[Git][security-tracker-team/security-tracker][master] 2 commits: Merge changes for updates with CVEs via trixie 13.3
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 10 10:49:25 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
004fb98f by Salvatore Bonaccorso at 2026-01-10T11:44:11+01:00
Merge changes for updates with CVEs via trixie 13.3
- - - - -
f20c2711 by Salvatore Bonaccorso at 2026-01-10T11:49:18+01:00
Merge branch 'trixie-13.3' into 'master'
Merge changes accepted for trixie 13.3 release
See merge request security-tracker-team/security-tracker!254
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4345,7 +4345,7 @@ CVE-2025-69210 (FacturaScripts is open-source enterprise resource planning and a
CVE-2025-69204 (ImageMagick is free and open-source software used for editing and mani ...)
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
[bookworm] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e (7.1.2-12)
@@ -4467,7 +4467,7 @@ CVE-2025-68974 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-68950 (ImageMagick is free and open-source software used for editing and mani ...)
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
[bookworm] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec (7.1.2-12)
@@ -4477,7 +4477,7 @@ CVE-2025-68926 (RustFS is a distributed object storage system built in Rust. In
CVE-2025-68618 (ImageMagick is free and open-source software used for editing and mani ...)
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1
- [trixie] - imagemagick <no-dsa> (Minor issue)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
[bookworm] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb (7.1.2-12)
@@ -4641,7 +4641,7 @@ CVE-2022-50597
REJECTED
CVE-2025-67746 (Composer is a dependency manager for PHP. In versions on the 2.x branc ...)
- composer 2.9.3-1
- [trixie] - composer <no-dsa> (Minor issue)
+ [trixie] - composer 2.8.8-1+deb13u1
[bookworm] - composer <no-dsa> (Minor issue)
[bullseye] - composer <postponed> (Minor issue, terminal control characters sanitization)
NOTE: https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
@@ -6055,6 +6055,7 @@ CVE-2025-14269
NOT-FOR-US: Headlamp
CVE-2025-68973 (In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments ...)
- gnupg2 2.4.8-5 (bug #1124221)
+ [trixie] - gnupg2 2.4.7-21+deb13u1
NOTE: https://gpg.fail/memcpy
NOTE: https://dev.gnupg.org/T7906
NOTE: https://www.openwall.com/lists/oss-security/2025/12/28/5
@@ -10524,7 +10525,7 @@ CVE-2025-14177 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.*
NOTE: Introduced by: https://github.com/php/php-src/commit/52aa0d9ecc7ab8b0b74f142e7c1020caa281fbba (php-8.1.26RC1)
CVE-2025-68462 (Freedombox before 25.17.1 does not set proper permissions for the back ...)
- freedombox 25.17.1
- [trixie] - freedombox <no-dsa> (Minor issue)
+ [trixie] - freedombox 25.9.3+deb13u1
[bookworm] - freedombox <no-dsa> (Minor issue)
[bullseye] - freedombox <postponed> (Minor issue)
NOTE: Fixed by: https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229 (v25.17.1)
@@ -13399,7 +13400,7 @@ CVE-2024-40593 (A key management errors vulnerability in Fortinet FortiAnalyzer
NOT-FOR-US: Fortinet
CVE-2025-67897 (In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext ...)
- rust-sequoia-openpgp 2.1.0-1 (bug #1122582)
- [trixie] - rust-sequoia-openpgp <no-dsa> (Minor issue)
+ [trixie] - rust-sequoia-openpgp 2.0.0-2+deb13u1
[bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)
[bullseye] - rust-sequoia-openpgp <ignored> (Minor issue)
NOTE: Fixed by: https://gitlab.com/sequoia-pgp/sequoia/-/commit/b59886e5e7bdf7169ed330f309a6633d131776e5 (openpgp/v2.1.0)
@@ -13559,7 +13560,7 @@ CVE-2025-67460 (Protection Mechanism Failure of Software Downgrade in Zoom Rooms
CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or convert b ...)
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1 (bug #1122584)
- [trixie] - imagemagick <no-dsa> (Minor issue)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
[bookworm] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bdae0681ad1e572defe62df85834218f01e6d670 (7.1.2-10)
@@ -16052,7 +16053,7 @@ CVE-2025-60912 (phpIPAM v1.7.3 contains a Cross-Site Request Forgery (CSRF) vuln
- phpipam <itp> (bug #731713)
CVE-2025-59391 (A memory disclosure vulnerability exists in libcoap's OSCORE configura ...)
