[Git][security-tracker-team/security-tracker][master] Add two 7zip issues (CVE-2025-11001 and CVE-2025-11002)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 10 12:33:19 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
fe4e15ed by Salvatore Bonaccorso at 2025-10-10T13:32:27+02:00
Add two 7zip issues (CVE-2025-11001 and CVE-2025-11002)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,23 @@
+CVE-2025-11002
+ - 7zip 25.00+dfsg-1
+ [trixie] - 7zip <no-dsa> (Minor issue)
+ [bookworm] - 7zip <no-dsa> (Minor issue)
+ - p7zip 16.02+transitional.1
+ [bookworm] - p7zip <no-dsa> (Minor issue)
+ NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
+ NOTE: depending on 7zip. Mark this version as fixed version.
+ NOTE: https://github.com/ip7z/7zip/releases/tag/25.00
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-950/
+CVE-2025-11001
+ - 7zip 25.00+dfsg-1
+ [trixie] - 7zip <no-dsa> (Minor issue)
+ [bookworm] - 7zip <no-dsa> (Minor issue)
+ - p7zip 16.02+transitional.1
+ [bookworm] - p7zip <no-dsa> (Minor issue)
+ NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
+ NOTE: depending on 7zip. Mark this version as fixed version.
+ NOTE: https://github.com/ip7z/7zip/releases/tag/25.00
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-949/
CVE-2025-62292 (In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authent ...)
NOT-FOR-US: SonarQube
CVE-2025-62240 (Multiple cross-site scripting (XSS) vulnerabilities with Calendar even ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe4e15ede27028e0a151a5d9b69eefab79660df0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe4e15ede27028e0a151a5d9b69eefab79660df0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251010/5eb8b7f5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list