[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2025-12748 as postponed for Bullseye

Sun Nov 16 00:24:35 GMT 2025


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
243163bf by Thorsten Alteholz at 2025-11-16T00:38:09+01:00
mark CVE-2025-12748 as postponed for Bullseye

- - - - -
49347b5b by Thorsten Alteholz at 2025-11-16T00:47:46+01:00
mark CVE-2025-60876 as postponed for Bullseye

- - - - -
737d3f9f by Thorsten Alteholz at 2025-11-16T00:59:35+01:00
mark CVE-2025-12863 as postponed for Bullseye

- - - - -
d188213a by Thorsten Alteholz at 2025-11-16T01:24:20+01:00
add ceph

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1794,6 +1794,7 @@ CVE-2025-12748 (A flaw was discovered in libvirt in the XML file processing. Mor
 	- libvirt <unfixed> (bug #1120584)
 	[trixie] - libvirt <no-dsa> (Minor issue; requires authenticated user)
 	[bookworm] - libvirt <no-dsa> (Minor issue; requires authenticated user)
+	[bullseye] - libvirt <postponed> (Minor issue; requires authenticated user)
 	NOTE: https://gitlab.com/libvirt/libvirt/-/issues/825
 	NOTE: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/LTGHU3S4JEMCF5KJNJGWWZ7F2CS6L5SG/
 CVE-2025-12539 (The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to ...)
@@ -2230,6 +2231,7 @@ CVE-2025-63147 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack over
 	NOT-FOR-US: Tenda
 CVE-2025-60876 (BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0  ...)
 	- busybox <unfixed>
+	[bullseye] - busybox <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092
 	TODO: check details
 CVE-2025-56503 (An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticate ...)
@@ -2470,6 +2472,7 @@ CVE-2025-12875 (A weakness has been identified in mruby 3.4.0. This vulnerabilit
 	NOTE: Fixed by: https://github.com/mruby/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94
 CVE-2025-12863 (A flaw was found in the xmlSetTreeDoc() function of the libxml2 XML pa ...)
 	- libxml2 2.15.1+dfsg-0.4 (bug #1120364)
+	[bullseye] - libxml2 <postponed> (Minor issue, revisit when merged upstream)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/349
 CVE-2025-12621 (The Flexible Refund and Return Order for WooCommerce plugin for WordPr ...)


=====================================
data/dla-needed.txt
=====================================
@@ -59,6 +59,9 @@ ca-certificates
 calibre (Chris Lamb)
   NOTE: 20251113: Added by Front-Desk (ta)
 --
+ceph
+  NOTE: 20251116: Added by Front-Desk (ta)
+--
 ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2ca17fd71f0e1eef4e31e4cbe24badfb7e3f7420...d188213acfe4d3b5b4c29419375ae2988af12f14

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2ca17fd71f0e1eef4e31e4cbe24badfb7e3f7420...d188213acfe4d3b5b4c29419375ae2988af12f14
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251116/9601c10f/attachment-0001.htm>
