[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Mon Sep 22 16:29:32 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
11bf94da by Moritz Muehlenhoff at 2025-09-22T17:29:18+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -220,6 +220,7 @@ CVE-2025-59670
 CVE-2025-59431 (MapServer is a system for developing web-based GIS applications. Prior ...)
 	- mapserver 8.4.1-1
 	NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w
+	NOTE: https://github.com/MapServer/MapServer/commit/aaeedcdabd1cca4b0f1e94cdcd5e48922d97dd00
 CVE-2025-59427 (The Cloudflare Vite plugin enables a full-featured integration between ...)
 	NOT-FOR-US: Cloudflare Vite plugin
 CVE-2025-59344 (AliasVault is a privacy-first password manager with built-in email ali ...)
@@ -2711,9 +2712,11 @@ CVE-2025-59453 (Click Studios Passwordstate before 9.9 Build 9972 has a potentia
 	NOT-FOR-US: Click Studios Passwordstate
 CVE-2025-59437 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
 	- node-ip <unfixed>
-	TODO: check details
+	[trixie] - node-ip <no-dsa> (Minor issue)
+	[bookworm] - node-ip <no-dsa> (Minor issue)
 CVE-2025-59436 (The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF b ...)
 	- node-ip <unfixed>
+	[trixie] - node-ip <no-dsa> (Minor issue)
 	[bookworm] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 not applied)
 	[bullseye] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 not applied)
 	NOTE: https://github.com/indutny/node-ip/issues/160
@@ -36174,6 +36177,7 @@ CVE-2025-48942 (vLLM is an inference and serving engine for large language model
 	- vllm <itp> (bug #1095237)
 CVE-2025-48938 (go-gh is a collection of Go modules to make authoring GitHub CLI exten ...)
 	- golang-github-cli-go-gh <unfixed> (bug #1107084)
+	[trixie] - golang-github-cli-go-gh <no-dsa> (Minor issue)
 	[bookworm] - golang-github-cli-go-gh <no-dsa> (Minor issue)
 	- golang-github-cli-go-gh-v2 <unfixed> (bug #1107083)
 	[trixie] - golang-github-cli-go-gh-v2 <no-dsa> (Minor issue)


=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ cpp-httplib
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
+ghostscript (carnil)
+--
 intel-microcode (carnil)
   Expose fixes first in unstable, evaluate with maintainer proposed-updates or DSA
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bf94da73c4c51459fd2375e2b0361ebb8ce1f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bf94da73c4c51459fd2375e2b0361ebb8ce1f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250922/bc448409/attachment-0001.htm>
