[Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Oct 13 17:04:06 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ed2411a9 by Salvatore Bonaccorso at 2025-10-13T18:03:35+02:00
Merge Linux CVEs from kernel-sec
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2025-39965 [xfrm: xfrm_alloc_spi shouldn't use 0 as SPI]
+ - linux 6.16.10-1
+ [bookworm] - linux <not-affected> (Vulnerable code not present)
+ [bullseye] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/cd8ae32e4e4652db55bce6b9c79267d8946765a9 (6.17)
+CVE-2025-39964 [crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg]
+ - linux 6.16.9-1
+ NOTE: https://git.kernel.org/linus/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 (6.17-rc7)
CVE-2025-9976 (An OS Command Injection vulnerability affecting Station Launcher App i ...)
NOT-FOR-US: Dassault Systemes
CVE-2025-9698 (The Plus Addons for Elementor WordPress plugin before 6.3.16 does not ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed2411a90fa43eb1c4b18f3184a76779f909f254
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed2411a90fa43eb1c4b18f3184a76779f909f254
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251013/c6365090/attachment.htm>
More information about the debian-security-tracker-commits
mailing list