[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Sep 28 21:13:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c878cbfe by security tracker role at 2025-09-28T20:12:57+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2025-11117 (A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerabili ...)
+	TODO: check
+CVE-2025-11116 (A vulnerability was found in code-projects Simple Scheduling System 1. ...)
+	TODO: check
+CVE-2025-11115 (A vulnerability has been found in code-projects Simple Scheduling Syst ...)
+	TODO: check
+CVE-2025-11114 (A flaw has been found in CodeAstro Online Leave Application 1.0. Affec ...)
+	TODO: check
+CVE-2025-11113 (A vulnerability was detected in CodeAstro Online Leave Application 1.0 ...)
+	TODO: check
+CVE-2025-11112 (A security vulnerability has been detected in PHPGurukul Employee Reco ...)
+	TODO: check
+CVE-2025-11111 (A weakness has been identified in Campcodes Advanced Online Voting Man ...)
+	TODO: check
+CVE-2025-11110 (A security flaw has been discovered in Campcodes Online Learning Manag ...)
+	TODO: check
+CVE-2025-11109 (A vulnerability was identified in Campcodes Computer Sales and Invento ...)
+	TODO: check
+CVE-2025-11108 (A vulnerability was determined in code-projects Simple Scheduling Syst ...)
+	TODO: check
+CVE-2025-11107 (A vulnerability was found in code-projects Simple Scheduling System 1. ...)
+	TODO: check
+CVE-2025-11106 (A vulnerability has been found in code-projects Simple Scheduling Syst ...)
+	TODO: check
+CVE-2025-11105 (A flaw has been found in code-projects Simple Scheduling System 1.0. T ...)
+	TODO: check
+CVE-2025-11104 (A vulnerability was detected in CodeAstro Electricity Billing System 1 ...)
+	TODO: check
+CVE-2025-11103 (A security vulnerability has been detected in Projectworlds Online Tou ...)
+	TODO: check
 CVE-2025-11065 [May Leak Sensitive Information in Logs]
 	- golang-github-go-viper-mapstructure <unfixed> (bug #1116584)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2391829
@@ -494,6 +524,7 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflo
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/002b22c15028b18557bd0823a081af9ed5316679
 	NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
 CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability]
+	{DSA-6014-1}
 	- gimp <unfixed> (bug #1116461)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -502,6 +533,7 @@ CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote Code
 	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28 (GIMP_2_99_18)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
 CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability]
+	{DSA-6014-1}
 	- gimp <unfixed> (bug #1116460)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -510,11 +542,13 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote Co
 	NOTE: Introduced after: https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8 (GIMP_2_99_12)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/fb31ddf32298bb2f0f09b3ccc53464b8693a050e
 CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability]
+	{DSA-6014-1}
 	- gimp <unfixed> (bug #1116459)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
 CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability]
+	{DSA-6014-1}
 	- gimp <unfixed> (bug #1116458)
 	[bookworm] - gimp <not-affected> (Vulnerable code not present)
 	[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -934,7 +968,7 @@ CVE-2025-59525 (Horilla is a free and open source Human Resource Management Syst
 CVE-2025-59524 (Horilla is a free and open source Human Resource Management System (HR ...)
 	NOT-FOR-US: Horilla
 CVE-2025-59343 (tar-fs provides filesystem bindings for tar-stream. Versions prior to  ...)
-	{DLA-4313-1}
+	{DSA-6013-1 DLA-4313-1}
 	- node-tar-fs 3.0.9+~cs2.0.4-2 (bug #1116338)
 	NOTE: https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v
 	NOTE: https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09 (v3.1.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c878cbfe97992c28f0507a4c47ed22c7c1f4addc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c878cbfe97992c28f0507a4c47ed22c7c1f4addc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250928/f01559e4/attachment.htm>

More information about the debian-security-tracker-commits mailing list