[Git][security-tracker-team/security-tracker][master] 3 commits: Remove entries for pagure (removed from bookworm)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jan 10 11:07:41 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5792aed0 by Salvatore Bonaccorso at 2026-01-10T11:48:56+01:00
Remove entries for pagure (removed from bookworm)
- - - - -
573ee4ea by Salvatore Bonaccorso at 2026-01-10T11:48:58+01:00
Merge changes for updates with CVEs via bookworm 12.13
- - - - -
c9c8cc23 by Salvatore Bonaccorso at 2026-01-10T12:07:34+01:00
Merge branch 'bookworm-12.13' into 'master'
Merge changes accepted for bookworm 12.13 release
See merge request security-tracker-team/security-tracker!255
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4346,7 +4346,7 @@ CVE-2025-69204 (ImageMagick is free and open-source software used for editing an
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hrh7-j8q2-4qcw
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2c08c2311693759153c9aa99a6b2dcb5f985681e (7.1.2-12)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c46bc2a29d0712499173c6ffda1d38d7dc8861f5 (6.9.13-37)
@@ -4468,7 +4468,7 @@ CVE-2025-68950 (ImageMagick is free and open-source software used for editing an
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7rvh-xqp3-pr8j
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/204718c2211903949dcfc0df8e65ed066b008dec (7.1.2-12)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/5655e26ee9032a208ad9add1fde2877205d5e540 (6.9.13-37)
@@ -4478,7 +4478,7 @@ CVE-2025-68618 (ImageMagick is free and open-source software used for editing an
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p27m-hp98-6637
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6f431d445f3ddd609c004a1dde617b0a73e60beb (7.1.2-12)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/693c8497290ea0c7cac75d3068ea4fa70d7d507e (6.9.13-37)
@@ -4642,7 +4642,7 @@ CVE-2022-50597
CVE-2025-67746 (Composer is a dependency manager for PHP. In versions on the 2.x branc ...)
- composer 2.9.3-1
[trixie] - composer 2.8.8-1+deb13u1
- [bookworm] - composer <no-dsa> (Minor issue)
+ [bookworm] - composer 2.5.5-1+deb12u3
[bullseye] - composer <postponed> (Minor issue, terminal control characters sanitization)
NOTE: https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
NOTE: Fixed by: https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71 (2.9.3)
@@ -6056,6 +6056,7 @@ CVE-2025-14269
CVE-2025-68973 (In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments ...)
- gnupg2 2.4.8-5 (bug #1124221)
[trixie] - gnupg2 2.4.7-21+deb13u1
+ [bookworm] - gnupg2 2.2.40-1.1+deb12u2
NOTE: https://gpg.fail/memcpy
NOTE: https://dev.gnupg.org/T7906
NOTE: https://www.openwall.com/lists/oss-security/2025/12/28/5
@@ -9356,7 +9357,7 @@ CVE-2025-7047 (Missing Authorization vulnerability in Utarit Informatics Service
CVE-2025-68469 (ImageMagick is free and open-source software used for editing and mani ...)
{DLA-4429-1}
- imagemagick 8:6.9.12.98+dfsg1-2
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fff3-4rp7-px97
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ac1f7ca1d88e14d30e5ae9bd30aad150bdbec20e (7.1.1-13)
@@ -13561,7 +13562,7 @@ CVE-2025-66628 (ImageMagick is a software suite to create, edit, compose, or con
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1 (bug #1122584)
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hjr-v6g4-3fm8
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bdae0681ad1e572defe62df85834218f01e6d670 (7.1.2-10)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7779f1ff772dfabe545c67fb2f3bfa8f7a845a2d (6.9.13-35)
@@ -17447,7 +17448,7 @@ CVE-2025-63499 (Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) v
{DLA-4434-1}
- sogo 5.12.4-1.2 (bug #1121952)
[trixie] - sogo 5.12.1-3+deb13u1
- [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [bookworm] - sogo 5.8.0-2+deb12u1
NOTE: Fixed by: https://github.com/Alinto/sogo/commit/16ab99e7cf8db2c30b211f0d5e338d7f9e3a9efb
NOTE: https://github.com/poblaguev-tot/CVE-2025-63499
CVE-2025-63364 (Waveshare RS232/485 TO WIFI ETH (B) Serial to Ethernet/Wi-Fi Gateway F ...)
