[Git][security-tracker-team/security-tracker][master] 2 commits: Merge changes for updates with CVEs via trixie 13.1

Sat Sep 6 11:14:02 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c8dd6ff by Salvatore Bonaccorso at 2025-09-06T11:27:25+02:00
Merge changes for updates with CVEs via trixie 13.1

- - - - -
20fd0ded by Salvatore Bonaccorso at 2025-09-06T12:13:55+02:00
Merge branch 'trixie-13.1' into 'master'

Merge changes accepted for trixie 13.1 release

See merge request security-tracker-team/security-tracker!243
- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2789,7 +2789,7 @@ CVE-2024-13987 (Improper neutralization of input during web page generation ('Cr
 	NOT-FOR-US: Synology
 CVE-2025-40927 (CGI::Simple versions before 1.282 for Perl has a HTTP response splitti ...)
 	- libcgi-simple-perl 1.282-1
-	[trixie] - libcgi-simple-perl <no-dsa> (Minor issue)
+	[trixie] - libcgi-simple-perl 1.282-1~deb13u1
 	[bookworm] - libcgi-simple-perl <no-dsa> (Minor issue)
 	[bullseye] - libcgi-simple-perl <postponed> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/32357435/
@@ -3406,7 +3406,7 @@ CVE-2024-37777 (O2OA v9.0.3 was discovered to contain a remote code execution (R
 	NOT-FOR-US: O2OA
 CVE-2025-58050 (The PCRE2 library is a set of C functions that implement regular expre ...)
 	- pcre2 10.46-1 (bug #1112278)
-	[trixie] - pcre2 <no-dsa> (Minor issue, will be fixed via point release)
+	[trixie] - pcre2 10.46-1~deb13u1
 	[bookworm] - pcre2 <not-affected> (Vulnerable code not present)
 	[bullseye] - pcre2 <not-affected> (Vulnerable code not present)
 	NOTE: Introduced with: https://github.com/PCRE2Project/pcre2/commit/237899fd0e35709b4cf767e06a19e569e1888f74 (pcre2-10.45-RC1)
@@ -6281,7 +6281,7 @@ CVE-2025-55293 (Meshtastic is an open source mesh networking solution. Prior to
 	NOT-FOR-US: Meshtastic
 CVE-2025-55291 (Shaarli is a minimalist bookmark manager and link sharing service. Pri ...)
 	- shaarli 0.15.0+dfsg-1 (bug #1111589)
-	[trixie] - shaarli <no-dsa> (Minor issue, will be fixed in point release)
+	[trixie] - shaarli 0.14.0+dfsg-2
 	[bookworm] - shaarli <no-dsa> (Minor issue, will be fixed in point release)
 	NOTE: https://github.com/shaarli/Shaarli/security/advisories/GHSA-7w7w-pw4j-265h
 	NOTE: https://github.com/shaarli/Shaarli/commit/66faa61335a6e72184be64092ff1242ffa4fe5b6 (v0.15.0)
@@ -6843,7 +6843,7 @@ CVE-2025-55203 (Plane is open-source project management software. Prior to versi
 CVE-2025-54989 (Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, an ...)
 	{DSA-5992-1 DLA-4282-1}
 	- firebird3.0 3.0.13.ds7-1 (bug #1111321)
-	[trixie] - firebird3.0 <no-dsa> (Minor issue)
+	[trixie] - firebird3.0 3.0.12.ds7-13+deb13u1
 	[bookworm] - firebird3.0 <no-dsa> (Minor issue)
 	- firebird4.0 4.0.6.3221.ds6-1 (bug #1111320)
 	NOTE: https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
@@ -7545,7 +7545,7 @@ CVE-2023-43683 (An issue was discovered in Malwarebytes 4.6.14.326 and before 5.
 CVE-2025-8715 (Improper neutralization of newlines in pg_dump in PostgreSQL allows a  ...)
