[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Sep 21 21:12:31 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93595c75 by security tracker role at 2025-09-21T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2025-6544 (A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46 ...)
+	TODO: check
+CVE-2025-53692 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	TODO: check
+CVE-2025-10769 (A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affe ...)
+	TODO: check
+CVE-2025-10768 (A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted eleme ...)
+	TODO: check
 CVE-2025-10766 (A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This iss ...)
 	NOT-FOR-US: SeriaWei ZKEACMS
 CVE-2025-10765 (A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. Thi ...)
@@ -4219,6 +4227,7 @@ CVE-2025-39792 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/2df7168717b7d2d32bcf017c68be16e4aae9dd13 (6.17-rc1)
 CVE-2025-10256
+	{DSA-6007-1}
 	- ffmpeg 7:7.1.2-1
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue)
@@ -21132,7 +21141,7 @@ CVE-2025-53644 (OpenCV is an Open Source Computer Vision Library. Versions prior
 CVE-2024-6234
 	NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c)]
-	{DSA-5985-1}
+	{DSA-6007-1 DSA-5985-1}
 	- ffmpeg 7:7.1.2-1
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 4.3 branch)
 	NOTE: Introduced with: https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
@@ -31521,6 +31530,7 @@ CVE-2025-49175 (A flaw was found in the X Rendering extension's handling of anim
 	[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee
 CVE-2025-6020 (A flaw was found in linux-pam. The module pam_namespace may use access ...)
+	{DLA-4306-1}
 	[experimental] - pam 1.7.0-4
 	- pam 1.7.0-5 (bug #1107919)
 	[bookworm] - pam <no-dsa> (Can be fixed via point release)
@@ -38089,6 +38099,7 @@ CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app desi
 CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rights we ...)
 	NOT-FOR-US: XWiki
 CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and including 1 ...)
+	{DLA-4307-1}
 	- jq 1.8.0-1 (bug #1106288)
 	[trixie] - jq 1.7.1-6+deb13u1
 	[bookworm] - jq 1.6-2.1+deb12u1
@@ -70487,6 +70498,7 @@ CVE-2025-1596 (A vulnerability was found in SourceCodester Best Church Managemen
 CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information Technology E ...)
 	NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in FFmpeg ...)
+	{DSA-6007-1}
 	- ffmpeg 7:7.1.2-1
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
@@ -168261,7 +168273,7 @@ CVE-2024-2773 (A vulnerability classified as problematic has been found in Campc
 	NOT-FOR-US: Campcodes Online Marriage Registration System
 CVE-2024-2770 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
 	NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System
-CVE-2024-2769 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
+CVE-2024-2769 (A vulnerability was detected in Campcodes Complete Online Beauty Parlo ...)
 	NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System
 CVE-2024-2768 (A vulnerability was found in Campcodes Complete Online Beauty Parlor M ...)
 	NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System
@@ -183700,6 +183712,7 @@ CVE-2021-4435 (An untrusted search path vulnerability was found in Yarn. When a
 CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has be ...)
 	NOT-FOR-US: Karjasoft Sami HTTP Server
 CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a den ...)
+	{DLA-4306-1}
 	[experimental] - pam 1.5.3-2
 	- pam 1.5.3-4 (bug #1061097)
 	[bookworm] - pam <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93595c752dbddcde9b4d954138753a22ccf24e2e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93595c752dbddcde9b4d954138753a22ccf24e2e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250921/fa199fa2/attachment.htm>

More information about the debian-security-tracker-commits mailing list