[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 26 08:12:28 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4ddfccb1 by security tracker role at 2025-10-26T08:12:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-8709 (A SQL injection vulnerability exists in the langchain-ai/langchain rep ...)
+	TODO: check
 CVE-2025-55757 (A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4. ...)
 	NOT-FOR-US: Joomla
 CVE-2025-12221 (Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU ...)
@@ -10816,6 +10818,7 @@ CVE-2025-9054 (The MultiLoca - WooCommerce Multi Locations Inventory Management
 CVE-2025-9031 (Observable Timing Discrepancy vulnerability in DivvyDrive Information  ...)
 	NOT-FOR-US: DivvyDrive Web
 CVE-2025-8869 (When extracting a tar archive pip may not check symbolic links point i ...)
+	{DLA-4348-1}
 	- python-pip 25.3+dfsg-1 (bug #1116336)
 	NOTE: https://github.com/pypa/pip/pull/13550
 	NOTE: Merge commit: https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a (25.3)
@@ -27261,7 +27264,7 @@ CVE-2025-32932 (An Improper neutralization of input during web page generation (
 CVE-2025-32766 (A stack-based buffer overflow vulnerability [CWE-121] in Fortinet Fort ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-32086 (Improperly implemented security check for standard in the DDRIO config ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -27296,7 +27299,7 @@ CVE-2025-26470 (Incorrect default permissions for some Intel(R) Distribution for
 CVE-2025-26404 (Uncontrolled search path for some Intel(R) DSA software before version ...)
 	NOT-FOR-US: Intel
 CVE-2025-26403 (Out-of-bounds write in the memory subsystem for some Intel(R) Xeon(R)  ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01367.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -27345,7 +27348,7 @@ CVE-2025-24323 (Improper access control in some firmware package and LED mode to
 CVE-2025-24313 (Improper access control for some Device Plugins for Kubernetes softwar ...)
 	NOT-FOR-US: Intel
 CVE-2025-24305 (Insufficient control flow management in the Alias Checking Trusted Mod ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -27360,19 +27363,19 @@ CVE-2025-23241 (Integer overflow or wraparound in the Linux kernel-mode driver f
 CVE-2025-22893 (Insufficient control flow management in the Linux kernel-mode driver f ...)
 	NOT-FOR-US: Intel
 CVE-2025-22889 (Improper handling of overlap between protected memory ranges for some  ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01311.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
 CVE-2025-22853 (Improper synchronization in the firmware for some Intel(R) TDX may all ...)
 	NOT-FOR-US: Intel
 CVE-2025-22840 (Sequence of processor instructions leads to unexpected behavior for so ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01308.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
 CVE-2025-22839 (Insufficient granularity of access control in the OOB-MSM for some Int ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01310.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -27391,7 +27394,7 @@ CVE-2025-21096 (Improper buffer restrictions in the firmware for some Intel(R) T
 CVE-2025-21093 (Uncontrolled search path element for some Intel(R) Driver & Suppor ...)
 	NOT-FOR-US: Intel
 CVE-2025-21090 (Missing reference to active allocated resource for some Intel(R) Xeon( ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -27404,7 +27407,7 @@ CVE-2025-20625 (Improper conditions check for some Intel(R) PROSet/Wireless WiFi
 CVE-2025-20613 (Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmw ...)
 	NOT-FOR-US: Intel
 CVE-2025-20109 (Improper Isolation or Compartmentalization in the stream cache mechani ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01249.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -27425,7 +27428,7 @@ CVE-2025-20074 (Time-of-check Time-of-use race condition for some Intel(R) Conne
 CVE-2025-20067 (Observable timing discrepancy in firmware for some Intel(R) CSME and I ...)
 	NOT-FOR-US: Intel
 CVE-2025-20053 (Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmw ...)
-	{DSA-6030-1}
+	{DSA-6030-1 DLA-4347-1}
 	- intel-microcode 3.20250812.1 (bug #1110983)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01313.html
 	NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250812
@@ -212153,6 +212156,7 @@ CVE-2023-5758 (When opening a page in reader mode, the redirect URL could have c
 	- firefox <not-affected> (Only affects Firefox on iOS)
 	NOTE: https://www.mozilla.org/security/advisories/mfsa2023-48/
 CVE-2023-5752 (When installing a package from a Mercurial VCS URL  (ie "pip install   ...)
+	{DLA-4348-1}
 	- python-pip 23.3+dfsg-1
 	[bookworm] - python-pip <no-dsa> (Minor issue)
 	[buster] - python-pip <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ddfccb19d465510784b72ed24e7f7255cccd2a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4ddfccb19d465510784b72ed24e7f7255cccd2a7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251026/6b222748/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list