[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2eff805d by security tracker role at 2025-10-29T08:13:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2025-62727
+CVE-2025-9544 (The Doppler Forms WordPress plugin through 2.5.1 registers an AJAX act ...)
+	TODO: check
+CVE-2025-64296 (Missing Authorization vulnerability in Facebook Facebook for WooCommer ...)
+	TODO: check
+CVE-2025-64162
+	REJECTED
+CVE-2025-64161
+	REJECTED
+CVE-2025-64160
+	REJECTED
+CVE-2025-64159
+	REJECTED
+CVE-2025-64158
+	REJECTED
+CVE-2025-64095 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+	TODO: check
+CVE-2025-64094 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+	TODO: check
+CVE-2025-62802 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
+	TODO: check
+CVE-2025-62801 (FastMCP is the standard framework for building MCP applications. Versi ...)
+	TODO: check
+CVE-2025-62800 (FastMCP is the standard framework for building MCP applications. Versi ...)
+	TODO: check
+CVE-2025-62798 (Sharp is a content management framework built for Laravel as a package ...)
+	TODO: check
+CVE-2025-62796 (PrivateBin is an online pastebin where the server has zero knowledge o ...)
+	TODO: check
+CVE-2025-62794 (GitHub Workflow Updater is a VS Code extension that automatically pins ...)
+	TODO: check
+CVE-2025-62776 (The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue wit ...)
+	TODO: check
+CVE-2025-62368 (Taiga is an open source project management platform. In versions 6.8.3 ...)
+	TODO: check
+CVE-2025-61598 (Discourse is an open source discussion platform. Version before 3.6.2  ...)
+	TODO: check
+CVE-2025-57931 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box a ...)
+	TODO: check
+CVE-2025-4665 (WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 ...)
+	TODO: check
+CVE-2025-49042 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
+	TODO: check
+CVE-2025-43017 (HP ThinPro 8.1 System management application failed to verify user's t ...)
+	TODO: check
+CVE-2025-11705 (The Anti-Malware Security and Brute-Force Firewall plugin for WordPres ...)
+	TODO: check
+CVE-2025-11375 (Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) event endpoin ...)
+	TODO: check
+CVE-2025-11374 (Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) key/value end ...)
+	TODO: check
+CVE-2023-7320 (The WooCommerce plugin for WordPress is vulnerable to Sensitive Inform ...)
+	TODO: check
+CVE-2025-62727 (Starlette is a lightweight ASGI framework/toolkit. Prior to 0.49.1 , a ...)
 	- starlette <unfixed>
 	NOTE: https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8
 	NOTE: Fixed by: https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5 (0.49.1)
@@ -362,6 +414,7 @@ CVE-2025-40025 (In the Linux kernel, the following vulnerability has been resolv
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/c18ecd99e0c707ef8f83cace861cbc3162f4fdf1 (6.18-rc1)
 CVE-2025-62231
+	{DSA-6044-1}
 	- xorg-server <unfixed>
 	- xwayland <unfixed>
 	[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -370,6 +423,7 @@ CVE-2025-62231
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa (xorg-server-21.1.19)
 CVE-2025-62230
+	{DSA-6044-1}
 	- xorg-server <unfixed>
 	- xwayland <unfixed>
 	[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -380,6 +434,7 @@ CVE-2025-62230
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175 (xorg-server-21.1.19)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839 (xorg-server-21.1.19)
 CVE-2025-62229
+	{DSA-6044-1}
 	- xorg-server <unfixed>
 	- xwayland <unfixed>
 	[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -1491,7 +1546,8 @@ CVE-2025-6978 (Diagnostics command injection vulnerability)
 	NOT-FOR-US: Arista Networks
 CVE-2025-62820 (Slack Nebula before 1.9.7 mishandles CIDR in some configurations and t ...)
 	NOT-FOR-US: Slack Nebula
-CVE-2025-62813 (LZ4 through 1.10.0 allows attackers to cause a denial of service (appl ...)
