[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Sep 27 16:40:37 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d2247a4f by Moritz Muehlenhoff at 2025-09-27T17:39:58+02:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -256,6 +256,8 @@ CVE-2025-59842 (jupyterlab is an extensible environment for interactive and repr
NOTE: https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This oc ...)
- squid <unfixed>
+ [trixie] - squid <no-dsa> (Minor issue)
+ [bookworm] - squid <no-dsa> (Minor issue)
NOTE: https://github.com/squid-cache/squid/pull/2149
NOTE: https://github.com/squid-cache/squid/commit/250a18e0a80694b919972a1836cdfe20f2e1baa0 (master)
NOTE: https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9 (v7)
@@ -345,6 +347,8 @@ CVE-2025-11025 (Insertion of Sensitive Information Into Sent Data vulnerability
NOT-FOR-US: Vimesoft Corporate Messaging Platform
CVE-2025-11021 (A flaw was found in the cookie date handling logic of the libsoup HTTP ...)
- libsoup3 <unfixed>
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2399627
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/459
CVE-2025-11019 (A vulnerability has been found in Total.js CMS up to 19.9.0. This impa ...)
@@ -2233,10 +2237,11 @@ CVE-2025-53450 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-52367 (Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a ...)
NOT-FOR-US: PivotX CMS
CVE-2025-51006 (Within tcpreplay's tcprewrite, a double free vulnerability has been id ...)
- - tcpreplay 4.5.2-1
+ - tcpreplay 4.5.2-1 (unimportant)
NOTE: https://github.com/appneta/tcpreplay/issues/926
NOTE: Fixed via: https://github.com/appneta/tcpreplay/issues/902
NOTE: https://github.com/sy460129/CVE-2025-51006
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-46711 (Software installed and run as a non-privileged user may conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2025-43953 (In 2wcom IP-4c 2.16, the web interface allows admin and manager users ...)
@@ -2381,6 +2386,8 @@ CVE-2025-0875 (Authorization Bypass Through User-Controlled Key vulnerability in
NOT-FOR-US: PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System)
CVE-2025-XXXX [RUSTSEC-2025-0071]
- rust-ammonia 4.1.2-1 (bug #1115977)
+ [trixie] - rust-ammonia <no-dsa> (Minor issue)
+ [bookworm] - rust-ammonia <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0071.html
CVE-2025-6544 (A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46 ...)
NOT-FOR-US: h2oai/h2o-3
=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ frr/oldstable
gh/oldstable
Santiago Vila might work on preparing an update
--
+gimp (jmm)
+--
ghostscript (carnil)
--
intel-microcode (carnil)
@@ -73,6 +75,8 @@ sogo/oldstable
--
sympa/oldstable
--
+tiff (jmm)
+--
tomcat10/oldstable
--
tomcat11/stable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2247a4fdc204db117682cb78f114f8fe232dfcc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2247a4fdc204db117682cb78f114f8fe232dfcc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250927/e417c03c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list