- libcoap3 4.3.5-2 (bug #1122290)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
NOTE: https://github.com/obgm/libcoap/pull/1730
NOTE: Fixed by: https://github.com/obgm/libcoap/commit/da534de75edd1b3628a28908d30b0efbaa01be09 (develop)
@@ -17445,7 +17446,7 @@ CVE-2025-63681 (open-webui v0.6.33 is vulnerable to Incorrect Access Control. Th
CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
{DLA-4434-1}
- sogo 5.12.4-1.2 (bug #1121952)
- [trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [trixie] - sogo 5.12.1-3+deb13u1
[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
NOTE: Fixed by: https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
@@ -17519,7 +17520,7 @@ CVE-2025-14011 (A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is t
NOT-FOR-US: JIZHICMS
CVE-2025-14010 (A flaw was found in ansible-collection-community-general. This vulnera ...)
- ansible 12.2.0+dfsg-1 (bug #1121951)
- [trixie] - ansible <no-dsa> (Minor issue)
+ [trixie] - ansible 12.0.0+dfsg-0+deb13u1
[bookworm] - ansible <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2418774
NOTE: https://github.com/ansible-community/ansible-build-data/blob/main/12/CHANGELOG-v12.md#security-fixes
@@ -17838,14 +17839,14 @@ CVE-2025-40216 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b (6.16-rc4)
CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in ...)
- apache2 2.4.66-1 (bug #1121926)
- [trixie] - apache2 <no-dsa> (Minor issue)
+ [trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 <no-dsa> (Minor issue)
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
NOTE: https://github.com/apache/httpd/commit/9d26b95787b229a3f6195d7beead774d131eeda1
CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
- apache2 2.4.66-1 (bug #1121926)
- [trixie] - apache2 <no-dsa> (Minor issue)
+ [trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 <no-dsa> (Minor issue)
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
@@ -17855,14 +17856,14 @@ CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache HTT
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-59775
CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) ...)
- apache2 2.4.66-1 (bug #1121926)
- [trixie] - apache2 <no-dsa> (Minor issue)
+ [trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 <no-dsa> (Minor issue)
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
NOTE: https://github.com/apache/httpd/commit/ecc1b8f3817e3dcab9c1f24f905752d3c0a279af
CVE-2025-55753 (An integer overflow in the case of failed ACME certificate renewal lea ...)
- apache2 2.4.66-1 (bug #1121926)
- [trixie] - apache2 <no-dsa> (Minor issue)
+ [trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 <no-dsa> (Minor issue)
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
@@ -18070,7 +18071,7 @@ CVE-2025-12887 (The Post SMTP plugin for WordPress is vulnerable to authorizatio
CVE-2025-12819 (Untrusted search path in auth_query connection handler in PgBouncer be ...)
{DLA-4422-1}
- pgbouncer 1.25.1-1
- [trixie] - pgbouncer <no-dsa> (Minor issue)
+ [trixie] - pgbouncer 1.24.1-1+deb13u1
[bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: https://www.pgbouncer.org/changelog.html#pgbouncer-125x
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/85acffac5ddf56657706812f600c5f7f477abbab (pgbouncer_1_25_1)
@@ -18130,7 +18131,7 @@ CVE-2025-12548
CVE-2025-65955 (ImageMagick is free and open-source software used for editing and mani ...)