@@ -17840,14 +17841,14 @@ CVE-2025-40216 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in ...)
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
- [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 2.4.66-1~deb12u1
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
NOTE: https://github.com/apache/httpd/commit/9d26b95787b229a3f6195d7beead774d131eeda1
CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences vulnerab ...)
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
- [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 2.4.66-1~deb12u1
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
NOTE: https://github.com/apache/httpd/commit/e4f00c5eb71d8a7aa1f52b5279832986f669d463
@@ -17857,14 +17858,14 @@ CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache HTT
CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) ...)
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
- [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 2.4.66-1~deb12u1
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
NOTE: https://github.com/apache/httpd/commit/ecc1b8f3817e3dcab9c1f24f905752d3c0a279af
CVE-2025-55753 (An integer overflow in the case of failed ACME certificate renewal lea ...)
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
- [bookworm] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 2.4.66-1~deb12u1
[bullseye] - apache2 <postponed> (Minor issue)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
NOTE: https://github.com/apache/httpd/commit/ab9dd8e2cfe7d62efe5ff8925fbef1de756a2fc2
@@ -18072,7 +18073,7 @@ CVE-2025-12819 (Untrusted search path in auth_query connection handler in PgBoun
{DLA-4422-1}
- pgbouncer 1.25.1-1
[trixie] - pgbouncer 1.24.1-1+deb13u1
- [bookworm] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer 1.18.0-1+deb12u1
NOTE: https://www.pgbouncer.org/changelog.html#pgbouncer-125x
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/85acffac5ddf56657706812f600c5f7f477abbab (pgbouncer_1_25_1)
CVE-2025-12744 (A flaw was found in the ABRT daemon\u2019s handling of user-supplied m ...)
@@ -18132,7 +18133,7 @@ CVE-2025-65955 (ImageMagick is free and open-source software used for editing an
{DLA-4429-1}
- imagemagick 8:7.1.2.12+dfsg1-1 (bug #1122827)
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u4
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q3hc-j9x5-mp9m
NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick/commit/6409f34d637a34a1c643632aa849371ec8b3b5a8 (7.0.1-0)
NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/389ba19fa12920416a02f05abf11e40f3d44b4da (6.9.4-0)
@@ -19474,7 +19475,7 @@ CVE-2025-14512 (A flaw was found in glib. This vulnerability allows a heap buffe
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1122346)
[trixie] - glib2.0 2.84.4-3~deb13u2
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u8
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3845
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4936
@@ -19483,7 +19484,7 @@ CVE-2025-14087 (A flaw was found in GLib (Gnome Lib). This vulnerability allows
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1122347)
[trixie] - glib2.0 2.84.4-3~deb13u2
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u8
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3834
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4934
@@ -19494,7 +19495,7 @@ CVE-2025-13601 (A heap-based buffer overflow problem was found in glib through a
{DLA-4412-1}
- glib2.0 2.86.3-1 (bug #1121488)
[trixie] - glib2.0 2.84.4-3~deb13u2
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u8
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3827
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4915
@@ -19792,7 +19793,7 @@ CVE-2025-63498 (alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) v
{DLA-4386-1}
- sogo 5.12.4-1
[trixie] - sogo 5.12.1-3+deb13u1
- [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [bookworm] - sogo 5.8.0-2+deb12u1
NOTE: https://github.com/Alinto/sogo/commit/9e20190fad1a437f7e1307f0adcfe19a8d45184c (SOGo-5.12.4)
NOTE: https://github.com/xryptoh/CVE-2025-63498
CVE-2025-62691 (Security Point (Windows) of MaLion and MaLionCloud contains a stack-ba ...)
@@ -21201,7 +21202,7 @@ CVE-2025-12174 (The Directorist: AI-Powered Business Directory Plugin with Class
CVE-2025-12119 (A mongoc_bulk_operation_t may read invalid memory if large options are ...)
