[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Oct 26 19:38:06 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6d327c75 by Moritz Muehlenhoff at 2025-10-26T20:37:12+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -372,6 +372,8 @@ CVE-2025-62820 (Slack Nebula before 1.9.7 mishandles CIDR in some configurations
NOT-FOR-US: Slack Nebula
CVE-2025-62813 (LZ4 through 1.10.0 allows attackers to cause a denial of service (appl ...)
- lz4 <unfixed> (bug #1118757)
+ [trixie] - lz4 <no-dsa> (Minor issue)
+ [bookworm] - lz4 <no-dsa> (Minor issue)
NOTE: https://github.com/lz4/lz4/pull/1593
NOTE: https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82
CVE-2025-62812
@@ -1848,6 +1850,7 @@ CVE-2025-10020 (Zohocorp ManageEngine ADManager Plus version before 8024 are vul
NOT-FOR-US: Zoho
CVE-2022-4981 (A vulnerability was detected in DCMTK up to 3.6.7. The impacted elemen ...)
- dcmtk 3.6.8-5
+ [bookworm] - dcmtk <no-dsa> (Minor issue)
NOTE: https://support.dcmtk.org/redmine/issues/1026
NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/957fb31e5d96f51ecf5cb3422c7dc2227f8e0423 (DCMTK-3.6.8)
CVE-2020-36855 (A security vulnerability has been detected in DCMTK up to 3.6.5. The a ...)
@@ -4078,6 +4081,8 @@ CVE-2025-42901 (SAP Application Server for ABAP allows an authenticated attacker
NOT-FOR-US: SAP
CVE-2025-11731 (A flaw was found in the exsltFuncResultComp() function of libxslt, whi ...)
- libxslt 1.1.43-0.3 (bug #1118078)
+ [trixie] - libxslt <no-dsa> (Minor issue)
+ [bookworm] - libxslt <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/151
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3
CVE-2025-11623 (SQL injection in Ivanti Endpoint Manager allows a remote authenticated ...)
@@ -8106,22 +8111,22 @@ CVE-2025-54291 (Information disclosure in images API in Canonical LXD before 6.5
{DSA-6027-1}
- incus 6.0.5-1
- lxd <removed>
- [trixie] - lxd <no-dsa> (Minor issue, no fixed planned by upstream for 5.0)
- [bookworm] - lxd <no-dsa> (Minor issue, no fixed planned by upstream for 5.0)
+ [trixie] - lxd <ignored> (Minor issue, no fixed planned by upstream for 5.0)
+ [bookworm] - lxd <ignored> (Minor issue, no fixed planned by upstream for 5.0)
NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7
CVE-2025-54290 (Information disclosure in image export API in Canonical LXD before 6.5 ...)
{DSA-6027-1}
- incus 6.0.5-1
- lxd <removed>
- [trixie] - lxd <no-dsa> (Minor issue, no fixed planned by upstream for 5.0)
- [bookworm] - lxd <no-dsa> (Minor issue, no fixed planned by upstream for 5.0)
+ [trixie] - lxd <ignored> (Minor issue, no fixed planned by upstream for 5.0)
+ [bookworm] - lxd <ignored> (Minor issue, no fixed planned by upstream for 5.0)
NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-p3x5-mvmp-5f35
CVE-2025-54289 (Privilege Escalation in operations API in Canonical LXD <6.5 on multip ...)
{DSA-6027-1}
- incus 6.0.5-1
- lxd <removed>
- [trixie] - lxd <no-dsa> (Minor issue, no fixed planned by upstream for 5.0)
- [bookworm] - lxd <no-dsa> (Minor issue, no fixed planned by upstream for 5.0)
+ [trixie] - lxd <ignored> (Minor issue, no fixed planned by upstream for 5.0)
+ [bookworm] - lxd <ignored> (Minor issue, no fixed planned by upstream for 5.0)
NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-3g72-chj4-2228
CVE-2025-54288 (Information Spoofing in devLXD Server in Canonical LXD versions 4.0 an ...)
{DSA-6028-1 DSA-6027-1}
@@ -256819,6 +256824,7 @@ CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions sta
CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...)
- resteasy <unfixed> (bug #1031728)
- resteasy3.0 <unfixed> (bug #1031729)
+ [trixie] - resteasy3.0 <ignored> (Minor issue, no reverse deps in Bookworm)
[bookworm] - resteasy3.0 <ignored> (Minor issue, no reverse deps in Bookworm)
[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
[buster] - resteasy3.0 <no-dsa> (Minor issue)
@@ -435113,6 +435119,7 @@ CVE-2020-25634 (A flaw was found in Red Hat 3scale\u2019s API docs URL, where it
CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...)
- resteasy <unfixed> (bug #970585)
- resteasy3.0 <unfixed> (bug #1014983)
+ [trixie] - resteasy3.0 <ignored> (Minor issue, no reverse deps in Bookworm)
[bookworm] - resteasy3.0 <ignored> (Minor issue)
[bullseye] - resteasy3.0 <ignored> (Minor issue)
[buster] - resteasy3.0 <ignored> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -35,7 +35,7 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
--
-mbedtls/oldstable
+mbedtls
--
mediawiki (jmm)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d327c75eb1f2703934d7f7bd0d2c8d554c6c461
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d327c75eb1f2703934d7f7bd0d2c8d554c6c461
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251026/5ca88b8b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list