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1 (bug #1122827)
- [trixie] - imagemagick <no-dsa> (Minor issue)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
[bookworm] - imagemagick <no-dsa> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 (7.0.1-0)
@@ -19221,7 +19222,7 @@ CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS comman
NOT-FOR-US: TRENDnet
CVE-2025-64344 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
- [trixie] - suricata <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - suricata 1:7.0.10-1+deb13u3
[bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-93fh-cgmc-w3rx
NOTE: https://redmine.openinfosecfoundation.org/issues/8065
@@ -19246,7 +19247,7 @@ CVE-2025-64334 (Suricata is a network IDS, IPS and NSM engine developed by the O
NOTE: Fixed by: https://github.com/OISF/suricata/commit/00f04daa3a44928dfdd0003cb9735469272c94a1 (suricata-8.0.2)
CVE-2025-64333 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
- [trixie] - suricata <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - suricata 1:7.0.10-1+deb13u2
[bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-537h-xxmx-v87m
NOTE: https://redmine.openinfosecfoundation.org/issues/8056 (private)
@@ -19254,7 +19255,7 @@ CVE-2025-64333 (Suricata is a network IDS, IPS and NSM engine developed by the O
NOTE: Fixed by: https://github.com/OISF/suricata/commit/4b1d284bb57219b6677a8bda5cdc14a24a6aa22d (suricata-7.0.13)
CVE-2025-64332 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
- [trixie] - suricata <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - suricata 1:7.0.10-1+deb13u2
[bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-p32q-7wcp-gv92
NOTE: https://redmine.openinfosecfoundation.org/issues/8055 (private)
@@ -19262,7 +19263,7 @@ CVE-2025-64332 (Suricata is a network IDS, IPS and NSM engine developed by the O
NOTE: Fixed by: https://github.com/OISF/suricata/commit/f67d72702a2601d0a86ac1450686e70d7176f629 (suricata-7.0.13)
CVE-2025-64331 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
- [trixie] - suricata <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - suricata 1:7.0.10-1+deb13u2
[bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-v32w-j79x-pfj2
NOTE: https://redmine.openinfosecfoundation.org/issues/8004 (private)
@@ -19270,7 +19271,7 @@ CVE-2025-64331 (Suricata is a network IDS, IPS and NSM engine developed by the O
NOTE: Fixed by: https://github.com/OISF/suricata/commit/5abf9b81e78476f49ab074f3a74b5840747cd069 (suricata-7.0.13)
CVE-2025-64330 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
- [trixie] - suricata <no-dsa> (Minor issue; will be fixed via point release)
+ [trixie] - suricata 1:7.0.10-1+deb13u2
[bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <not-affected> (vulnerable code not present; LOG_JSON_VERDICT added in v7.0.0)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-83v7-gm34-f437
@@ -19472,7 +19473,7 @@ CVE-2025-13611 (GitLab has remediated an issue in GitLab CE/EE affecting all ver
CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap buffer over ...)
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1122346)
- [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [trixie] - glib2.0 2.84.4-3~deb13u2
[bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3845
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935
@@ -19481,7 +19482,7 @@ CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap buffe
CVE-2025-14087 (A flaw was found in GLib (Gnome Lib). This vulnerability allows a remo ...)
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1122347)
- [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [trixie] - glib2.0 2.84.4-3~deb13u2
[bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3834
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933
@@ -19492,7 +19493,7 @@ CVE-2025-14087 (A flaw was found in GLib (Gnome Lib). This vulnerability allows
CVE-2025-13601 (A heap-based buffer overflow problem was found in glib through an inco ...)
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1121488)
- [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [trixie] - glib2.0 2.84.4-3~deb13u2
[bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3827
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
@@ -19790,7 +19791,7 @@ CVE-2025-63674 (An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.292
CVE-2025-63498 (alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the ...)
{DLA-4386-1}
- sogo 5.12.4-1
- [trixie] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [trixie] - sogo 5.12.1-3+deb13u1
[bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
NOTE: https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c (SOGo-5.12.4)
NOTE: https://github.com/xryptoh/CVE-2025-63498
@@ -19920,7 +19921,7 @@ CVE-2025-65502 (Null pointer dereference in add_ca_certs() in Cesanta Mongoose b
NOT-FOR-US: Cesenta Mongoose
CVE-2025-65501 (Null pointer dereference in coap_dtls_info_callback() in OISM libcoap ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19928,7 +19929,7 @@ CVE-2025-65501 (Null pointer dereference in coap_dtls_info_callback() in OISM li
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65500 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19936,7 +19937,7 @@ CVE-2025-65500 (NULL pointer dereference in coap_dtls_generate_cookie() in src/c
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65499 (Array index error in tls_verify_call_back() in src/coap_openssl.c in O ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19944,7 +19945,7 @@ CVE-2025-65499 (Array index error in tls_verify_call_back() in src/coap_openssl.