- mongo-c-driver 2.1.2-1
[trixie] - mongo-c-driver 1.30.4-1+deb13u1
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u2
[bullseye] - mongo-c-driver <postponed> (Minor issue)
NOTE: https://github.com/mongodb/mongo-c-driver/pull/2132
CVE-2025-12057 (The WavePlayer WordPress plugin before 3.8.0 does not have authorizati ...)
@@ -21600,7 +21601,7 @@ CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy plugin
CVE-2025-10158 (A malicious client acting as the receiver of an rsync file transfer ca ...)
- rsync 3.4.1+ds1-7 (bug #1121442)
[trixie] - rsync 3.4.1+ds1-5+deb13u1
- [bookworm] - rsync <no-dsa> (Minor issue)
+ [bookworm] - rsync 3.2.7-1+deb12u4
[bullseye] - rsync <ignored> (Minor issue)
NOTE: Fixed by: https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f
CVE-2025-8727 (There is a vulnerability in the Supermicro BMC web function at Supermi ...)
@@ -22663,7 +22664,7 @@ CVE-2025-64500 (Symfony is a PHP framework for web and console applications and
[experimental] - symfony 8.0.0~beta2+dfsg-2
- symfony 7.4.0~rc1+dfsg-1
[trixie] - symfony 6.4.21+dfsg-2+deb13u1
- [bookworm] - symfony <no-dsa> (Minor issue)
+ [bookworm] - symfony 5.4.23+dfsg-1+deb12u5
[bullseye] - symfony <postponed> (Minor issue)
NOTE: https://github.com/advisories/GHSA-3rg7-wf37-54rm
NOTE: https://github.com/symfony/symfony/commit/9962b91b12bb791322fa73836b350836b6db7cac (v5.4.50, v6.4.29, v7.3.7)
@@ -22939,7 +22940,7 @@ CVE-2025-64524 (cups-filters contains backends, filters, and other software requ
{DLA-4380-1}
- cups-filters 1.28.17-7
[trixie] - cups-filters 1.28.17-6+deb13u1
- [bookworm] - cups-filters <no-dsa> (Minor issue)
+ [bookworm] - cups-filters 1.28.17-3+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/11/20/1
NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq44-2q5p-x3hv
NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/0fe46c511e81062575b05936f804eb18c9f0a011 (master)
@@ -22950,7 +22951,7 @@ CVE-2025-64503 (cups-filters contains backends, filters, and other software requ
[trixie] - libcupsfilters 2.0.0-3+deb13u1
- cups-filters 1.28.17-7 (bug #1120698)
[trixie] - cups-filters 1.28.17-6+deb13u1
- [bookworm] - cups-filters <no-dsa> (Minor issue)
+ [bookworm] - cups-filters 1.28.17-3+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/11/12/2
NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-893j-2wr2-wrh9
NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/50d94ca0f2fa6177613c97c59791bde568631865
@@ -22961,7 +22962,7 @@ CVE-2025-57812 (CUPS is a standards-based, open-source printing system, and `lib
[trixie] - libcupsfilters 2.0.0-3+deb13u1
- cups-filters 1.28.17-7 (bug #1120704)
[trixie] - cups-filters 1.28.17-6+deb13u1
- [bookworm] - cups-filters <no-dsa> (Minor issue)
+ [bookworm] - cups-filters 1.28.17-3+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/11/12/1
NOTE: https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-jpxg-qc2c-hgv4
NOTE: https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-rc6w-jmvv-v7gx
@@ -24456,7 +24457,7 @@ CVE-2025-64488 (SuiteCRM is an open-source, enterprise-ready Customer Relationsh
CVE-2025-64486 (calibre is an e-book manager. In versions 8.13.0 and prior, calibre do ...)
- calibre 8.14.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u1
- [bookworm] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u5
[bullseye] - calibre <postponed> (Minor issue; fix after bookworm)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5 (v8.14.0)
@@ -29939,7 +29940,7 @@ CVE-2025-11750 (In langgenius/dify-web version 1.6.0, the authentication mechani
CVE-2025-11411 (NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to ...)
