[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Oct 13 18:51:47 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4d7cf024 by Moritz Muehlenhoff at 2025-10-13T19:51:17+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -326,9 +326,10 @@ CVE-2025-31718 (In modem, there is a possible system crash due to improper input
 CVE-2025-31717 (In modem, there is a possible system crash due to improper input valid ...)
 	NOT-FOR-US: Unisoc
 CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...)
-	- wireshark 4.6.0-1 (bug #1117852)
+	- wireshark 4.6.0-1 (bug #1117852; unimportant)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20724
+	NOTE: Hang in CLI tool, no security impact
 CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0. This vul ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-11592 (A vulnerability was detected in CodeAstro Gym Management System 1.0. T ...)
@@ -457,6 +458,8 @@ CVE-2025-60268 (An arbitrary file upload vulnerability exists in JeeWMS 20250820
 	NOT-FOR-US: JeeWMS
 CVE-2025-59530 (quic-go is an implementation of the QUIC protocol in Go. In versions p ...)
 	- golang-github-lucas-clemente-quic-go 0.54.1-1
+	[trixie] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
+	[bookworm] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
 	NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw
 	NOTE: https://github.com/quic-go/quic-go/pull/5354
 	NOTE: Fixed by: https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42 (v0.55.0)
@@ -1383,9 +1386,13 @@ CVE-2025-11340 (GitLab has remediated an issue in GitLab EE affecting all versio
 CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64 End of  ...)
 	- python3.14 <unfixed>
 	- python3.13 <unfixed>
+	[trixie] - python3.13 <no-dsa> (Minor issue)
 	- python3.11 <removed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	- jython <unfixed>
+	[trixie] - jython <no-dsa> (Minor issue)
+	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
 	- pypy3 <unfixed>
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7cf0241d3733f8079689174df1abe4cc66f94c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7cf0241d3733f8079689174df1abe4cc66f94c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251013/c94280c4/attachment.htm>

More information about the debian-security-tracker-commits mailing list