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65498 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19952,7 +19953,7 @@ CVE-2025-65498 (NULL pointer dereference in coap_dtls_generate_cookie() in src/c
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65497 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19960,7 +19961,7 @@ CVE-2025-65497 (NULL pointer dereference in coap_dtls_generate_cookie() in src/c
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65496 (NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_op ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19968,7 +19969,7 @@ CVE-2025-65496 (NULL pointer dereference in coap_dtls_generate_cookie() in src/c
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65495 (Integer signedness error in tls_verify_call_back() in src/coap_openssl ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19976,7 +19977,7 @@ CVE-2025-65495 (Integer signedness error in tls_verify_call_back() in src/coap_o
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65494 (NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_open ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -19984,7 +19985,7 @@ CVE-2025-65494 (NULL pointer dereference in get_san_or_cn_from_cert() in src/coa
NOTE: https://github.com/obgm/libcoap/pull/1750
CVE-2025-65493 (NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 a ...)
- libcoap3 4.3.5-2 (bug #1121415)
- [trixie] - libcoap3 <no-dsa> (Minor issue)
+ [trixie] - libcoap3 4.3.4-1.1+deb13u2
[bookworm] - libcoap3 <no-dsa> (Minor issue)
- libcoap2 <removed>
[bullseye] - libcoap2 <postponed> (Minor issue)
@@ -20715,7 +20716,7 @@ CVE-2025-10938 (The UiPress lite plugin for WordPress is vulnerable to Sensitive
CVE-2025-9820 [GNUTLS-SA-2025-11-18]
[experimental] - gnutls28 3.8.11-1
- gnutls28 3.8.11-3 (bug #1121146)
- [trixie] - gnutls28 <no-dsa> (Minor issue)
+ [trixie] - gnutls28 3.8.9-3+deb13u1
[bookworm] - gnutls28 <no-dsa> (Minor issue)
[bullseye] - gnutls28 <postponed> (Minor issue; can be fixed in next update)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18
@@ -21199,7 +21200,7 @@ CVE-2025-12174 (The Directorist: AI-Powered Business Directory Plugin with Class
NOT-FOR-US: WordPress plugin
CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid memory if large options are ...)
- mongo-c-driver 2.1.2-1
- [trixie] - mongo-c-driver <no-dsa> (Minor issue)
+ [trixie] - mongo-c-driver 1.30.4-1+deb13u1
[bookworm] - mongo-c-driver <no-dsa> (Minor issue)
[bullseye] - mongo-c-driver <postponed> (Minor issue)
NOTE: https://github.com/mongodb/mongo-c-driver/pull/2132
@@ -21598,7 +21599,7 @@ CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy plugin
NOT-FOR-US: WordPress plugin
CVE-2025-10158 (A malicious client acting as the receiver of an rsync file transfer ca ...)
- rsync 3.4.1+ds1-7 (bug #1121442)
- [trixie] - rsync <no-dsa> (Minor issue)
+ [trixie] - rsync 3.4.1+ds1-5+deb13u1
[bookworm] - rsync <no-dsa> (Minor issue)
[bullseye] - rsync <ignored> (Minor issue)
NOTE: Fixed by: https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f
@@ -21948,7 +21949,7 @@ CVE-2025-12482 (The Booking for Appointments and Events Calendar \u2013 Amelia p
NOT-FOR-US: WordPress plugin
CVE-2025-13193 (A flaw was found in libvirt. External inactive snapshots for shut-down ...)
- libvirt 11.10.0-1 (bug #1120119)
- [trixie] - libvirt <no-dsa> (Minor issue)
+ [trixie] - libvirt 11.3.0-3+deb13u2
[bookworm] - libvirt <not-affected> (Vulnerable code introduced later)
[bullseye] - libvirt <not-affected> (Vulnerable code introduced later)
NOTE: Introduced after: https://gitlab.com/libvirt/libvirt/-/commit/9b94a9e8ab1de1a33fa97e0362b1e763b09d52c8 (v9.7.0-rc1)
@@ -22145,7 +22146,7 @@ CVE-2025-13168 (A weakness has been identified in ury-erp ury up to 0.2.0. This
NOT-FOR-US: ury-erp ury
CVE-2025-13033 (A vulnerability was identified in the email parsing library due to imp ...)
- node-nodemailer 7.0.9+~7.0.2-1
- [trixie] - node-nodemailer <no-dsa> (Minor issue)
+ [trixie] - node-nodemailer 6.10.0+~6.4.17-1+deb13u1
[bookworm] - node-nodemailer <no-dsa> (Minor issue)
[bullseye] - node-nodemailer <postponed> (Minor issue)
NOTE: https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87
@@ -22661,7 +22662,7 @@ CVE-2025-12817 (Missing authorization in PostgreSQL CREATE STATISTICS command al
CVE-2025-64500 (Symfony is a PHP framework for web and console applications and a set ...)
