[Git][security-tracker-team/security-tracker][master] automatic update

Sun Sep 7 21:12:17 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9126988e by security tracker role at 2025-09-07T20:12:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,33 @@
-CVE-2025-39734 [Revert "fs/ntfs3: Replace inode_trylock with inode_lock"]
+CVE-2025-48042 (Incorrect Authorization vulnerability in ash-project ash allows Exploi ...)
+	TODO: check
+CVE-2025-39734 (In the Linux kernel, the following vulnerability has been resolved:  R ...)
 	- linux 6.16.3-1
 	[trixie] - linux 6.12.43-1
 	[bookworm] - linux 6.1.148-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/a49f0abd8959048af18c6c690b065eb0d65b2d21 (6.17-rc1)
-CVE-2025-39733 [team: replace team lock with rtnl lock]
+CVE-2025-39733 (In the Linux kernel, the following vulnerability has been resolved:  t ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/bfb4fb77f9a8ce33ce357224569eae5564eec573 (6.17-rc1)
-CVE-2025-39732 [wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()]
+CVE-2025-39732 (In the Linux kernel, the following vulnerability has been resolved:  w ...)
 	- linux 6.16.3-1
 	[trixie] - linux 6.12.43-1
 	NOTE: https://git.kernel.org/linus/65c12b104cb942d588a1a093acc4537fb3d3b129 (6.17-rc1)
-CVE-2025-39731 [f2fs: vm_unmap_ram() may be called from an invalid context]
+CVE-2025-39731 (In the Linux kernel, the following vulnerability has been resolved:  f ...)
 	- linux 6.16.3-1
 	[trixie] - linux 6.12.43-1
 	[bookworm] - linux 6.1.148-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/08a7efc5b02a0620ae16aa9584060e980a69cb55 (6.17-rc1)
-CVE-2025-39730 [NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()]
+CVE-2025-39730 (In the Linux kernel, the following vulnerability has been resolved:  N ...)
 	- linux 6.16.3-1
 	[trixie] - linux 6.12.43-1
 	[bookworm] - linux 6.1.148-1
 	NOTE: https://git.kernel.org/linus/ef93a685e01a281b5e2a25ce4e3428cf9371a205 (6.17-rc1)
-CVE-2025-39729 [crypto: ccp - Fix dereferencing uninitialized error pointer]
+CVE-2025-39729 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	- linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/0fa766726c091ff0ec7d26874f6e4724d23ecb0e (6.17-rc1)
-CVE-2025-39727 [mm: swap: fix potential buffer overflow in setup_clusters()]
+CVE-2025-39727 (In the Linux kernel, the following vulnerability has been resolved:  m ...)
 	- linux 6.16.3-1
 	[trixie] - linux 6.12.43-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
@@ -10126,6 +10128,7 @@ CVE-2025-54606 (Status verification vulnerability in the lock screen module. Imp
 CVE-2025-54594 (react-native-bottom-tabs is a library of Native Bottom Tabs for React  ...)
 	NOT-FOR-US: react-native-bottom-tabs
 CVE-2025-54571 (ModSecurity is an open source, cross platform web application firewall ...)
+	{DLA-4294-1}
 	- modsecurity-apache 2.9.12-2 (bug #1110480)
 	[trixie] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)
 	[bookworm] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9126988ec797fae968aa5e6a768d88c64204040e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9126988ec797fae968aa5e6a768d88c64204040e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250907/ef8f70d7/attachment-0001.htm>
