[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Nov 24 12:39:00 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d58459e6 by Moritz Muehlenhoff at 2025-11-24T13:38:21+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1051,6 +1051,8 @@ CVE-2025-12174 (The Directorist: AI-Powered Business Directory Plugin with Class
NOT-FOR-US: WordPress plugin
CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid memory if large options are ...)
- mongo-c-driver 2.1.2-1
+ [trixie] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
TODO: research exact commit, possibly https://github.com/mongodb/mongo-c-driver/pull/2132, asked maintainer
CVE-2025-12057 (The WavePlayer WordPress plugin before 3.8.0 does not have authorizati ...)
NOT-FOR-US: WordPress plugin
@@ -10959,6 +10961,8 @@ CVE-2025-61922 (PrestaShop Checkout is the PrestaShop official payment module in
NOT-FOR-US: PrestaShop
CVE-2025-61909 (Icinga 2 is an open source monitoring system. From 2.10.0 to before 2. ...)
- icinga2 2.15.1-1
+ [trixie] - icinga2 <no-dsa> (Minor issue)
+ [bookworm] - icinga2 <no-dsa> (Minor issue)
[bullseye] - icinga2 <postponed> (Minor issue, requires a compromised icinga/nagios system user)
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-pg6g-g99v-mw46
NOTE: https://github.com/Icinga/icinga2/issues/10527
@@ -10966,6 +10970,8 @@ CVE-2025-61909 (Icinga 2 is an open source monitoring system. From 2.10.0 to bef
NOTE: https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
CVE-2025-61908 (Icinga 2 is an open source monitoring system. From 2.10.0 to before 2. ...)
- icinga2 2.15.1-1
+ [trixie] - icinga2 <no-dsa> (Minor issue)
+ [bookworm] - icinga2 <no-dsa> (Minor issue)
[bullseye] - icinga2 <postponed> (Minor issue, only exploitable by already authenticated users)
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g
NOTE: https://github.com/Icinga/icinga2/commit/0dadce2b972f1d8d9f9b11f3a4eb9604b79cacb2 (v2.15.1)
@@ -10974,6 +10980,8 @@ CVE-2025-61908 (Icinga 2 is an open source monitoring system. From 2.10.0 to bef
NOTE: https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
CVE-2025-61907 (Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 ...)
- icinga2 2.15.1-1
+ [trixie] - icinga2 <no-dsa> (Minor issue)
+ [bookworm] - icinga2 <no-dsa> (Minor issue)
[bullseye] - icinga2 <postponed> (Minor issue, only exploitable by already authenticated users)
NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-gg32-w9rm-vp2v
NOTE: https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
=====================================
data/dsa-needed.txt
=====================================
@@ -75,6 +75,10 @@ tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
--
+tryton-sao (jmm)
+--
+tryton-server (jmm)
+--
unbound
Guilhem Moulin proposing an update to cover CVE-2025-11411
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58459e636049b2ff2d8a7afaf6e737193e0b33d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58459e636049b2ff2d8a7afaf6e737193e0b33d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251124/80fe06bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list