[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Oct 23 11:03:46 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f1422c1d by Moritz Muehlenhoff at 2025-10-23T12:03:17+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1830,30 +1830,37 @@ CVE-2025-62586 (OPEXUS FOIAXpress allows a remote, unauthenticated attacker to r
 	NOT-FOR-US: OPEXUS FOIAXpress
 CVE-2025-62496 (A vulnerability exists in the QuickJS engine's BigInt string parsing l ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434193016
 	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62495 (An integer overflow vulnerability exists in the QuickJS regular expres ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434196926
 	NOTE: Fixed with 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62494 (A type confusion vulnerability exists in the handling of the string ad ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434193023
 	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62493 (A vulnerability exists in the QuickJS engine's BigInt string conversio ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434193024
 	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62492 (A vulnerability stemming from floating-point arithmetic precision erro ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434194797
 	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62491 (A Use-After-Free (UAF) vulnerability exists in the QuickJS engine's st ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434195203
 	NOTE: Fixed n the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62490 (In quickjs, in js_print_object, when printing an array, the function f ...)
 	- quickjs <unfixed> (bug #1118231)
+	[trixie] - quickjs <no-dsa> (Minor issue)
 	NOTE: https://issuetracker.google.com/434196651
 	NOTE: Fixed in the 2025-09-13 release (https://bellard.org/quickjs/Changelog)
 CVE-2025-62428 (Drawing-Captcha APP provides interactive, engaging verification for We ...)
@@ -2290,6 +2297,8 @@ CVE-2025-11619 (Improper certificate validation when connecting to gateways in D
 	NOT-FOR-US: Devolutions
 CVE-2025-11568 (A data corruption vulnerability has been identified in the luksmeta ut ...)
 	- luksmeta <unfixed> (bug #1118280)
+	[trixie] - luksmeta <no-dsa> (Minor issue)
+	[bookworm] - luksmeta <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2404244
 	NOTE: https://github.com/latchset/luksmeta/pull/16
 CVE-2025-11365 (The WP Google Map Plugin plugin for WordPress is vulnerable to blind S ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in src:linux
 --
+bind9 (jmm)
+--
 chromium (dilinger)
 --
 cpp-httplib
@@ -47,6 +49,9 @@ openjdk-17/oldstable (jmm)
 --
 openjdk-21/stable (jmm)
 --
+openjdk-25/stable (jmm)
+  first GA release, so from now on security-supported along with -21
+--
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --
@@ -69,6 +74,8 @@ samba (carnil)
 --
 sogo/oldstable
 --
+squid
+--
 sympa/oldstable
 --
 thunderbird (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1422c1dbb7b128be302d0d042292bf05d3ed92e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f1422c1dbb7b128be302d0d042292bf05d3ed92e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251023/c83ff2d7/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list