[Git][security-tracker-team/security-tracker][master] 3 commits: lts: add patch link for CVE-2025-61224/dokuwiki

Mon Oct 20 01:14:16 BST 2025


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
674b0a1b by Daniel Leidert at 2025-10-20T02:13:54+02:00
lts: add patch link for CVE-2025-61224/dokuwiki

- - - - -
1b083b31 by Daniel Leidert at 2025-10-20T02:13:57+02:00
lts: add possibly related report link to CVE-2025-11568/luksmeta

That might help reproduce the issue.

- - - - -
a21e699a by Daniel Leidert at 2025-10-20T02:13:57+02:00
lts: add p7zip to dla-needed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -792,6 +792,7 @@ CVE-2025-11619 (Improper certificate validation when connecting to gateways in D
 CVE-2025-11568 (A data corruption vulnerability has been identified in the luksmeta ut ...)
 	- luksmeta <unfixed> (bug #1118280)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2404244
+	NOTE: Possibly related to https://github.com/latchset/clevis/issues/181
 CVE-2025-11365 (The WP Google Map Plugin plugin for WordPress is vulnerable to blind S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11196 (The External Login plugin for WordPress is vulnerable to sensitive inf ...)
@@ -4349,6 +4350,7 @@ CVE-2025-61687 (Flowise is a drag & drop user interface to build a customized la
 CVE-2025-61224 (Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian' ...)
 	- dokuwiki <unfixed> (bug #1117531)
 	NOTE: https://github.com/dokuwiki/dokuwiki/issues/4512
+	NOTE: Fixed by: https://github.com/dokuwiki/dokuwiki/commit/84f2d3156dbe7e95e360366199807c520b866e4f (release-2025-05-14b)
 CVE-2025-61198 (A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Op ...)
 	NOT-FOR-US: Optimod
 CVE-2025-61197 (An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -286,6 +286,10 @@ opencryptoki
   NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
   NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in all dists (Beuc/front-desk)
 --
+p7zip
+  NOTE: 20251020: Added by Front-Desk (dleidert)
+  NOTE: 20251020: I disagree with the low-severity ratings; but finding the patches might be a hard (dleidert/front-desk)
+--
 p7zip-rar
   NOTE: 20250719: Added by Front-Desk (Beuc)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/77a8b65ae98bcb0fcd4d926942561583eae1c24b...a21e699adfed34ecba4252e99e75f6f44662fe05

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/77a8b65ae98bcb0fcd4d926942561583eae1c24b...a21e699adfed34ecba4252e99e75f6f44662fe05
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251020/6f831e49/attachment-0001.htm>