 	{DLA-4273-1}
 	- postgresql-17 17.6-1
-	[trixie] - postgresql-17 <no-dsa> (Minor issue)
+	[trixie] - postgresql-17 17.6-0+deb13u1
 	- postgresql-15 <removed>
 	[bookworm] - postgresql-15 <no-dsa> (Minor issue)
 	- postgresql-13 <removed>
@@ -7554,7 +7554,7 @@ CVE-2025-8715 (Improper neutralization of newlines in pg_dump in PostgreSQL allo
 CVE-2025-8714 (Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious s ...)
 	{DLA-4273-1}
 	- postgresql-17 17.6-1
-	[trixie] - postgresql-17 <no-dsa> (Minor issue)
+	[trixie] - postgresql-17 17.6-0+deb13u1
 	- postgresql-15 <removed>
 	[bookworm] - postgresql-15 <no-dsa> (Minor issue)
 	- postgresql-13 <removed>
@@ -7563,7 +7563,7 @@ CVE-2025-8714 (Untrusted data inclusion in pg_dump in PostgreSQL allows a malici
 CVE-2025-8713 (PostgreSQL optimizer statistics allow a user to read sampled data with ...)
 	{DLA-4273-1}
 	- postgresql-17 17.6-1
-	[trixie] - postgresql-17 <no-dsa> (Minor issue)
+	[trixie] - postgresql-17 17.6-0+deb13u1
 	- postgresql-15 <removed>
 	[bookworm] - postgresql-15 <no-dsa> (Minor issue)
 	- postgresql-13 <removed>
@@ -7956,7 +7956,7 @@ CVE-2024-10219 (An issue has been discovered in GitLab CE/EE affecting all versi
 CVE-2025-53859 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_ ...)
 	[experimental] - nginx 1.28.0-2
 	- nginx 1.28.0-3 (bug #1111138)
-	[trixie] - nginx <no-dsa> (Minor issue, will be fixed via point update)
+	[trixie] - nginx 1.26.3-3+deb13u1
 	[bookworm] - nginx <no-dsa> (Minor issue, will be fixed via point update)
 	[bullseye] - nginx <postponed> (minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/08/13/5
@@ -9191,7 +9191,7 @@ CVE-2022-50233 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/dd7b8cdde098cf9f7c8de409b5b7bbb98f97be80 (6.0-rc1)
 CVE-2025-7039 (A flaw was found in glib. An integer overflow during temporary file cr ...)
 	- glib2.0 2.84.4-1 (bug #1110640)
-	[trixie] - glib2.0 <no-dsa> (Minor issue)
+	[trixie] - glib2.0 2.84.4-3~deb13u1
 	[bookworm] - glib2.0 <no-dsa> (Minor issue)
 	[bullseye] - glib2.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3716
@@ -9585,7 +9585,7 @@ CVE-2025-54799 (Let's Encrypt client and ACME library written in Go (Lego). In v
 CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In versions ...)
 	{DLA-4268-1}
 	- node-tmp 0.2.2+dfsg+~0.2.3-1.1 (bug #1110532)
-	[trixie] - node-tmp <no-dsa> (Minor issue)
+	[trixie] - node-tmp 0.2.2+dfsg+~0.2.3-1.1~deb13u1
 	[bookworm] - node-tmp <no-dsa> (Minor issue)
 	NOTE: https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
 	NOTE: https://github.com/raszi/node-tmp/issues/207
@@ -10652,7 +10652,7 @@ CVE-2025-54351 (In iperf before 3.19.1, net.c has a buffer overflow when --skip-
 CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion fail ...)
 	{DLA-4281-1}
 	- iperf3 3.19.1-1 (bug #1110376)
-	[trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
+	[trixie] - iperf3 3.18-2+deb13u1
 	[bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
 	NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0002.txt.asc
 	NOTE: Introduced with https://github.com/esnet/iperf/commit/a51045de196f762fb74c86184b03da148c4e8f07 (3.2rc1)
@@ -10661,7 +10661,7 @@ CVE-2025-54350 (In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertio
 CVE-2025-54349 (In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resul ...)
