[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Nov 30 14:34:33 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b9271ef2 by Moritz Muehlenhoff at 2025-11-30T15:34:06+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,6 +109,8 @@ CVE-2025-66384 (app/Controller/EventsController.php in MISP before 2.5.24 has in
 	NOT-FOR-US: MISP
 CVE-2025-66382 (In libexpat through 2.7.3, a crafted file with an approximate size of  ...)
 	- expat <unfixed> (bug #1121543)
+	[trixie] - expat <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - expat <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - expat <postponed> (minor issue; DoS)
 	NOTE: https://github.com/libexpat/libexpat/issues/1076
 CVE-2025-66372 (Mustang before 2.16.3 allows exfiltrating files via XXE attacks.)
@@ -247,6 +249,7 @@ CVE-2025-66314 (Improper Privilege Management vulnerability in ZTE ElasticNet UM
 	NOT-FOR-US: ZTE
 CVE-2025-66040 (Spotipy is a Python library for the Spotify Web API. Prior to version  ...)
 	- spotipy <unfixed> (bug #1121540)
+	[trixie] - spotipy <no-dsa> (Minor issue)
 	NOTE: https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm
 	NOTE: https://github.com/spotipy-dev/spotipy/commit/880b92d7243dcf2b83bf31dc365a858d8b5e6767 (2.25.2)
 CVE-2025-66035 (Angular is a development platform for building mobile and desktop web  ...)
@@ -492,6 +495,8 @@ CVE-2025-13611 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 	- gitlab <unfixed>
 CVE-2025-13601 (A heap-based buffer overflow problem was found in glib through an inco ...)
 	- glib2.0 <unfixed> (bug #1121488)
+	[trixie] - glib2.0 <no-dsa> (Minor issue)
+	[bookworm] - glib2.0 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3827
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4915
@@ -2198,27 +2203,43 @@ CVE-2025-13086 [HMAC verification check: fix incorrect memcmp() call]
 	NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83 (v2.6.16)
 CVE-2025-64438
 	- fastdds <unfixed> (bug #1121096)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7 (v3.4.1)
 CVE-2025-62799
 	- fastdds <unfixed> (bug #1121097)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659 (v3.4.1)
 CVE-2025-62599
 	- fastdds <unfixed> (bug #1121094)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
 CVE-2025-62600
 	- fastdds <unfixed> (bug #1121094)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
 CVE-2025-62601
 	- fastdds <unfixed> (bug #1121094)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
 CVE-2025-62602
 	- fastdds <unfixed> (bug #1121094)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
 CVE-2025-62603
 	- fastdds <unfixed> (bug #1121094)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
 CVE-2025-64098
 	- fastdds <unfixed> (bug #1121094)
+	[trixie] - fastdds <no-dsa> (Minor issue)
+	[bookworm] - fastdds <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f (v3.4.1)
 CVE-2025-9977 (Value provided in one of POST parameters sent during the process of lo ...)
 	NOT-FOR-US: Times Software E-Payroll



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9271ef27416e7146e532b7443d1ae36cb6d5142

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9271ef27416e7146e532b7443d1ae36cb6d5142
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251130/63954fe5/attachment.htm>

More information about the debian-security-tracker-commits mailing list