[experimental] - symfony 8.0.0~beta2+dfsg-2
- symfony 7.4.0~rc1+dfsg-1
- [trixie] - symfony <no-dsa> (Minor issue)
+ [trixie] - symfony 6.4.21+dfsg-2+deb13u1
[bookworm] - symfony <no-dsa> (Minor issue)
[bullseye] - symfony <postponed> (Minor issue)
NOTE: https://github.com/advisories/GHSA-3rg7-wf37-54rm
@@ -22937,7 +22938,7 @@ CVE-2025-59088 (If kdcproxy receives a request for a realm which does not have s
CVE-2025-64524 (cups-filters contains backends, filters, and other software required t ...)
{DLA-4380-1}
- cups-filters 1.28.17-7
- [trixie] - cups-filters <no-dsa> (Minor issue)
+ [trixie] - cups-filters 1.28.17-6+deb13u1
[bookworm] - cups-filters <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/11/20/1
NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv
@@ -22946,9 +22947,9 @@ CVE-2025-64524 (cups-filters contains backends, filters, and other software requ
CVE-2025-64503 (cups-filters contains backends, filters, and other software required t ...)
{DLA-4380-1}
- libcupsfilters 2.1.1-2 (bug #1120697)
- [trixie] - libcupsfilters <no-dsa> (Minor issue)
+ [trixie] - libcupsfilters 2.0.0-3+deb13u1
- cups-filters 1.28.17-7 (bug #1120698)
- [trixie] - cups-filters <no-dsa> (Minor issue)
+ [trixie] - cups-filters 1.28.17-6+deb13u1
[bookworm] - cups-filters <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/11/12/2
NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9
@@ -22957,9 +22958,9 @@ CVE-2025-64503 (cups-filters contains backends, filters, and other software requ
CVE-2025-57812 (CUPS is a standards-based, open-source printing system, and `libcupsfi ...)
{DLA-4380-1}
- libcupsfilters 2.1.1-2 (bug #1120703)
- [trixie] - libcupsfilters <no-dsa> (Minor issue)
+ [trixie] - libcupsfilters 2.0.0-3+deb13u1
- cups-filters 1.28.17-7 (bug #1120704)
- [trixie] - cups-filters <no-dsa> (Minor issue)
+ [trixie] - cups-filters 1.28.17-6+deb13u1
[bookworm] - cups-filters <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/11/12/1
NOTE: https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4
@@ -23832,7 +23833,7 @@ CVE-2025-12787 (The Hydra Booking \u2014 Appointment Scheduling & Booking Calend
NOT-FOR-US: WordPress plugin
CVE-2025-12748 (A flaw was discovered in libvirt in the XML file processing. More spec ...)
- libvirt 11.10.0-1 (bug #1120584)
- [trixie] - libvirt <no-dsa> (Minor issue; requires authenticated user)
+ [trixie] - libvirt 11.3.0-3+deb13u2
[bookworm] - libvirt <no-dsa> (Minor issue; requires authenticated user)
[bullseye] - libvirt <postponed> (Minor issue; requires authenticated user)
NOTE: https://gitlab.com/libvirt/libvirt/-/issues/825
@@ -24383,7 +24384,7 @@ CVE-2025-64507 (Incus is a system container and virtual machine manager. An issu
{DSA-6057-1 DSA-6051-1}
- incus 6.0.5-4
- lxd <removed>
- [trixie] - lxd <ignored> (File system ID mapping is broken with Kernel 6.9+ making CVE-2025-64507 unexploitable)
+ [trixie] - lxd 5.0.2+git20231211.1364ae4-9+deb13u2
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-56mx-8g9f-5crf
NOTE: https://github.com/lxc/incus/issues/2641
NOTE: Fixed by: https://github.com/lxc/incus/pull/2642
@@ -24454,7 +24455,7 @@ CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer Relationsh
NOT-FOR-US: SuiteCRM
CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, calibre do ...)
- calibre 8.14.0+ds+~0.10.5-1
- [trixie] - calibre <no-dsa> (Will be fixed via point update)
+ [trixie] - calibre 8.5.0+ds-1+deb13u1
[bookworm] - calibre <no-dsa> (Will be fixed via point update)
[bullseye] - calibre <postponed> (Minor issue; fix after bookworm)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
@@ -26381,7 +26382,7 @@ CVE-2025-10487 (The Advanced Ads \u2013Ad Manager & AdSense plugin for WordPress
NOT-FOR-US: WordPress plugin
CVE-2025-12464 (A stack-based buffer overflow was found in the QEMU e1000 network devi ...)
