[Git][security-tracker-team/security-tracker][master] 2 commits: lts: triage CVE-2025-52885/poppler

Daniel Leidert (@dleidert) dleidert at debian.org
Sun Oct 19 19:40:27 BST 2025 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9a7018af by Daniel Leidert at 2025-10-19T20:09:43+02:00
lts: triage CVE-2025-52885/poppler

Follow triage for trixie and bookworm.

- - - - -
e584f623 by Daniel Leidert at 2025-10-19T20:22:09+02:00
lts: triage CVE-2024-6519/qemu

Add upstream issue tracker link.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2318,6 +2318,7 @@ CVE-2025-52885 (Poppler ia a library for rendering PDF files, and examining or m
 	- poppler 25.03.0-11.1 (bug #1117853)
 	[trixie] - poppler <no-dsa> (Minor issue; only affeccts CLI tools run with non-default CLI options)
 	[bookworm] - poppler <no-dsa> (Minor issue; only affeccts CLI tools run with non-default CLI options)
+	[bullseye] - poppler <postponed> (Minor issue; only affeccts CLI tools run with non-default CLI options)
 	NOTE: https://securitylab.github.com/advisories/GHSL-2025-042_poppler/
 	NOTE: https://github.com/github/securitylab/tree/main/SecurityExploits/freedesktop/poppler-CVE-2025-52885
 	NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1884
@@ -120487,6 +120488,7 @@ CVE-2024-6519 (A use-after-free vulnerability was found in the QEMU LSI53C895A S
 	[bullseye] - qemu <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2292089
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1382/
+	NOTE: https://gitlab.com/qemu-project/qemu/-/issues/3090
 CVE-2024-9860 (The Bridge Core plugin for WordPress is vulnerable to unauthorized mod ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-9824 (The ImagePress \u2013 Image Gallery plugin for WordPress is vulnerable ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03b1759294d9c2fd480adb7ed9faf36d70c57c3d...e584f6230dbc99b4a311a3736889971ec4998633

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/03b1759294d9c2fd480adb7ed9faf36d70c57c3d...e584f6230dbc99b4a311a3736889971ec4998633
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251019/5e586d63/attachment.htm>

More information about the debian-security-tracker-commits mailing list