[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Nov 21 19:20:12 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2e70a333 by Moritz Muehlenhoff at 2025-11-21T20:20:00+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -70,9 +70,10 @@ CVE-2025-36072 (IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15
 CVE-2025-25613 (FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45 ...)
 	NOT-FOR-US: FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless
 CVE-2025-13499 (Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows de ...)
-	- wireshark 4.6.1-1
+	- wireshark 4.6.1-1 (unimportant)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-06.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20823
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-13485 (A security flaw has been discovered in itsourcecode Online File Manage ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2025-13484 (A vulnerability was identified in Campcodes Complete Online Beauty Par ...)
@@ -753,15 +754,23 @@ CVE-2025-61713 (A Cleartext Storage of Sensitive Information in Memory vulnerabi
 	NOT-FOR-US: Fortinet
 CVE-2025-61664 (A vulnerability in the GRUB2 bootloader has been identified in the nor ...)
 	- grub2 <unfixed> (bug #1120968)
+	[trixie] - grub2 <no-dsa> (Minor issue)
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917
 CVE-2025-61663 (A vulnerability has been identified in the GRUB2 bootloader's normal c ...)
 	- grub2 <unfixed> (bug #1120968)
+	[trixie] - grub2 <no-dsa> (Minor issue)
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917
 CVE-2025-61662 (A Use-After-Free vulnerability has been discovered in GRUB's gettext m ...)
 	- grub2 <unfixed> (bug #1120968)
+	[trixie] - grub2 <no-dsa> (Minor issue)
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807
 CVE-2025-61661 (A vulnerability has been identified in the GRUB (Grand Unified Bootloa ...)
 	- grub2 <unfixed> (bug #1120968)
+	[trixie] - grub2 <no-dsa> (Minor issue)
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3
 CVE-2025-60455 (Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, ...)
 	NOT-FOR-US: Modular Max Serve
@@ -815,9 +824,13 @@ CVE-2025-54821 (An Improper Privilege Management vulnerability [CWE-269] in Fort
 	NOT-FOR-US: Fortinet
 CVE-2025-54771 (A use-after-free vulnerability has been identified in the GNU GRUB (Gr ...)
 	- grub2 <unfixed> (bug #1120968)
+	[trixie] - grub2 <no-dsa> (Minor issue)
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c4fb4cbc941981894a00ba8e75d634a41967a27f
 CVE-2025-54770 (A vulnerability has been identified in the GRUB2 bootloader's network  ...)
 	- grub2 <unfixed> (bug #1120968)
+	[trixie] - grub2 <no-dsa> (Minor issue)
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d
 CVE-2025-54660 (An active debug code vulnerability in Fortinet FortiClientWindows 7.4. ...)
 	NOT-FOR-US: Fortinet



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e70a333bbd7d25363bc3d9e2395b46f8aa2a1f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2e70a333bbd7d25363bc3d9e2395b46f8aa2a1f0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/92ac4e4c/attachment.htm>

More information about the debian-security-tracker-commits mailing list