- qemu 1:10.1.3+ds-1 (bug #1119917)
- [trixie] - qemu <no-dsa> (Minor issue)
+ [trixie] - qemu 1:10.0.7+ds-0+deb13u1
[bookworm] - qemu <not-affected> (Vulnerable code introduced later)
[bullseye] - qemu <not-affected> (Vulnerable code introduced later)
NOTE: https://gitlab.com/qemu-project/qemu/-/issues/3043
@@ -28027,7 +28028,7 @@ CVE-2025-62725 (Docker Compose trusts the path information embedded in remote OC
NOTE: Fixed by: https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176 (v2.40.2)
CVE-2025-62594 (ImageMagick is a software suite to create, edit, compose, or convert b ...)
- imagemagick 8:7.1.2.8+dfsg1-1 (bug #1119296)
- [trixie] - imagemagick <no-dsa> (Minor issue)
+ [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
[bookworm] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
[bullseye] - imagemagick <not-affected> (Vulnerable code not present, specific to IM7)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wpp4-vqfq-v4hp
@@ -30478,7 +30479,7 @@ CVE-2025-5496 (ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4
NOT-FOR-US: Zoho
CVE-2025-59438 (Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.)
- mbedtls 3.6.5-0.1 (bug #1118752)
- [trixie] - mbedtls <no-dsa> (Will be fixed via point release update)
+ [trixie] - mbedtls 3.6.5-0.1~deb13u1
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/
NOTE: https://github.com/Mbed-TLS/mbedtls/commit/155de2ab775e77ab6fa81bf2b1e6e63768123bc1 (mbedtls-3.6.5)
NOTE: https://github.com/Mbed-TLS/mbedtls/commit/d179dc80a5b13189c79fe4531eacb28698a7a0e9 (mbedtls-3.6.5)
@@ -30690,7 +30691,7 @@ CVE-2025-60781 (PHP Education Manager v1.0 is vulnerable to Cross Site Scripting
NOT-FOR-US: PHP Education Manager
CVE-2025-54764 (Mbed TLS before 3.6.5 allows a local timing attack against certain RSA ...)
- mbedtls 3.6.5-0.1 (bug #1118750)
- [trixie] - mbedtls <no-dsa> (Will be fixed via point release update)
+ [trixie] - mbedtls 3.6.5-0.1~deb13u1
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/
CVE-2025-26392 (SolarWinds Observability Self-Hosted is susceptible to SQL injection v ...)
NOT-FOR-US: SolarWinds
@@ -36754,7 +36755,7 @@ CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but
NOTE: Fixed in: 6.0.41, 7.0.18, 7.2.12, 7.4.2
CVE-2025-11234 (A flaw was found in QEMU. If the QIOChannelWebsock object is freed whi ...)
- qemu 1:10.1.3+ds-1 (bug #1117153)
- [trixie] - qemu <no-dsa> (Minor issue)
+ [trixie] - qemu 1:10.0.7+ds-0+deb13u1
[bookworm] - qemu <no-dsa> (Minor issue)
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg06566.html
@@ -56644,7 +56645,7 @@ CVE-2024-40588 (Multiple relative path traversal vulnerabilities [CWE-23] in For
NOT-FOR-US: Fortinet
CVE-2024-38805 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
- edk2 2025.02-9 (bug #1111100)
- [trixie] - edk2 <no-dsa> (Minor issue)
+ [trixie] - edk2 2025.02-8+deb13u1
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x
@@ -57592,7 +57593,7 @@ CVE-2025-46659 (An issue was discovered in ExonautWeb in 4C Strategies Exonaut 2
NOT-FOR-US: 4C Strategies
CVE-2025-3770 (EDK2 contains a vulnerability in BIOS where an attacker may cause \u20 ...)
- edk2 2025.02-9 (bug #1110533)
- [trixie] - edk2 <no-dsa> (Minor issue)
+ [trixie] - edk2 2025.02-8+deb13u1
[bookworm] - edk2 <no-dsa> (Minor issue)
[bullseye] - edk2 <postponed> (minor; likely a concern only on real hardware; used on S3 handling on qemu)
NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-vx5v-4gg6-6qxr
@@ -58365,7 +58366,7 @@ CVE-2025-54130 (Cursor is a code editor built for programming with AI. Cursor al
CVE-2025-54119 (ADOdb is a PHP database class library that provides abstractions for p ...)
