[Git][security-tracker-team/security-tracker][master] 4 commits: mark CVE-2025-47913 as postponed for Bullseye

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Nov 16 17:12:16 GMT 2025 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e0578d3e by Thorsten Alteholz at 2025-11-16T17:58:57+01:00
mark CVE-2025-47913 as postponed for Bullseye

- - - - -
b58a12ef by Thorsten Alteholz at 2025-11-16T18:02:42+01:00
add cups-filters

- - - - -
0c182b62 by Thorsten Alteholz at 2025-11-16T18:04:37+01:00
mark CVE-2025-13033 as postponed for Bullseye

- - - - -
7bbd4f98 by Thorsten Alteholz at 2025-11-16T18:09:54+01:00
mark CVE-2025-12818 and CVE-2025-12817 as postponed for Bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -224,6 +224,7 @@ CVE-2025-13033 (A vulnerability was identified in the email parsing library due
 	- node-nodemailer 7.0.9+~7.0.2-1
 	[trixie] - node-nodemailer <no-dsa> (Minor issue)
 	[bookworm] - node-nodemailer <no-dsa> (Minor issue)
+	[bullseye] - node-nodemailer <postponed> (Minor issue)
 	NOTE: https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87
 	NOTE: Fixed by: https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626 (v7.0.7)
 CVE-2025-12897
@@ -294,6 +295,7 @@ CVE-2025-4619 (A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN
 	NOT-FOR-US: Palo Alto Networks
 CVE-2025-47913 (SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed respons ...)
 	- golang-go.crypto 1:0.42.0-1
+	[bullseye] - golang-go.crypto <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://github.com/advisories/GHSA-hcg3-q754-cr77
 	NOTE: Fixed by: https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 (v0.35.0)
 CVE-2025-47222 (Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue  ...)
@@ -700,6 +702,7 @@ CVE-2025-12818 (Integer wraparound in multiple PostgreSQL libpq client library f
 	- postgresql-17 <unfixed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
+	[bullseye] - postgresql-13 <postponed> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
 	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=600086f471a3bb57ff4953accf1d3f8d2efe0201 (master)
 	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7eb8fcad860e9a0548191dab7a87a5bead5f8e91 (REL_18_1)
@@ -711,6 +714,7 @@ CVE-2025-12817 (Missing authorization in PostgreSQL CREATE STATISTICS command al
 	- postgresql-17 <unfixed>
 	- postgresql-15 <removed>
 	- postgresql-13 <removed>
+	[bullseye] - postgresql-13 <postponed> (Minor issue)
 	NOTE: https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
 	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=5e4fcbe531c668b4112beedde97aac79724074c5 (master)
 	NOTE: Fixed by: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=00eb646ea43410e5df77fed96f4a981e66811796 (REL_18_1)


=====================================
data/dla-needed.txt
=====================================
@@ -69,6 +69,9 @@ ckeditor
 containerd
   NOTE: 20251113: Added by Front-Desk (ta)
 --
+cups-filters (Thorsten Alteholz)
+  NOTE: 20251116: Added by Front-Desk (ta)
+--
 dnsdist
   NOTE: 20250521: Added by Front-Desk (Beuc)
   NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c761841351121a9cd7a022d925da3761bc7bd38...7bbd4f9824bab57a857ceefa67c8d7586be65612

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c761841351121a9cd7a022d925da3761bc7bd38...7bbd4f9824bab57a857ceefa67c8d7586be65612
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251116/ffa31286/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list