[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Oct 26 20:12:57 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
373786bd by security tracker role at 2025-10-26T20:12:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2025-12285 (Missing Initial Password Change.This issue affects BLU-IC2: through 1. ...)
+	TODO: check
+CVE-2025-12284 (Lack of Input Validation in the web UI might lead to potential exploit ...)
+	TODO: check
+CVE-2025-12278 (Logout Functionality not Working.This issue affects BLU-IC2: through 1 ...)
+	TODO: check
+CVE-2025-12275 (Mail Configuration File Manipulation + Command Execution.This issue af ...)
+	TODO: check
 CVE-2025-8709 (A SQL injection vulnerability exists in the langchain-ai/langchain rep ...)
 	NOT-FOR-US: langchain-ai/langchain
 CVE-2025-55757 (A unauthenticated reflected XSS vulnerability in VirtueMart 1.0.0-4.4. ...)
@@ -607,7 +615,7 @@ CVE-2025-9158 (The Request Tracker software is vulnerable to a Stored XSS vulner
 	[bookworm] - request-tracker5 <not-affected> (Vulnerable code introduced later)
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/04b5694e6cd150492aa51b8edaba75f5997ea40c (rt-5.0.9)
 CVE-2025-61873
-	{DSA-6032-1 DSA-6031-1}
+	{DSA-6032-1 DSA-6031-1 DLA-4349-1}
 	- request-tracker5 5.0.7+dfsg-5
 	- request-tracker4 <unfixed>
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/cade8b90c696e8c08438be2cb469a78342b5cb0f (rt-5.0.9)
@@ -1660,7 +1668,7 @@ CVE-2025-61750 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-61749 (Vulnerability in the Unified Audit component of Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2025-61748 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DSA-6037-1}
+	{DSA-6039-1 DSA-6037-1}
 	- openjdk-21 21.0.9+10-1
 	- openjdk-25 25.0.1+8-1
 	NOTE: https://openjdk.org/groups/vulnerability/advisories/2025-10-21
@@ -1739,7 +1747,7 @@ CVE-2025-53068 (Vulnerability in the Oracle Solaris product of Oracle Systems (c
 CVE-2025-53067 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <not-affected> (Only affects 9.x)
 CVE-2025-53066 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DSA-6038-1 DSA-6037-1 DLA-4346-1 DLA-4345-1}
+	{DSA-6039-1 DSA-6038-1 DSA-6037-1 DLA-4346-1 DLA-4345-1}
 	- openjdk-8 <unfixed> (bug #1118944)
 	- openjdk-11 11.0.29+6-1
 	- openjdk-17 17.0.17+10-1
@@ -1765,7 +1773,7 @@ CVE-2025-53059 (Vulnerability in the PeopleSoft Enterprise PeopleTools product o
 CVE-2025-53058 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
 	NOT-FOR-US: Oracle
 CVE-2025-53057 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	{DSA-6038-1 DSA-6037-1 DLA-4346-1 DLA-4345-1}
+	{DSA-6039-1 DSA-6038-1 DSA-6037-1 DLA-4346-1 DLA-4345-1}
 	- openjdk-8 <unfixed> (bug #1118944)
 	- openjdk-11 11.0.29+6-1
 	- openjdk-17 17.0.17+10-1
@@ -3918,7 +3926,7 @@ CVE-2025-11721 (Memory safety bug present in Firefox 143 and Thunderbird 143. Th
 	- firefox 144.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11721
 CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3 ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -3926,7 +3934,7 @@ CVE-2025-11715 (Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11715
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11715
 CVE-2025-11714 (Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, T ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -3950,7 +3958,7 @@ CVE-2025-11718 (When the address bar was hidden due to scrolling on Android, a m
 	- firefox 144.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11718
 CVE-2025-11712 (A malicious page could have used the type attribute of an OBJECT tag t ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -3964,7 +3972,7 @@ CVE-2025-11716 (Links in a sandboxed iframe could open an external app on Androi
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/#CVE-2025-11716
 CVE-2025-11711 (There was a way to change the value of JavaScript Object properties th ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -3972,7 +3980,7 @@ CVE-2025-11711 (There was a way to change the value of JavaScript Object propert
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11711
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11711
 CVE-2025-11710 (A compromised web process using malicious IPC messages could have caus ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -3980,7 +3988,7 @@ CVE-2025-11710 (A compromised web process using malicious IPC messages could hav
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11710
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11710
 CVE-2025-11709 (A compromised web process was able to trigger out of bounds reads and  ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -3988,7 +3996,7 @@ CVE-2025-11709 (A compromised web process was able to trigger out of bounds read
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/#CVE-2025-11709
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/#CVE-2025-11709
 CVE-2025-11708 (Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerabilit ...)
-	{DSA-6025-1 DLA-4335-1}
+	{DSA-6040-1 DSA-6025-1 DLA-4335-1}
 	- firefox 144.0-1
 	- firefox-esr 140.4.0esr-1
 	- thunderbird 1:140.4.0esr-1
@@ -23825,6 +23833,7 @@ CVE-2025-24285 (Multiple Improper Input Validation vulnerabilities in UniFi Conn
 CVE-2024-57155 (Incorrect access control in radar v1.0.8 allows attackers to bypass au ...)
 	NOT-FOR-US: Radar risk engine
 CVE-2025-54988 (Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1. ...)
+	{DLA-4350-1}
 	- tika <unfixed> (bug #1111763)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/08/20/3
 	NOTE: Fixed by: https://github.com/apache/tika/commit/bfee6d5569fe9197c4ea947a96e212825184ca33 (main)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/373786bd521d5201cbf6ceba48da3a6d5cdc1a8a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/373786bd521d5201cbf6ceba48da3a6d5cdc1a8a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251026/a487ab43/attachment.htm>

More information about the debian-security-tracker-commits mailing list