+CVE-2025-62813
+	REJECTED
 	- lz4 1.10.0-5 (bug #1118757)
 	[trixie] - lz4 <no-dsa> (Minor issue)
 	[bookworm] - lz4 <no-dsa> (Minor issue)
@@ -1536,6 +1592,7 @@ CVE-2025-62707 (pypdf is a free and open-source pure-python PDF library. Prior t
 	NOTE: Introduced with: https://github.com/py-pdf/pypdf/commit/23a81baad19e14ecaaa1949e52edd531b1c49efd (4.3.0)
 	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8 (6.1.3)
 CVE-2025-62706 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	{DLA-4352-1}
 	- python-authlib 1.6.5-1
 	NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m
 	NOTE: Fixed by: https://github.com/authlib/authlib/commit/4b5b5703394608124cd39e547cc7829feda05a13 (v1.6.5)
@@ -1714,7 +1771,7 @@ CVE-2025-11447 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
 	- gitlab <unfixed>
 CVE-2025-10497 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
 	- gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-11702
+CVE-2025-11702 (GitLab has remediated an issue in EE affecting all versions from 17.1  ...)
 	- gitlab <not-affected> (Specific to EE)
 CVE-2025-59024
 	- pdns-recursor 5.3.1-1 (bug #1118751)
@@ -3738,7 +3795,7 @@ CVE-2025-52583 (Reflected cross-site scripting (XSS) vulnerability in desknet's
 	NOT-FOR-US: desknet
 CVE-2025-46752 (A insertion of sensitive information into log file in Fortinet FortiDL ...)
 	NOT-FOR-US: Fortinet
-CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail to prop ...)
+CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail to prop ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2025-41410 (Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 10.11.x <=  ...)
 	- mattermost-server <itp> (bug #823556)
@@ -5666,6 +5723,7 @@ CVE-2025-61921 (Sinatra is a domain-specific language for creating web applicati
 	NOTE: https://github.com/sinatra/sinatra/pull/2121
 	NOTE: https://bugs.ruby-lang.org/issues/19104
 CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	{DLA-4352-1}
 	- python-authlib 1.6.5-1
 	NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
 	NOTE: https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e (v1.6.5)
@@ -12797,6 +12855,7 @@ CVE-2025-59432 (SCRAM (Salted Challenge Response Authentication Mechanism) is pa
 CVE-2025-59430 (Mesh Connect JS SDK contains JS libraries for integrating with Mesh Co ...)
 	NOT-FOR-US: Node @meshconnect/web-link-sdk
 CVE-2025-59420 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
+	{DLA-4352-1}
 	- python-authlib 1.6.4-1
 	NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32
 	NOTE: https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df (v1.6.4)
@@ -30389,7 +30448,7 @@ CVE-2025-8517 (A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is
 	NOT-FOR-US: givanz Vvveb
 CVE-2025-8516 (A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Editi ...)
 	NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
-CVE-2025-8515 (A vulnerability was found in Intelbras InControl 2.21.60.9 and classif ...)
+CVE-2025-8515 (A weakness has been identified in Intelbras InControl 2.21.60.9. This  ...)
 	NOT-FOR-US: Intelbras
 CVE-2025-8341 (Grafana is an open-source platform for monitoring and observability. T ...)
 	NOT-FOR-US: Grafana plugin
@@ -154212,6 +154271,7 @@ CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upg
 CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x throug ...)
 	NOT-FOR-US: Mitel
 CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...)
+	{DLA-4352-1}
 	- python-authlib 1.3.1-1
 	[bookworm] - python-authlib <no-dsa> (Minor issue)
 	NOTE: https://github.com/lepture/authlib/issues/654



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eff805da41e7ad0ea02e605c420c41850ed4390

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eff805da41e7ad0ea02e605c420c41850ed4390
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251029/11641697/attachment-0001.htm>