{DLA-4340-1}
- libphp-adodb 5.22.10-0.1 (bug #1110464)
- [trixie] - libphp-adodb <no-dsa> (Minor issue; can be fixed via point release)
+ [trixie] - libphp-adodb 5.22.9-0.1+deb13u1
[bookworm] - libphp-adodb <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
NOTE: https://github.com/ADOdb/ADOdb/issues/1083
@@ -58574,7 +58575,7 @@ CVE-2025-8506 (A vulnerability was found in 495300897 wx-shop up to de1b66331368
CVE-2025-54956 (The gh package before 1.5.0 for R delivers an HTTP response in a data ...)
{DLA-4378-1}
- r-cran-gh 1.5.0-1 (bug #1110481)
- [trixie] - r-cran-gh <no-dsa> (Minor issue)
+ [trixie] - r-cran-gh 1.4.1-1+deb13u1
[bookworm] - r-cran-gh <no-dsa> (Minor issue)
NOTE: https://github.com/r-lib/gh/issues/222
NOTE: https://github.com/r-lib/gh/commit/b575d488c71318449cc6c8c989c617db29275848 (v1.5.0)
@@ -68965,14 +68966,14 @@ CVE-2025-53076 (Improper Input Validation vulnerability in Samsung Open Source r
NOTE: Fxied by: https://github.com/Samsung/rlottie/commit/36ddb42d78d1b13c1b1d7e1699aef8a9f339ab6f
CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source rLottie ...)
- rlottie 0.1+dfsg-4.3 (bug #1109341)
- [trixie] - rlottie <no-dsa> (Minor issue)
+ [trixie] - rlottie 0.1+dfsg-4.2+deb13u1
[bookworm] - rlottie <no-dsa> (Minor issue)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows ...)
- rlottie 0.1+dfsg-4.3 (bug #1109341)
- [trixie] - rlottie <no-dsa> (Minor issue)
+ [trixie] - rlottie 0.1+dfsg-4.2+deb13u1
[bookworm] - rlottie <no-dsa> (Minor issue)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
@@ -69003,7 +69004,7 @@ CVE-2025-38087 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/b160766e26d4e2e2d6fe2294e0b02f92baefcec5 (6.16-rc3)
CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie allows Rem ...)
- rlottie 0.1+dfsg-4.3 (bug #1109341)
- [trixie] - rlottie <no-dsa> (Minor issue)
+ [trixie] - rlottie 0.1+dfsg-4.2+deb13u1
[bookworm] - rlottie <no-dsa> (Minor issue)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
@@ -121612,7 +121613,7 @@ CVE-2024-13176 (Issue summary: A timing side-channel which could potentially all
- openssl 3.4.1-1 (bug #1094027)
[bookworm] - openssl 3.0.16-1~deb12u1
- edk2 2025.02-9
- [trixie] - edk2 <no-dsa> (Minor issue)
+ [trixie] - edk2 2025.02-8+deb13u1
[bookworm] - edk2 <no-dsa> (Minor issue)
NOTE: https://openssl-library.org/news/secadv/20250120.txt
NOTE: https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f (openssl-3.4.1)
=====================================
data/next-point-update.txt
=====================================
@@ -1,127 +1,3 @@
-CVE-2025-64486
- [trixie] - calibre 8.5.0+ds-1+deb13u1
-CVE-2025-64507
- [trixie] - lxd 5.0.2+git20231211.1364ae4-9+deb13u2
-CVE-2025-64500
- [trixie] - symfony 6.4.21+dfsg-2+deb13u1
-CVE-2025-54119
- [trixie] - libphp-adodb 5.22.9-0.1+deb13u1
-CVE-2025-13033
- [trixie] - node-nodemailer 6.10.0+~6.4.17-1+deb13u1
-CVE-2025-9820
- [trixie] - gnutls28 3.8.9-3+deb13u1
-CVE-2025-64503
- [trixie] - libcupsfilters 2.0.0-3+deb13u1
-CVE-2025-57812
- [trixie] - libcupsfilters 2.0.0-3+deb13u1
-CVE-2025-64503
- [trixie] - cups-filters 1.28.17-6+deb13u1
-CVE-2025-57812
- [trixie] - cups-filters 1.28.17-6+deb13u1
-CVE-2025-64524
- [trixie] - cups-filters 1.28.17-6+deb13u1
-CVE-2025-54956
- [trixie] - r-cran-gh 1.4.1-1+deb13u1
-CVE-2025-0634
- [trixie] - rlottie 0.1+dfsg-4.2+deb13u1