{DSA-6071-1 DLA-4365-2 DLA-4365-1}
- unbound 1.24.2-1
- [bookworm] - unbound <no-dsa> (Minor issue; will be fixed via point release for more exposure before release)
+ [bookworm] - unbound 1.17.1-2+deb12u4
NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt
NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/a33f0638e1dacf2633cf2292078a674576bca852 (release-1.24.1)
NOTE: The original fix for CVE-2025-11411 was incomplete and required a followup
@@ -31102,7 +31103,7 @@ CVE-2025-62171 (ImageMagick is an open source software suite for displaying, con
{DLA-4339-1}
- imagemagick 8:7.1.2.7+dfsg1-1 (bug #1118340)
[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u3
- [bookworm] - imagemagick <no-dsa> (Minor issue; can be fixed in point release)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9pp9-cfwx-54rm
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/cea1693e2ded51b4cc91c70c54096cbed1691c00 (7.1.2-7)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/456771fae8baa9558a1421ec8d522e6937d9b2d7 (6.9.13-32)
@@ -31558,7 +31559,7 @@ CVE-2025-0274 (HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affe
CVE-2025-11683 (YAML::Syck versions before 1.36 for Perl has missing null-terminators ...)
- libyaml-syck-perl 1.34-4
[trixie] - libyaml-syck-perl 1.34-2+deb13u1
- [bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
+ [bookworm] - libyaml-syck-perl 1.34-2+deb12u1
[bullseye] - libyaml-syck-perl <postponed> (Minor issue)
NOTE: https://github.com/cpan-authors/YAML-Syck/pull/65
NOTE: https://github.com/cpan-authors/YAML-Syck/commit/dcf4c8477b82ef439f43fd20dc099082d096df02 (v1.36)
@@ -31728,7 +31729,7 @@ CVE-2025-11619 (Improper certificate validation when connecting to gateways in D
CVE-2025-11568 (A data corruption vulnerability has been identified in the luksmeta ut ...)
- luksmeta 10-1 (bug #1118280)
[trixie] - luksmeta 9-4+deb13u1
- [bookworm] - luksmeta <no-dsa> (Minor issue)
+ [bookworm] - luksmeta 9-4+deb12u1
[bullseye] - luksmeta <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2404244
NOTE: https://github.com/latchset/luksmeta/pull/16
@@ -31813,13 +31814,13 @@ CVE-2025-9640 (A flaw was found in Samba, in the vfs_streams_xattr module, where
{DLA-4384-1}
- samba 2:4.23.2+dfsg-1
[trixie] - samba 2:4.22.6+dfsg-0+deb13u1
- [bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
+ [bookworm] - samba 2:4.17.12+dfsg-0+deb12u3
NOTE: https://www.samba.org/samba/security/CVE-2025-9640.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15885
CVE-2025-10230 (A flaw was found in Samba, in the front-end WINS hook handling: NetBIO ...)
- samba 2:4.23.2+dfsg-1
[trixie] - samba 2:4.22.6+dfsg-0+deb13u1
- [bookworm] - samba <no-dsa> (Minor issue; will be fixed via point release)
+ [bookworm] - samba 2:4.17.12+dfsg-0+deb12u3
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5477-1)
NOTE: https://www.samba.org/samba/security/CVE-2025-10230.html
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15903
@@ -33403,7 +33404,7 @@ CVE-2025-61925 (Astro is a web framework. Prior to version 5.14.2, Astro reflect
CVE-2025-61921 (Sinatra is a domain-specific language for creating web applications in ...)
- ruby-sinatra 4.2.1-1 (bug #1118290)
[trixie] - ruby-sinatra <ignored> (Minor issue; only a problem together with Ruby < 3.2)
- [bookworm] - ruby-sinatra <no-dsa> (Minor issue)
+ [bookworm] - ruby-sinatra 3.0.5-3+deb12u1
[bullseye] - ruby-sinatra <postponed> (Minor issue)
NOTE: https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
NOTE: https://github.com/sinatra/sinatra/issues/2120
@@ -36756,7 +36757,7 @@ CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving, but
CVE-2025-11234 (A flaw was found in QEMU. If the QIOChannelWebsock object is freed whi ...)