 	{DLA-4281-1}
 	- iperf3 3.19.1-1 (bug #1110376)
-	[trixie] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
+	[trixie] - iperf3 3.18-2+deb13u1
 	[bookworm] - iperf3 <no-dsa> (Minor issue; requires enabled SSL authentication; will be fixed via point release)
 	NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2025-0003.txt.asc
 	NOTE: Introduced with https://github.com/esnet/iperf/commit/a51045de196f762fb74c86184b03da148c4e8f07 (3.2rc1)
@@ -14682,7 +14682,7 @@ CVE-2025-7395 (A certificate verification error in wolfSSL when building with th
 CVE-2025-7394 (In the OpenSSL compatibility layer implementation, the function RAND_p ...)
 	[experimental] - wolfssl 5.7.2-0.3
 	- wolfssl 5.7.2-0.4 (bug #1109549)
-	[trixie] - wolfssl <no-dsa> (Minor issue; can be fixed via point release)
+	[trixie] - wolfssl 5.7.2-0.1+deb13u1
 	[bookworm] - wolfssl <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://github.com/wolfSSL/wolfssl/pull/8849
 	NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/0c12337194ee6dd082f082f0ccaed27fc4ee44f5 (v5.8.2-stable)
@@ -15051,7 +15051,7 @@ CVE-2023-41566 (OA EKP v16 was discovered to contain an arbitrary download vulne
 	NOT-FOR-US: OA EKP
 CVE-2025-54874 (OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earl ...)
 	- openjpeg2 2.5.3-2.1 (bug #1110443)
-	[trixie] - openjpeg2 <no-dsa> (Minor issue; can be fixed in point release)
+	[trixie] - openjpeg2 2.5.3-2.1~deb13u1
 	[bookworm] - openjpeg2 <not-affected> (Vulnerable code introduced later)
 	[bullseye] - openjpeg2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/uclouvain/openjpeg/pull/1573
@@ -16017,7 +16017,7 @@ CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make
 	NOT-FOR-US: Shopify extension
 CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
-	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <postponed> (Minor issue; OOB write through CLI parameters)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
@@ -16025,14 +16025,14 @@ CVE-2025-53101 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/643deeb60803488373cd4799b24d5786af90972e (6.9.13-26)
 CVE-2025-53019 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
-	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <postponed> (Minor issue; memory leak)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c (7.1.2-0)
 CVE-2025-53015 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
-	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
@@ -16041,7 +16041,7 @@ CVE-2025-53015 (ImageMagick is free and open-source software used for editing an
 	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/fc4f67bb1b8eb1b61ae70e401482844086949721 (7.1.1-7)
 CVE-2025-53014 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.1.47+dfsg1-2 (bug #1109339)
-	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <no-dsa> (Minor issue)
 	[bullseye] - imagemagick <postponed> (Minor issue; OOB read in CLI)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
@@ -18374,7 +18374,7 @@ CVE-2025-48386 (Git is a fast, scalable, distributed revision control system wit
 	NOTE: Fixed by: https://github.com/git/git/commit/9de345cb273cc7faaeda279c7e07149d8a15a319 (v2.43.7)
 CVE-2025-48385 (Git is a fast, scalable, distributed revision control system with an u ...)
 	- git 1:2.50.1-0.1 (bug #1108983)
-	[trixie] - git <no-dsa> (Will be fixed in point release)
+	[trixie] - git 1:2.47.3-0+deb13u1
 	[bookworm] - git <no-dsa> (Will be fixed in point release)
 	[bullseye] - git <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655
@@ -18382,14 +18382,14 @@ CVE-2025-48385 (Git is a fast, scalable, distributed revision control system wit
 	NOTE: Fixed by: https://github.com/git/git/commit/35cb1bb0b92c132249d932c05bbd860d410e12d4 (v2.43.7)
 CVE-2025-48384 (Git is a fast, scalable, distributed revision control system with an u ...)
 	- git 1:2.50.1-0.1 (bug #1108983)
-	[trixie] - git <no-dsa> (Will be fixed in point release)
+	[trixie] - git 1:2.47.3-0+deb13u1
 	[bookworm] - git <no-dsa> (Will be fixed in point release)
 	NOTE: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9
 	NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
 	NOTE: Fixed by: https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 (2.43.7)
 CVE-2025-46835 (Git GUI allows you to use the Git source control management tools via  ...)
