[Git][security-tracker-team/security-tracker][master] 2 commits: Mark samba issues as no-dsa as discussed with maintainer

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Oct 27 19:12:17 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a4f968f9 by Salvatore Bonaccorso at 2025-10-27T20:10:39+01:00
Mark samba issues as no-dsa as discussed with maintainer

- - - - -
71b3aa97 by Salvatore Bonaccorso at 2025-10-27T20:10:39+01:00
Track proposed update via trixie-pu for samba

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3315,10 +3315,14 @@ CVE-2025-10038 (The Binary MLM Plan plugin for WordPress is vulnerable to limite
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module, where unin ...)
 	- samba 2:4.23.2+dfsg-1
+	[trixie] - samba <no-dsa> (Minor issue; will be fixed via point release)
+	[bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15885
 CVE-2025-10230 [Command injection via WINS server hook script]
 	- samba 2:4.23.2+dfsg-1
+	[trixie] - samba <no-dsa> (Minor issue; will be fixed via point release)
+	[bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
 	[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA DSA-5477-1)
 	NOTE: https://www.samba.org/samba/security/CVE-2025-10230.html
 	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15903


=====================================
data/dsa-needed.txt
=====================================
@@ -59,8 +59,6 @@ ruby-rack
 ruby-saml/oldstable
   Utkarsh Gupta might work on an update
 --
-samba (carnil)
---
 sogo/oldstable
 --
 squid


=====================================
data/next-point-update.txt
=====================================
@@ -61,3 +61,7 @@ CVE-2025-62171
 	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u3
 CVE-2025-30187
 	[trixie] - dnsdist 1.9.10-1+deb13u1
+CVE-2025-9640
+	[trixie] - samba 2:4.22.6+dfsg-0+deb13u1
+CVE-2025-10230
+	[trixie] - samba 2:4.22.6+dfsg-0+deb13u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/86fe8993e3086363ab122b4ddbe7e0fe1ccca825...71b3aa9713f03a02ef4b643647f187d83c8dd7b2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/86fe8993e3086363ab122b4ddbe7e0fe1ccca825...71b3aa9713f03a02ef4b643647f187d83c8dd7b2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251027/c3024a82/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list