-CVE-2025-53075
- [trixie] - rlottie 0.1+dfsg-4.2+deb13u1
-CVE-2025-53074
- [trixie] - rlottie 0.1+dfsg-4.2+deb13u1
-CVE-2025-12748
- [trixie] - libvirt 11.3.0-3+deb13u2
-CVE-2025-13193
- [trixie] - libvirt 11.3.0-3+deb13u2
-CVE-2025-10158
- [trixie] - rsync 3.4.1+ds1-5+deb13u1
-CVE-2025-13601
- [trixie] - glib2.0 2.84.4-3~deb13u2
-CVE-2025-14087
- [trixie] - glib2.0 2.84.4-3~deb13u2
-CVE-2025-14512
- [trixie] - glib2.0 2.84.4-3~deb13u2
-CVE-2025-12464
- [trixie] - qemu 1:10.0.7+ds-0+deb13u1
-CVE-2025-11234
- [trixie] - qemu 1:10.0.7+ds-0+deb13u1
-CVE-2025-68462
- [trixie] - freedombox 25.9.3+deb13u1
-CVE-2025-12119
- [trixie] - mongo-c-driver 1.30.4-1+deb13u1
-CVE-2025-64344
- [trixie] - suricata 1:7.0.10-1+deb13u2
-CVE-2025-64333
- [trixie] - suricata 1:7.0.10-1+deb13u2
-CVE-2025-64332
- [trixie] - suricata 1:7.0.10-1+deb13u2
-CVE-2025-64331
- [trixie] - suricata 1:7.0.10-1+deb13u2
-CVE-2025-64330
- [trixie] - suricata 1:7.0.10-1+deb13u2
-CVE-2025-12819
- [trixie] - pgbouncer 1.24.1-1+deb13u1
-CVE-2025-66200
- [trixie] - apache2 2.4.66-1~deb13u1
-CVE-2025-65082
- [trixie] - apache2 2.4.66-1~deb13u1
-CVE-2025-58098
- [trixie] - apache2 2.4.66-1~deb13u1
-CVE-2025-55753
- [trixie] - apache2 2.4.66-1~deb13u1
-CVE-2025-59391
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65493
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65494
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65495
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65496
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65497
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65498
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65499
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65500
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-65501
- [trixie] - libcoap3 4.3.4-1.1+deb13u2
-CVE-2025-14010
- [trixie] - ansible 12.0.0+dfsg-0+deb13u1
-CVE-2025-63498
- [trixie] - sogo 5.12.1-3+deb13u1
-CVE-2025-63499
- [trixie] - sogo 5.12.1-3+deb13u1
-CVE-2025-62594
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
-CVE-2025-65955
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
-CVE-2025-66628
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
-CVE-2025-68618
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
-CVE-2025-68950
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
-CVE-2025-69204
- [trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
-CVE-2025-68973
- [trixie] - gnupg2 2.4.7-21+deb13u1
-CVE-2025-67746
- [trixie] - composer 2.8.8-1+deb13u1
-CVE-2025-67897
- [trixie] - rust-sequoia-openpgp 2.0.0-2+deb13u1
-CVE-2025-54764
- [trixie] - mbedtls 3.6.5-0.1~deb13u1
-CVE-2025-59438
- [trixie] - mbedtls 3.6.5-0.1~deb13u1
-CVE-2024-13176
- [trixie] - edk2 2025.02-8+deb13u1
-CVE-2024-38805
- [trixie] - edk2 2025.02-8+deb13u1
-CVE-2025-3770
- [trixie] - edk2 2025.02-8+deb13u1
CVE-2025-68146
[trixie] - python-filelock 3.18.0-1+deb13u1
CVE-2025-61984
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84a1de1d7eac178a126aff38c53dcfe3ca4fea33...f20c27117b4757304e71f69fabce2dd677c192df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/84a1de1d7eac178a126aff38c53dcfe3ca4fea33...f20c27117b4757304e71f69fabce2dd677c192df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/b6ea6665/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list