 	- git 1:2.50.1-0.1 (bug #1108983)
-	[trixie] - git <no-dsa> (Will be fixed in point release)
+	[trixie] - git 1:2.47.3-0+deb13u1
 	[bookworm] - git <no-dsa> (Will be fixed in point release)
 	NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
 	NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
@@ -18399,7 +18399,7 @@ CVE-2025-46334 (Git GUI allows you to use the Git source control management tool
 	NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
 CVE-2025-27614 (Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Gi ...)
 	- git 1:2.50.1-0.1 (bug #1108983)
-	[trixie] - git <no-dsa> (Will be fixed in point release)
+	[trixie] - git 1:2.47.3-0+deb13u1
 	[bookworm] - git <not-affected> (Vulnerable code not present)
 	[bullseye] - git <not-affected> (Vulnerable code not present)
 	NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
@@ -18408,7 +18408,7 @@ CVE-2025-27614 (Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0
 	NOTE: Fixed by: https://github.com/git/git/commit/8e3070aa5e331be45d4d03e3be41f84494fce129 (v2.43.7)
 CVE-2025-27613 (Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when  ...)
 	- git 1:2.50.1-0.1 (bug #1108983)
-	[trixie] - git <no-dsa> (Will be fixed in point release)
+	[trixie] - git 1:2.47.3-0+deb13u1
 	[bookworm] - git <no-dsa> (Will be fixed in point release)
 	NOTE: https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/
 	NOTE: Merge commit: https://github.com/git/git/commit/d61cfed2c23705fbeb9c0d08f59e75ee08738950 (v2.43.7)
@@ -41701,7 +41701,7 @@ CVE-2025-46394 (In tar in BusyBox through 1.37.0, a TAR archive can have filenam
 	NOTE: Proposed patch: https://lists.busybox.net/pipermail/busybox/2025-April/091461.html
 CVE-2025-46393 (In multispectral MIFF image processing in ImageMagick before 7.1.1-44, ...)
 	- imagemagick 8:7.1.1.46+dfsg1-1
-	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick <not-affected> (Vulnerable code introduced later)
 	[bullseye] - imagemagick <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8fbf695f3ebe89058d3444c6440405a085a47a29 (7.1.0-30)
@@ -41715,7 +41715,7 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security
 CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...)
 	{DLA-4139-1}
 	- imagemagick 8:7.1.1.46+dfsg1-1
-	[trixie] - imagemagick <no-dsa> (Minor issue)
+	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
 	[bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 (7.1.1-44)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a (6.9.13-22)
@@ -128309,7 +128309,7 @@ CVE-2024-38518 (BigBlueButton is an open-source virtual classroom designed to he
 CVE-2019-25211 (parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandle ...)
 	{DLA-4285-1}
 	- golang-github-gin-contrib-cors 1.7.6-1 (bug #1075962)
-	[trixie] - golang-github-gin-contrib-cors <no-dsa> (Minor issue)
+	[trixie] - golang-github-gin-contrib-cors 1.4.0-1+deb13u1
 	[bookworm] - golang-github-gin-contrib-cors <no-dsa> (Minor issue)
 	NOTE: https://github.com/gin-contrib/cors/pull/57
 	NOTE: https://github.com/gin-contrib/cors/pull/106
@@ -152916,7 +152916,7 @@ CVE-2024-31031 (An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to ca
 	- libcoap <not-affected> (Vulnerable code not present)
 	- libcoap2 <not-affected> (Vulnerable code not present)
 	- libcoap3 4.3.5-1 (bug #1070362)
-	[trixie] - libcoap3 <no-dsa> (Will be fixed via point update)
+	[trixie] - libcoap3 4.3.4-1.1+deb13u1
 	[bookworm] - libcoap3 <ignored> (Minor issue, no reverse deps in Bookworm)
 	NOTE: https://github.com/obgm/libcoap/issues/1351
 	NOTE: https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928 (v4.3.5-rc1)
@@ -175697,7 +175697,7 @@ CVE-2024-23738 (An issue in Postman version 10.22 and before on macOS allows a r
 	NOT-FOR-US: Postman on MacOS
 CVE-2024-0962 (A vulnerability was found in obgm libcoap 4.3.4. It has been rated as  ...)
