[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 16 14:11:30 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0294d3ae by Moritz Muehlenhoff at 2025-11-16T15:11:20+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -85,11 +85,11 @@ CVE-2025-64084 (An authenticated SQL injection vulnerability exists in Cloudlog
 CVE-2025-63891 (Information Disclosure in web-accessible backup file in SourceCodester ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-63745 (A NULL pointer dereference vulnerability was discovered in radare2 6.0 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1120793)
 	NOTE: https://github.com/radareorg/radare2/issues/24660
 	NOTE: Fixed by: https://github.com/radareorg/radare2/commit/6c5df3f8570d4f0c360681c08241ad8af3b919fd
 CVE-2025-63744 (A NULL pointer dereference vulnerability was discovered in radare2 6.0 ...)
-	- radare2 <unfixed>
+	- radare2 <unfixed> (bug #1120792)
 	NOTE: https://github.com/radareorg/radare2/issues/24661
 	NOTE: Fixed by: https://github.com/radareorg/radare2/commit/e37e15d10fd8a19c3e57b3d7735a2cfe0082ec79
 CVE-2025-62765 (General Industrial Controls Lynx+ Gatewayis vulnerable to a cleartext  ...)
@@ -457,7 +457,7 @@ CVE-2025-63645 (A stored cross-site scripting (XSS) vulnerability exists in pH7S
 CVE-2025-63406 (An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6 ...)
 	NOT-FOR-US: Intermesh BV GroupOffice
 CVE-2025-63396 (An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profil ...)
-	- pytorch <unfixed>
+	- pytorch <unfixed> (bug #1120794)
 	[trixie] - pytorch <no-dsa> (Minor issue)
 	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/156563
@@ -578,7 +578,7 @@ CVE-2025-13122 (A vulnerability was detected in SourceCodester Patients Waiting
 CVE-2025-13121 (A security vulnerability has been detected in cameasy Liketea 1.0.0. I ...)
 	NOT-FOR-US: cameasy Liketea
 CVE-2025-13120 (A vulnerability has been found in mruby up to 3.4.0. This vulnerabilit ...)
-	- mruby <unfixed>
+	- mruby <unfixed> (bug #1120796)
 	NOTE: https://github.com/mruby/mruby/issues/6649
 	NOTE: Fixed by: https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc
 CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking Sy ...)
@@ -1057,7 +1057,7 @@ CVE-2025-10495 (A potential vulnerability was reported in the Lenovo PC Manager,
 CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2024-47866 (Ceph is a distributed object, block, and file storage platform. In ver ...)
-	- ceph <unfixed>
+	- ceph <unfixed> (bug #1120797)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/11/11/3
 	NOTE: https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
 	NOTE: https://tracker.ceph.com/issues/72669
@@ -2264,10 +2264,9 @@ CVE-2025-63149 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack over
 CVE-2025-63147 (Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow i ...)
 	NOT-FOR-US: Tenda
 CVE-2025-60876 (BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0  ...)
-	- busybox <unfixed>
+	- busybox <unfixed> (bug #1120795)
 	[bullseye] - busybox <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092
-	TODO: check details
 CVE-2025-56503 (An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticate ...)
 	- sublime-text <itp> (bug #682158)
 CVE-2025-47932 (Combodo iTop is a web based IT service management tool. Versions prior ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0294d3ae4a5c82cb05c70a7fe8831bb17fec520d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0294d3ae4a5c82cb05c70a7fe8831bb17fec520d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251116/5e18c4ac/attachment.htm>

More information about the debian-security-tracker-commits mailing list