[Git][security-tracker-team/security-tracker][master] new Java issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2abcb007 by Moritz Muehlenhoff at 2025-10-21T23:22:59+02:00
new Java issues

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -88,7 +88,7 @@ CVE-2025-61758 (Vulnerability in the PeopleSoft Enterprise FIN IT Asset Manageme
 CVE-2025-61757 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61755 (Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE  ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2025-61754 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61753 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...)
@@ -102,7 +102,9 @@ CVE-2025-61750 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-61749 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61748 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
+	NOTE: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
 CVE-2025-61457 (code16 Sharp v9.6.6 is vulnerable to Cross Site Scripting (XSS) src/Fo ...)
 	TODO: check
 CVE-2025-61255 (Bank Locker Management System by PHPGurukul is affected by a Cross-Sit ...)
@@ -168,7 +170,12 @@ CVE-2025-53068 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2025-53067 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <not-affected> (Only affects 9.x)
 CVE-2025-53066 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
+	NOTE: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
 CVE-2025-53065 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53064 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
@@ -186,7 +193,12 @@ CVE-2025-53059 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-53058 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	TODO: check
 CVE-2025-53057 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
+	- openjdk-25 <unfixed>
+	NOTE: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
 CVE-2025-53056 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53055 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -44,6 +44,10 @@ mediawiki (jmm)
 --
 netty
 --
+openjdk-17/oldstable (jmm)
+--
+openjdk-21/stable (jmm)
+--
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2abcb007ec47d1974a727d53678f252fd1b935c7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2abcb007ec47d1974a727d53678f252fd1b935c7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/19cfa365/attachment-0001.htm>