[Git][security-tracker-team/security-tracker][master] Add new quickjs issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
810f2e07 by Salvatore Bonaccorso at 2025-10-16T22:52:45+02:00
Add new quickjs issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12,19 +12,33 @@ CVE-2025-6338 (There is an incomplete cleanup vulnerability in Qt Network's Scha
 CVE-2025-62586 (OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset t ...)
 	NOT-FOR-US: OPEXUS FOIAXpress
 CVE-2025-62496 (A vulnerability exists in the QuickJS engine's BigInt string parsing l ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434193016
+	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62495 (An integer overflow vulnerability exists in the QuickJS regular expres ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434196926
+	NOTE: Fixed with 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62494 (A type confusion vulnerability exists in the handling of the string ad ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434193023
+	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62493 (A vulnerability exists in the QuickJS engine's BigInt string conversio ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434193024
+	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62492 (A vulnerability stemming from floating-point arithmetic precision erro ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434194797
+	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62491 (A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's st ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434195203
+	NOTE: Fixed n the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62490 (In quickjs, in js_print_object, when printing an array, the function f ...)
-	TODO: check
+	- quickjs <unfixed>
+	NOTE: https://issuetracker.google.com/434196651
+	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62428 (Drawing-Captcha APP provides interactive, engaging verification for We ...)
 	NOT-FOR-US: Drawing-Captcha APP
 CVE-2025-62427 (The Angular CLI is a command-line interface tool for Angular applicati ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810f2e07bc02bfda8fc3e07ec44a9400064ba60e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/810f2e07bc02bfda8fc3e07ec44a9400064ba60e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251016/765f10a9/attachment.htm>