[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Sep 28 22:28:32 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8d82cf3 by Moritz Muehlenhoff at 2025-09-28T23:28:21+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -484,16 +484,20 @@ CVE-2025-11019 (A vulnerability has been found in Total.js CMS up to 19.9.0. Thi
 CVE-2025-11018 (A flaw has been found in Four-Faith Water Conservancy Informatization  ...)
 	NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
 CVE-2025-11017 (A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impact ...)
-	- ogre-1.12 <unfixed>
-	- ogre-1.9 <unfixed>
+	- ogre-1.12 <unfixed> (unimportant)
+	- ogre-1.9 <unfixed> (unimportant)
 	NOTE: https://github.com/OGRECave/ogre/issues/3447
+	NOTE: Crosses no security boundary
 CVE-2025-11016 (A security vulnerability has been detected in kalcaddle kodbox up to 1 ...)
 	NOT-FOR-US: kalcaddle kodbox
 CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted ...)
-	- ogre-1.12 <unfixed>
+	- ogre-1.12 <unfixed> (unimportant)
 	NOTE: https://github.com/OGRECave/ogre/issues/3446
+	NOTE: No security impact
 CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to 14.4.1. Thi ...)
 	- ogre-1.12 <unfixed>
+	[trixie] - ogre-1.12 <no-dsa> (Minor issue)
+	[bookworm] - ogre-1.12 <no-dsa> (Minor issue)
 	NOTE: https://github.com/OGRECave/ogre/issues/3445
 CVE-2025-11013 (A vulnerability was identified in BehaviorTree up to 4.7.0. This vulne ...)
 	NOT-FOR-US: BehaviorTree
@@ -742,6 +746,7 @@ CVE-2025-59422 (Dify is an open-source LLM app development platform. In version
 	NOT-FOR-US: Dify
 CVE-2025-57632 (libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 ch ...)
 	- libsmb2 <unfixed> (bug #1116446)
+	[trixie] - libsmb2 <no-dsa> (Minor issue)
 	NOTE: https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e
 	NOTE: https://github.com/sahlberg/libsmb2/pull/431
 CVE-2025-57623 (A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2 ...)
@@ -781,42 +786,60 @@ CVE-2025-55556 (TensorFlow v2.18.0 was discovered to output random results when
 	NOTE: https://github.com/tensorflow/tensorflow/issues/82317
 CVE-2025-55554 (pytorch v2.8.0 was discovered to contain an integer overflow in the co ...)
 	- pytorch <unfixed> (bug #1116534)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/151510
 CVE-2025-55553 (A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allo ...)
 	- pytorch <unfixed> (bug #1116535)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/151432
 	NOTE: https://github.com/pytorch/pytorch/pull/154645
 	NOTE: https://github.com/pytorch/pytorch/commit/f9dc20c7a3409865ff72c02575068edc1797473f (v2.8.0-rc1)
 CVE-2025-55552 (pytorch v2.8.0 was discovered to display unexpected behavior when the  ...)
 	- pytorch <unfixed> (bug #1116536)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/147847
 CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0 allows att ...)
 	- pytorch <unfixed> (bug #1116537)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/151401
 CVE-2025-48707 (An issue was discovered in Stormshield Network Security (SNS) before 5 ...)
 	NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in decomposi ...)
 	- pytorch <unfixed> (bug #1116538)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/142853
 	NOTE: https://github.com/pytorch/pytorch/pull/143460
 	NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/288aa873831057b1eb7d747914ec4fdc76c23a80 (v2.7.0-rc1)
 CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output ...)
 	- pytorch <unfixed> (bug #1116539)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/143555
 	NOTE: https://github.com/pytorch/pytorch/pull/143635
 	NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/607884c9afeb29fd230ed2fbadae92377e47dc97 (v2.7.0-rc1)
 CVE-2025-46150 (In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool ...)
 	- pytorch <unfixed> (bug #1116540)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/141538
 	NOTE: https://github.com/pytorch/pytorch/pull/144395
 	NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/ccc2878c978258ec88f7ec591305ba5b13e06579 (v2.7.0-rc1)
 CVE-2025-46149 (In PyTorch before 2.7.0, when inductor is used, nn.Fold has an asserti ...)
 	- pytorch <unfixed> (bug #1116541)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/147848
 	NOTE: https://github.com/pytorch/pytorch/pull/147961
 	NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/be830c8b1c496277491bbbdd40a5cb35de17d5fb (v2.7.0-rc1)
 CVE-2025-46148 (In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) ...)
 	- pytorch <unfixed> (bug #1116543)
+	[trixie] - pytorch <no-dsa> (Minor issue)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/151198
 	NOTE: https://github.com/pytorch/pytorch/pull/152993
 	NOTE: Fixed by: https://github.com/pytorch/pytorch/commit/e5f869999cf5429e24fbb5c3923a5c795549b9e7 (v2.8.0-rc1)
@@ -1384,6 +1407,7 @@ CVE-2017-20200 (A vulnerability has been found in Coinomi up to 1.7.6. This issu
 	NOT-FOR-US: Coinomi
 CVE-2025-59825 (astral-tokio-tar is a tar archive reading/writing library for async Ru ...)
 	- rust-astral-tokio-tar 0.5.5-1 (bug #1116337)
+	[trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-3wgq-wrwc-vqmv
 	NOTE: https://github.com/astral-sh/tokio-tar/commit/036fdecc85c52458ace92dc9e02e9cef90684e75 (v0.5.4)
 CVE-2025-10894 (Malicious code was inserted into the Nx (build system) package and sev ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d82cf3e7a652ccc255302b623be0f2a6eec4b8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d82cf3e7a652ccc255302b623be0f2a6eec4b8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250928/1c058e61/attachment.htm>

More information about the debian-security-tracker-commits mailing list