[Git][security-tracker-team/security-tracker][master] Add upstream commit references for CVE-2025-40780, CVE-2025-40778 and CVE-2025-8677
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Oct 25 12:37:24 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8281b1a4 by Salvatore Bonaccorso at 2025-10-25T13:36:47+02:00
Add upstream commit references for CVE-2025-40780, CVE-2025-40778 and CVE-2025-8677
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1440,14 +1440,25 @@ CVE-2025-40780 (In specific circumstances, due to a weakness in the Pseudo Rando
{DSA-6033-1}
- bind9 1:9.20.15-1
NOTE: https://kb.isc.org/docs/cve-2025-40780
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/2924910eeea5c86720149bc48d799ccb69e59797 (v9.20.15)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/26c77915d52a577be6f421fd351506c29185ab97 (v9.20.15)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/8330b49fb90bfeae14b47b7983e9459cc2bbaffe (v9.18.41)
CVE-2025-40778 (Under certain circumstances, BIND is too lenient when accepting record ...)
{DSA-6033-1}
- bind9 1:9.20.15-1
NOTE: https://kb.isc.org/docs/cve-2025-40778
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/196732041318b931b6fa97f18077117b3b548d18 (v9.20.15)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/ab97f6e9f4405b61ba2051363104fc812cac5270 (v9.20.15)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/a266f329e908313c5669a45751bd1cd84f3bd95b (v9.20.15)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/025d61bacd0f57f994a631654aff7a933d89a547 (v9.18.41)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/cd17dfe696cdf9b8ef23fbc8738de7c79f957846 (v9.18.41)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/4c6d03b0bb2ffbafcde8e8a5bc0e49908b978a72 (v9.18.41)
CVE-2025-8677 (Querying for records within a specially crafted zone containing certai ...)
{DSA-6033-1}
- bind9 1:9.20.15-1
NOTE: https://kb.isc.org/docs/cve-2025-8677
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/0d676bf9f23b1441f6697f1d6b25b4744dacda52 (v9.20.15)
+ NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c5b8ef055900224f0424c341927562c5a9ebe19 (v9.18.41)
CVE-2025-62775 (Mercku M6a devices through 2.1.0 allow root TELNET logins via the web ...)
NOT-FOR-US: Mercku M6a devices
CVE-2025-62774 (On Mercku M6a devices through 2.1.0, the authentication system uses pr ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8281b1a4f4404be6a79e2d6acede0c25ac6f6bbe
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8281b1a4f4404be6a79e2d6acede0c25ac6f6bbe
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251025/96ffc184/attachment.htm>
More information about the debian-security-tracker-commits
mailing list