[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Oct 8 22:27:39 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e333d58b by Moritz Muehlenhoff at 2025-10-08T23:27:14+02:00
bookworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -896,6 +896,8 @@ CVE-2025-61766 (Bucket is a MediaWiki extension to store and retrieve structured
TODO: check
CVE-2025-61765 (python-socketio is a Python implementation of the Socket.IO realtime c ...)
- python-socketio <unfixed>
+ [trixie] - python-socketio <no-dsa> (Minor issue)
+ [bookworm] - python-socketio <no-dsa> (Minor issue)
NOTE: https://github.com/miguelgrinberg/python-socketio/security/advisories/GHSA-g8c6-8fjj-2r4m
NOTE: https://github.com/miguelgrinberg/python-socketio/commit/53f6be094257ed81476b0e212c8cddd6d06ca39a (v5.14.0)
CVE-2025-61687 (Flowise is a drag & drop user interface to build a customized large la ...)
@@ -42871,12 +42873,9 @@ CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows r
NOTE: https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695 (1.5.10)
NOTE: https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e (1.5.10)
CVE-2025-49112 (setDeferredReply in networking.c in Valkey through 8.1.1 has an intege ...)
- - redict 7.3.5+ds-1 (bug #1107212)
- - redis <unfixed> (bug #1107211)
- [trixie] - redis <postponed> (Minor issue; can be fixed along with next DSA)
- [bookworm] - redis <postponed> (Minor issue; can be fixed along with next DSA)
- [bullseye] - redis <not-affected> (Vulnerable code not present)
- - valkey 8.1.1+dfsg1-2 (bug #1107210)
+ - redict 7.3.5+ds-1 (bug #1107212; unimportant)
+ - redis <unfixed> (bug #1107211; unimportant)
+ - valkey 8.1.1+dfsg1-2 (bug #1107210; unimportant)
NOTE: https://github.com/redis/redis/issues/14199
NOTE: https://github.com/valkey-io/valkey/pull/2101
NOTE: Fixed by: https://github.com/valkey-io/valkey/commit/374718b2a365ca69f715d542709b7d71540b1387
@@ -74087,6 +74086,7 @@ CVE-2025-22881 (Delta Electronics CNCSoft-G2 lacks proper validation of the leng
NOT-FOR-US: Delta Electronics
CVE-2025-22869 (SSH servers which implement file transfer protocols are vulnerable to ...)
- golang-go.crypto 1:0.42.0-1 (bug #1098968)
+ [trixie] - golang-go.crypto <no-dsa> (Minor issue)
[bookworm] - golang-go.crypto <no-dsa> (Minor issue)
[bullseye] - golang-go.crypto <ignored> (Minor issue; DoS)
NOTE: https://github.com/golang/go/issues/71931
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e333d58b484c7b3b9393c1de777eb4bfa7b6a0ba
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e333d58b484c7b3b9393c1de777eb4bfa7b6a0ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251008/a0f7e9ca/attachment.htm>
More information about the debian-security-tracker-commits
mailing list