57632
- [trixie] - libsmb2 6.2+dfsg-2+deb13u1
-CVE-2025-59518
- [trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
-CVE-2025-XXXX [session id exposed in portal AJAX responses]
- [trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
-CVE-2025-62171
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u3
-CVE-2025-30187
- [trixie] - dnsdist 1.9.10-1+deb13u1
-CVE-2025-9640
- [trixie] - samba 2:4.22.6+dfsg-0+deb13u1
-CVE-2025-10230
- [trixie] - samba 2:4.22.6+dfsg-0+deb13u1
-CVE-2025-23280
- [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
-CVE-2025-23282
- [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
-CVE-2025-23300
- [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
-CVE-2025-23330
- [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
-CVE-2025-23332
- [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
-CVE-2025-23345
- [trixie] - nvidia-graphics-drivers-tesla-535 535.274.02-1~deb13u1
-CVE-2025-11568
- [trixie] - luksmeta 9-4+deb13u1
-CVE-2025-11678
- [trixie] - libwebsockets 4.3.5-1+deb13u1
-CVE-2025-11677
- [trixie] - libwebsockets 4.3.5-1+deb13u1
-CVE-2025-11563
- [trixie] - curl 8.14.1-2+deb13u2
-CVE-2025-9086
- [trixie] - curl 8.14.1-2+deb13u1
-CVE-2025-10148
- [trixie] - curl 8.14.1-2+deb13u1
-CVE-2025-54812
- [trixie] - log4cxx 1.4.0-1+deb13u1
-CVE-2025-54813
- [trixie] - log4cxx 1.4.0-1+deb13u1
-CVE-2025-8277
- [trixie] - libssh 0.11.2-1+deb13u1
-CVE-2025-8114
- [trixie] - libssh 0.11.2-1+deb13u1
CVE-2024-13176
[trixie] - edk2 2025.02-8+deb13u1
CVE-2024-38805
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5b07711cc3f18c062554d4b232ca0c1b4d216295...1d226d4673b283b2b7ca02923011c74f7519818b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5b07711cc3f18c062554d4b232ca0c1b4d216295...1d226d4673b283b2b7ca02923011c74f7519818b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251115/f0443475/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list