 	- libcoap3 4.3.5-1 (bug #1061704)
-	[trixie] - libcoap3 <no-dsa> (Will be fixed via point update)
+	[trixie] - libcoap3 4.3.4-1.1+deb13u1
 	[bookworm] - libcoap3 <not-affected> (Vulnerable code not present)
 	- libcoap2 <not-affected> (Vulnerable code not present)
 	- libcoap <not-affected> (Vulnerable code not present)


=====================================
data/next-point-update.txt
=====================================
@@ -1,61 +1,3 @@
-CVE-2025-53014
-	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
-CVE-2025-53015
-	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
-CVE-2025-53019
-	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
-CVE-2025-53101
-	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
-CVE-2025-43965
-	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
-CVE-2025-46393
-	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u1
-CVE-2025-7394
-	[trixie] - wolfssl 5.7.2-0.1+deb13u1
-CVE-2025-8713
-	[trixie] - postgresql-17 17.6-0+deb13u1
-CVE-2025-8714
-	[trixie] - postgresql-17 17.6-0+deb13u1
-CVE-2025-8715
-	[trixie] - postgresql-17 17.6-0+deb13u1
-CVE-2025-27613
-	[trixie] - git 1:2.47.3-0+deb13u1
-CVE-2025-27614
-	[trixie] - git 1:2.47.3-0+deb13u1
-CVE-2025-46835
-	[trixie] - git 1:2.47.3-0+deb13u1
-CVE-2025-48384
-	[trixie] - git 1:2.47.3-0+deb13u1
-CVE-2025-48385
-	[trixie] - git 1:2.47.3-0+deb13u1
-CVE-2025-7039
-	[trixie] - glib2.0 2.84.4-3~deb13u1
-CVE-2025-54874
-	[trixie] - openjpeg2 2.5.3-2.1~deb13u1
-CVE-2025-54798
-	[trixie] - node-tmp 0.2.2+dfsg+~0.2.3-1.1~deb13u1
-CVE-2025-50200
-	[trixie] - rabbitmq-server 4.0.5-6+deb13u2
-CVE-2019-25211
-	[trixie] - golang-github-gin-contrib-cors 1.4.0-1+deb13u1
-CVE-2025-54989
-	[trixie] - firebird3.0 3.0.12.ds7-13+deb13u1
-CVE-2025-54350
-	[trixie] - iperf3 3.18-2+deb13u1
-CVE-2025-54349
-	[trixie] - iperf3 3.18-2+deb13u1
-CVE-2025-58050
-	[trixie] - pcre2 10.46-1~deb13u1
-CVE-2025-40927
-	[trixie] - libcgi-simple-perl 1.282-1~deb13u1
-CVE-2024-0962
-	[trixie] - libcoap3 4.3.4-1.1+deb13u1
-CVE-2024-31031
-	[trixie] - libcoap3 4.3.4-1.1+deb13u1
-CVE-2025-53859
-	[trixie] - nginx 1.26.3-3+deb13u1
-CVE-2025-55291
-	[trixie] - shaarli 0.14.0+dfsg-2
 CVE-2025-50420
 	[trixie] - poppler 25.03.0-5+deb13u2
 CVE-2025-48924
@@ -87,3 +29,5 @@ CVE-2025-53085
 	[trixie] - sail 0.9.8-1+deb13u1
 CVE-2025-3573
 	[trixie] - phpmyadmin 4:5.2.2-really+dfsg-1deb13u1
+CVE-2025-50200
+	[trixie] - rabbitmq-server 4.0.5-6+deb13u2



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8495b58571a7b5c9b421487be496b4c3393ca990...20fd0dedb2d8404c34a5b0a9e5c042115cd647a9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/8495b58571a7b5c9b421487be496b4c3393ca990...20fd0dedb2d8404c34a5b0a9e5c042115cd647a9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250906/fce22616/attachment-0001.htm>
