[Git][security-tracker-team/security-tracker][master] boomworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 8 13:42:13 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
651c5e5d by Moritz Muehlenhoff at 2025-09-08T14:41:48+02:00
boomworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -264,6 +264,8 @@ CVE-2025-57807 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf (6.9.13-29)
 CVE-2025-7709 [Integer Overflow in FTS5 Extension]
 	- sqlite3 <unfixed> (bug #1114609)
+	[trixie] - sqlite3 <no-dsa> (Minor issue)
+	[bookworm] - sqlite3 <no-dsa> (Minor issue)
 	[bullseye] - sqlite3 <not-affected> (The vulnerable code was introduced later)
 	NOTE: https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g
 	NOTE: Fixed by: https://sqlite.org/src/info/63595b74956a9391
@@ -2715,6 +2717,8 @@ CVE-2025-4643 (Payload uses JSON Web Tokens (JWT) for authentication. After log
 	NOT-FOR-US: Payload
 CVE-2025-47909 (Hosts listed in TrustedOrigins implicitly allow requests from the corr ...)
 	- golang-github-gorilla-csrf <unfixed>
+	[trixie] - golang-github-gorilla-csrf <no-dsa> (Minor issue)
+	[bookworm] - golang-github-gorilla-csrf <no-dsa> (Minor issue)
 	NOTE: https://github.com/golang/vulndb/issues/3884
 	NOTE: https://github.com/advisories/GHSA-82ff-hg59-8x73
 CVE-2025-44033 (SQL injection vulnerability in oa_system oasys v.1.1 allows a remote a ...)
@@ -3893,6 +3897,8 @@ CVE-2025-57805 (The Scratch Channel is a news website. In versions 1 and 1.1, a
 CVE-2025-57804 (h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior t ...)
 	{DLA-4290-1}
 	- python-h2 <unfixed> (bug #1112348)
+	[trixie] - python-h2 <no-dsa> (Minor issue)
+	[bookworm] - python-h2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h
 	NOTE: https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3 (v4.3.0)
 	NOTE: https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a (v4.3.0)
@@ -4114,6 +4120,8 @@ CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper a
 	NOT-FOR-US: DASAN GPON ONU H660WM
 CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial of Serv ...)
 	- adminer <unfixed>
+	[trixie] - adminer <no-dsa> (Minor issue)
+	[bookworm] - adminer <no-dsa> (Minor issue)
 	NOTE: https://github.com/far00t01/CVE-2025-43960
 	TODO: check, does not seem to be fixed in 4.8.2 and later versions
 CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been identified  ...)
@@ -14824,7 +14832,7 @@ CVE-2025-7784 (A flaw was found in the Keycloak identity and access management s
 CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data allows  ...)
 	{DLA-4261-1}
 	- node-form-data 4.0.1-2 (bug #1109551)
-	[bookworm] - node-form-data 4.0.1-1+deb12u1
+	[bookworm] - node-form-data 4.0.0-1+deb12u1
 	NOTE: https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
 	NOTE: Fixed by: https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0 (v4.0.4)
 CVE-2025-7697 (The Integration for Google Sheets and Contact Form 7, WPForms, Element ...)
@@ -46464,6 +46472,7 @@ CVE-2017-20197 (A vulnerability was found in propanetank Roommate-Bill-Tracking
 	NOT-FOR-US: Roommate-Bill-Tracking
 CVE-2025-30215 (NATS-Server is a High-Performance server for NATS.io, the cloud and ed ...)
 	- nats-server 2.10.27-1
+	[bookworm] - nats-server <no-dsa> (Minor issue)
 	NOTE: https://advisories.nats.io/CVE/secnote-2025-01.txt
 CVE-2025-3442 (This vulnerability exists in TP-Link TapoH200 V1  IoT Smart Hub due to ...)
 	NOT-FOR-US: TP-Link



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651c5e5d5ec065891aed05c2339a8a3fd72b2f33

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651c5e5d5ec065891aed05c2339a8a3fd72b2f33
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250908/46737420/attachment.htm>

More information about the debian-security-tracker-commits mailing list