[Git][security-tracker-team/security-tracker][master] 3 commits: lts: CVE-2024-7883/llvm-toolchain-19 ignored

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Sep 11 10:21:04 BST 2025 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5061225 by Emilio Pozuelo Monfort at 2025-09-11T11:13:46+02:00
lts: CVE-2024-7883/llvm-toolchain-19 ignored

- - - - -
4bef222c by Emilio Pozuelo Monfort at 2025-09-11T11:15:33+02:00
lts: CVE-2025-9566/libpod no-dsa on bullseye

- - - - -
37b8c28d by Emilio Pozuelo Monfort at 2025-09-11T11:17:24+02:00
lts: CVE-2025-8277/libssh no-dsa on bullseye

The issue is very minor and only affects clients, not servers.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -456,6 +456,7 @@ CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX) proce
 	- libssh <unfixed> (bug #1114859)
 	[trixie] - libssh <no-dsa> (Minor issue)
 	[bookworm] - libssh <no-dsa> (Minor issue)
+	[bullseye] - libssh <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383888
 	NOTE: https://www.libssh.org/security/advisories/CVE-2025-8277.txt
 CVE-2025-8008 (A security issue exists in the protected mode of EN4TR devices, where  ...)
@@ -1474,6 +1475,7 @@ CVE-2025-9566 (There's a vulnerability in podman where an attacker may use the k
 	[trixie] - podman <no-dsa> (Minor issue)
 	- libpod <removed>
 	[bookworm] - libpod <no-dsa> (Minor issue)
+	[bullseye] - libpod <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2393152
 	NOTE: Fixed by: https://github.com/containers/podman/commit/aaf8b9dc0cfec76444f7eda60660347646b90a13 (v5.6.1)
 CVE-2025-9057 (The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross- ...)
@@ -98873,6 +98875,7 @@ CVE-2024-7883 (When using Arm Cortex-M Security Extensions (CMSE), Secure stack
 	- llvm-toolchain-19 <unfixed> (bug #1104015)
 	[trixie] - llvm-toolchain-19 <ignored> (Minor issue, doesn't affect the default build flags in Debian and no backport into release branch 19 planned)
 	[bookworm] - llvm-toolchain-19 <ignored> (Minor issue, doesn't affect the default build flags in Debian and no backport into release branches planned)
+	[bullseye] - llvm-toolchain-19 <ignored> (Minor issue, doesn't affect the default build flags in Debian and no backport into release branches planned)
 	- llvm-toolchain-21 <not-affected> (Fixed before initial release)
 	NOTE: https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2322994



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bffab6a0f30c1fee1efa4fc6d8082f305076978...37b8c28d155de750734154ae18a2c1e3fe92637d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bffab6a0f30c1fee1efa4fc6d8082f305076978...37b8c28d155de750734154ae18a2c1e3fe92637d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250911/8bc66e74/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list