[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
37442f92 by Moritz Muehlenhoff at 2025-09-14T20:53:37+02:00
bookworm/trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1830,6 +1830,8 @@ CVE-2025-40928 (JSON::XS before version 4.04 for Perl has an integer buffer over
 	NOTE: https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch
 CVE-2025-58782 (Deserialization of Untrusted Data vulnerability in Apache Jackrabbit C ...)
 	- jackrabbit <unfixed> (bug #1114861)
+	[trixie] - jackrabbit <no-dsa> (Minor issue)
+	[bookworm] - jackrabbit <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/09/06/3
 	NOTE: https://issues.apache.org/jira/browse/JCR-5135
 	NOTE: https://github.com/apache/jackrabbit/commit/7a319093c9864111bb86c9895148e580e0f8259a (jackrabbit-2.23.2-beta)
@@ -22976,12 +22978,14 @@ CVE-2025-53076 (Improper Input Validation vulnerability in Samsung Open Source r
 	NOTE: Fxied by: https://github.com/Samsung/rlottie/commit/36ddb42d78d1b13c1b1d7e1699aef8a9f339ab6f
 CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source rLottie ...)
 	- rlottie <unfixed> (bug #1109341)
+	[trixie] - rlottie <no-dsa> (Minor issue)
 	[bookworm] - rlottie <no-dsa> (Minor issue)
 	[bullseye] - rlottie <postponed> (Minor issue)
 	NOTE: https://github.com/Samsung/rlottie/pull/571
 	NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
 CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows ...)
 	- rlottie <unfixed> (bug #1109341)
+	[trixie] - rlottie <no-dsa> (Minor issue)
 	[bookworm] - rlottie <no-dsa> (Minor issue)
 	[bullseye] - rlottie <postponed> (Minor issue)
 	NOTE: https://github.com/Samsung/rlottie/pull/571
@@ -23012,6 +23016,7 @@ CVE-2025-38087 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/b160766e26d4e2e2d6fe2294e0b02f92baefcec5 (6.16-rc3)
 CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie allows Rem ...)
 	- rlottie <unfixed> (bug #1109341)
+	[trixie] - rlottie <no-dsa> (Minor issue)
 	[bookworm] - rlottie <no-dsa> (Minor issue)
 	[bullseye] - rlottie <postponed> (Minor issue)
 	NOTE: https://github.com/Samsung/rlottie/pull/571


=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ mbedtls/oldstable
 --
 netty
 --
+node-sha.js (jmm)
+--
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37442f920a959618b2b050698c8b048eeffa23ec

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37442f920a959618b2b050698c8b048eeffa23ec
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250914/44580f54/attachment.htm>