- qemu 1:10.1.3+ds-1 (bug #1117153)
[trixie] - qemu 1:10.0.7+ds-0+deb13u1
- [bookworm] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu 1:7.2+dfsg-7+deb12u18
[bullseye] - qemu <no-dsa> (Minor issue)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2025-09/msg06566.html
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b7a1f2ca45c7865b9e98e02ae605a65fc9458ae9 (v10.2.0-rc1)
@@ -38773,7 +38774,7 @@ CVE-2025-41244 (VMware Aria Operations and VMware Tools contain a local privileg
{DLA-4316-1}
- open-vm-tools 2:13.0.5-1
[trixie] - open-vm-tools 2:12.5.0-2+deb13u1
- [bookworm] - open-vm-tools <no-dsa> (Will be fixed via point release)
+ [bookworm] - open-vm-tools 2:12.2.0-1+deb12u4
NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2025-41244.patch
NOTE: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
CVE-2025-9904 (Unallocated memory access vulnerability in print processing of Generic ...)
@@ -39214,7 +39215,7 @@ CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. T
{DLA-4369-1}
- squid 7.2-1 (bug #1117048)
[trixie] - squid 6.13-2+deb13u1
- [bookworm] - squid <no-dsa> (Minor issue)
+ [bookworm] - squid 5.7-2+deb12u5
NOTE: https://github.com/squid-cache/squid/pull/2149
NOTE: https://github.com/squid-cache/squid/commit/250a18e0a80694b919972a1836cdfe20f2e1baa0 (master)
NOTE: https://github.com/squid-cache/squid/commit/0d89165ee6da10e6fa50c44998b3cd16d59400e9 (v7)
@@ -45642,7 +45643,7 @@ CVE-2025-10359 (A vulnerability was detected in Wavlink WL-WN578W2 221110. This
CVE-2025-59518 (In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS ...)
- lemonldap-ng 2.21.3+ds-1
[trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
- [bookworm] - lemonldap-ng <no-dsa> (Minor issue)
+ [bookworm] - lemonldap-ng 2.16.1+ds-deb12u7
[bullseye] - lemonldap-ng <postponed> (Minor issue; can be piggybacked with future DLA)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3462
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3470
@@ -45653,7 +45654,7 @@ CVE-2025-59518 (In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21
CVE-2025-XXXX [session id exposed in portal AJAX responses]
- lemonldap-ng 2.21.3+ds-1
[trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
- [bookworm] - lemonldap-ng <no-dsa> (Minor issue)
+ [bookworm] - lemonldap-ng 2.16.1+ds-deb12u7
[bullseye] - lemonldap-ng <postponed> (Minor issue; can be piggybacked with future DLA)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3446
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/a091e9b3f81fd33da1da8479e7ac442633db49c5 (v2.21.3)
@@ -46765,7 +46766,7 @@ CVE-2025-8277 (A flaw was found in libssh's handling of key exchange (KEX) proce
{DLA-4385-1}
- libssh 0.11.3-1 (bug #1114859)
[trixie] - libssh 0.11.2-1+deb13u1
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383888
NOTE: https://www.libssh.org/security/advisories/CVE-2025-8277.txt
NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=ffed80f8c078122990a4eba2b275facd56dd43e0
@@ -49614,7 +49615,7 @@ CVE-2025-9714 (Uncontrolled recursion inXPath evaluationin libxml2 up to and inc
{DLA-4319-1}
- libxml2 2.14.5+dfsg-0.1
[trixie] - libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u2
- [bookworm] - libxml2 <no-dsa> (Minor issue; can be piggy-backed in a future update)
+ [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u5
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2392605
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 (v2.10.0)
@@ -52240,7 +52241,7 @@ CVE-2025-54813 (Improper Output Neutralization for Logs vulnerability in Apache
{DLA-4322-1}
- log4cxx 1.4.0-1.1 (bug #1111881)
[trixie] - log4cxx 1.4.0-1+deb13u1
- [bookworm] - log4cxx <no-dsa> (Minor issue)
+ [bookworm] - log4cxx 1.0.0-1+deb12u1
NOTE: https://logging.apache.org/security.html#CVE-2025-54813
NOTE: https://github.com/apache/logging-log4cxx/pull/512
