[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 25 19:54:14 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3472ac96 by Moritz Muehlenhoff at 2025-10-25T20:53:29+02:00
bookworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -596,6 +596,8 @@ CVE-2025-62659 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2025-62611 (aiomysql is a library for accessing a MySQL database from the asyncio. ...)
 	- aiomysql <unfixed> (bug #1118754)
+	[trixie] - aiomysql <no-dsa> (Minor issue)
+	[bookworm] - aiomysql <no-dsa> (Minor issue)
 	NOTE: https://github.com/aio-libs/aiomysql/security/advisories/GHSA-r397-ff8c-wv2g
 	NOTE: https://github.com/aio-libs/aiomysql/pull/1044
 	NOTE: Fixed by: https://github.com/aio-libs/aiomysql/commit/32c4520dae3711367ded74a4726dcb8bb8919538 (v0.3.2)
@@ -22608,12 +22610,10 @@ CVE-2025-44179 (Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection v
 CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access  ...)
 	NOT-FOR-US: DASAN GPON ONU H660WM
 CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial of Serv ...)
-	- adminer <unfixed>
-	[trixie] - adminer <no-dsa> (Minor issue)
-	[bookworm] - adminer <no-dsa> (Minor issue)
+	- adminer <unfixed> (unimportant)
 	NOTE: https://github.com/far00t01/CVE-2025-43960
 	NOTE: https://github.com/vrana/adminer/issues/1193
-	TODO: check, does not seem to be fixed in 4.8.2 and later versions
+	NOTE: Only an issues when using php-monolog, which isn't the case for the Debian packaging
 CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
 	NOT-FOR-US: OpenText
 CVE-2025-3456 (On affected platforms running Arista EOS, the global common encryption ...)
@@ -27984,11 +27984,9 @@ CVE-2025-8738 (A vulnerability has been found in zlt2000 microservices-platform
 CVE-2025-8737 (A vulnerability, which was classified as problematic, was found in zlt ...)
 	NOT-FOR-US: zlt2000 microservices-platform
 CVE-2025-8736 (A vulnerability, which was classified as critical, has been found in G ...)
-	- cflow <unfixed>
-	[trixie] - cflow <no-dsa> (Minor issue)
-	[bookworm] - cflow <no-dsa> (Minor issue)
-	[bullseye] - cflow <ignored> (Crash in CLI tools)
+	- cflow <unfixed>  (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00001.html
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-8735 (A vulnerability classified as problematic was found in GNU cflow up to ...)
 	- cflow <unfixed> (unimportant)
 	NOTE: https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html
@@ -49027,10 +49025,9 @@ CVE-2025-47697 (Client-side enforcement of server-side security issue exists in
 CVE-2025-46352 (The CS5000 Fire Panel is vulnerable due to a hard-coded password that  ...)
 	NOT-FOR-US: CS5000 Fire Panel
 CVE-2025-44906 (jhead v3.08 was discovered to contain a heap-use-after-free via the Pr ...)
-	- jhead <undetermined>
+	NOTE: Bogus report, not reproducible by upstream
 	NOTE: https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md
 	NOTE: https://github.com/Matthias-Wandel/jhead/issues/90
-	NOTE: Not reproducible by upstream
 CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the  ...)
 	- hdf5 <unfixed> (unimportant)
 	NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc5.md



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3472ac96b4f63f003b4c902a80fcff140eeb8b3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3472ac96b4f63f003b4c902a80fcff140eeb8b3b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251025/cafd3e44/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list