[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Thu Oct 30 11:48:16 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03b27dad by Moritz Muehlenhoff at 2025-10-30T12:09:39+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1600,6 +1600,8 @@ CVE-2025-34293 (GN4 Publishing System versions prior to 2.6 contain an insecure
 	NOT-FOR-US: GN4 Publishing System
 CVE-2025-12194 (Uncontrolled Resource Consumption vulnerability in Legion of the Bounc ...)
 	- bouncycastle <unfixed> (bug #1118945)
+	[trixie] - bouncycastle <no-dsa> (Minor issue)
+	[bookworm] - bouncycastle <no-dsa> (Minor issue)
 	[bullseye] - bouncycastle <ignored> (Minor issue)
 	NOTE: Fixed by: https://github.com/bcgit/bc-lts-java/commit/f2776feac0c30230f7a5ac34eb24f5019caf0324 (r2rv73dot8)
 	NOTE: Followup: https://github.com/bcgit/bc-lts-java/commit/2c9be6c64152ce48c6afc784c042a514be71ec71 (r2rv73dot8)
@@ -4078,6 +4080,8 @@ CVE-2025-61907 (Icinga 2 is an open source monitoring system. In Icinga 2 versio
 	NOTE: https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
 CVE-2025-61789 (Icinga DB Web provides a graphical interface for Icinga monitoring. Be ...)
 	- icingadb-web 1.2.3-1
+	[trixie] - icingadb-web <no-dsa> (Minor issue)
+	[bookworm] - icingadb-web <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429
 	NOTE: Fixed by: https://github.com/Icinga/icingadb-web/commit/5e982dad40ec379075307ab1693580138e675b18 (v1.2.3)
 	NOTE: Fixed by: https://github.com/Icinga/icingadb-web/commit/79fc07e7ee4c3d43981487753e82d1f22e956dce (v1.1.4)
@@ -12382,6 +12386,8 @@ CVE-2025-9031 (Observable Timing Discrepancy vulnerability in DivvyDrive Informa
 CVE-2025-8869 (When extracting a tar archive pip may not check symbolic links point i ...)
 	{DLA-4348-1}
 	- python-pip 25.3+dfsg-1 (bug #1116336)
+	[trixie] - python-pip <no-dsa> (Minor issue)
+	[bookworm] - python-pip <no-dsa> (Minor issue)
 	NOTE: https://github.com/pypa/pip/pull/13550
 	NOTE: Merge commit: https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a (25.3)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/


=====================================
data/dsa-needed.txt
=====================================
@@ -48,6 +48,8 @@ php-laravel-framework/oldstable
 --
 python-django
 --
+rails
+--
 rtpengine
   Victor Seva prepared a debdiff for trixie-security for review, bookworm-security debdiff missing
 --
@@ -58,7 +60,7 @@ ruby-saml/oldstable
 --
 sogo/oldstable
 --
-squid
+squid (jmm)
   Bastien Roucaries (rouca) offered help in preparing the update
 --
 sympa/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b27dad92e0f53b6cbc2043802c93421f4d9722

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03b27dad92e0f53b6cbc2043802c93421f4d9722
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251030/d002197c/attachment-0001.htm>
