[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for CVE-2025-62813/lz4
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Oct 24 22:16:53 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d627147b by Salvatore Bonaccorso at 2025-10-24T23:14:58+02:00
Add Debian bug reference for CVE-2025-62813/lz4
- - - - -
c8e41ffe by Salvatore Bonaccorso at 2025-10-24T23:15:36+02:00
Add Debian bug references for two pypdf issues
- - - - -
aecc6593 by Salvatore Bonaccorso at 2025-10-24T23:16:08+02:00
Add Debian bug reference for CVE-2025-62611/aiomysql
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -251,7 +251,7 @@ CVE-2025-6978 (Diagnostics command injection vulnerability)
CVE-2025-62820 (Slack Nebula before 1.9.7 mishandles CIDR in some configurations and t ...)
NOT-FOR-US: Slack Nebula
CVE-2025-62813 (LZ4 through 1.10.0 allows attackers to cause a denial of service (appl ...)
- - lz4 <unfixed>
+ - lz4 <unfixed> (bug #1118757)
NOTE: https://github.com/lz4/lz4/pull/1593
NOTE: https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82
CVE-2025-62812
@@ -277,14 +277,14 @@ CVE-2025-62713 (Kottster is a self hosted Node.js admin panel. From versions 3.2
CVE-2025-62710 (Sakai is a Collaboration and Learning Environment. Prior to versions 2 ...)
NOT-FOR-US: Sakai
CVE-2025-62708 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed>
+ - pypdf <unfixed> (bug #1118756)
[bookworm] - pypdf <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j
NOTE: https://github.com/py-pdf/pypdf/pull/3502
NOTE: Introduced with: https://github.com/py-pdf/pypdf/commit/e825ac07ea89c78962646245e348b934d48f9629 (5.1.0)
NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da (6.1.3)
CVE-2025-62707 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
- - pypdf <unfixed>
+ - pypdf <unfixed> (bug #1118755)
[bookworm] - pypdf <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265
NOTE: https://github.com/py-pdf/pypdf/pull/3501
@@ -483,7 +483,7 @@ CVE-2025-6833 (The All in One Time Clock Lite \u2013 Tracking Employee Time Has
CVE-2025-62659 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2025-62611 (aiomysql is a library for accessing a MySQL database from the asyncio. ...)
- - aiomysql <unfixed>
+ - aiomysql <unfixed> (bug #1118754)
NOTE: https://github.com/aio-libs/aiomysql/security/advisories/GHSA-r397-ff8c-wv2g
NOTE: https://github.com/aio-libs/aiomysql/pull/1044
NOTE: Fixed by: https://github.com/aio-libs/aiomysql/commit/32c4520dae3711367ded74a4726dcb8bb8919538 (v0.3.2)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd82e8c68a7e4d2c50f764da41252936ad46c337...aecc659343c475e2af53ce14b094b2b1ac9d4aa6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd82e8c68a7e4d2c50f764da41252936ad46c337...aecc659343c475e2af53ce14b094b2b1ac9d4aa6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251024/8502afa1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list