[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2025-9375 as postponed for Bullseye
Thorsten Alteholz (@alteholz)
alteholz at debian.org
Wed Sep 17 22:55:12 BST 2025
Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6637bfda by Thorsten Alteholz at 2025-09-17T23:45:22+02:00
mark CVE-2025-9375 as postponed for Bullseye
- - - - -
d06c90be by Thorsten Alteholz at 2025-09-17T23:54:48+02:00
mark CVE-2025-58782 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4648,6 +4648,7 @@ CVE-2025-58782 (Deserialization of Untrusted Data vulnerability in Apache Jackra
- jackrabbit <unfixed> (bug #1114861)
[trixie] - jackrabbit <no-dsa> (Minor issue)
[bookworm] - jackrabbit <no-dsa> (Minor issue)
+ [bullseye] - jackrabbit <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/06/3
NOTE: https://issues.apache.org/jira/browse/JCR-5135
NOTE: https://github.com/apache/jackrabbit/commit/7a319093c9864111bb86c9895148e580e0f8259a (jackrabbit-2.23.2-beta)
@@ -6934,6 +6935,7 @@ CVE-2025-9375 (XML Injection vulnerability in xmltodict allows Input Data Manipu
- python-xmltodict <unfixed> (bug #1113825)
[trixie] - python-xmltodict <no-dsa> (Minor issue)
[bookworm] - python-xmltodict <no-dsa> (Minor issue)
+ [bullseye] - python-xmltodict <postponed> (Minor issue)
NOTE: https://github.com/martinblech/xmltodict/issues/377
NOTE: https://fluidattacks.com/advisories/mono
NOTE: https://github.com/martinblech/xmltodict/commit/ecd456ab88d379514b116ef9293318b74e5ed3ee (v0.15.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e95fee663db6f8fe394653c19a3481895bc363e...d06c90be8da663b13c83fa5de811c736751292c1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2e95fee663db6f8fe394653c19a3481895bc363e...d06c90be8da663b13c83fa5de811c736751292c1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250917/3f117d72/attachment.htm>
More information about the debian-security-tracker-commits
mailing list