NOTE: Fixed by: https://github.com/apache/logging-log4cxx/commit/a799c934545311ff4179c68e16bbeb02b5c66348 (rel/v1.5.0, v1.5.0-RC1)
@@ -52248,7 +52249,7 @@ CVE-2025-54812 (Improper Output Neutralization for Logs vulnerability in Apache
{DLA-4322-1}
- log4cxx 1.4.0-1.1 (bug #1111879)
[trixie] - log4cxx 1.4.0-1+deb13u1
- [bookworm] - log4cxx <no-dsa> (Minor issue)
+ [bookworm] - log4cxx 1.0.0-1+deb12u1
NOTE: https://logging.apache.org/security.html#CVE-2025-54812
NOTE: https://github.com/apache/logging-log4cxx/pull/509
NOTE: https://github.com/apache/logging-log4cxx/commit/1c599de956ae9eedd8b5e3f744bfb867c39e8bba (rel/v1.5.0, rv1.5.0-RC1)
@@ -57980,7 +57981,7 @@ CVE-2025-54571 (ModSecurity is an open source, cross platform web application fi
{DLA-4294-1}
- modsecurity-apache 2.9.12-2 (bug #1110480)
[trixie] - modsecurity-apache 2.9.11-1+deb13u1
- [bookworm] - modsecurity-apache <no-dsa> (Minor issue; will be fixed via point release)
+ [bookworm] - modsecurity-apache 2.9.7-1+deb12u2
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-cg44-9m43-3f9v
NOTE: https://github.com/owasp-modsecurity/ModSecurity/issues/2514
NOTE: Fixed by: https://github.com/owasp-modsecurity/ModSecurity/commit/dfbde557acc41d858dbe04d4b6eaec64478347ff (v2.9.12)
@@ -58367,7 +58368,7 @@ CVE-2025-54119 (ADOdb is a PHP database class library that provides abstractions
{DLA-4340-1}
- libphp-adodb 5.22.10-0.1 (bug #1110464)
[trixie] - libphp-adodb 5.22.9-0.1+deb13u1
- [bookworm] - libphp-adodb <no-dsa> (Minor issue; can be fixed via point release)
+ [bookworm] - libphp-adodb 5.21.4-1+deb12u2
NOTE: https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
NOTE: https://github.com/ADOdb/ADOdb/issues/1083
NOTE: Fixed by: https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03 (v5.22.10)
@@ -58576,7 +58577,7 @@ CVE-2025-54956 (The gh package before 1.5.0 for R delivers an HTTP response in a
{DLA-4378-1}
- r-cran-gh 1.5.0-1 (bug #1110481)
[trixie] - r-cran-gh 1.4.1-1+deb13u1
- [bookworm] - r-cran-gh <no-dsa> (Minor issue)
+ [bookworm] - r-cran-gh 1.4.0-1+deb12u1
NOTE: https://github.com/r-lib/gh/issues/222
NOTE: https://github.com/r-lib/gh/commit/b575d488c71318449cc6c8c989c617db29275848 (v1.5.0)
CVE-2024-52279 (Improper Input Validation vulnerability in Apache Zeppelin. The fix fo ...)
@@ -60325,7 +60326,7 @@ CVE-2025-8182 (A vulnerability has been found in Tenda AC18 15.03.05.19 and clas
CVE-2025-23286 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers <unfixed> (bug #1109907)
[trixie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.261.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1109908)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1109909)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <ignored> (Non-free not supported)
@@ -60342,7 +60343,7 @@ CVE-2025-23286 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1109915)
[trixie] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.261.03-1
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.274.02-1 (bug #1109916)
[trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
@@ -60351,7 +60352,7 @@ CVE-2025-23286 (NVIDIA GPU Display Driver for Windows and Linux contains a vulne
CVE-2025-23279 (NVIDIA .run Installer for Linux and Solaris contains a vulnerability w ...)
- nvidia-graphics-drivers <unfixed> (bug #1109907)
[trixie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.261.03-1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1109908)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1109909)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <ignored> (Non-free not supported)
@@ -60368,7 +60369,7 @@ CVE-2025-23279 (NVIDIA .run Installer for Linux and Solaris contains a vulnerabi
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1109915)
[trixie] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.261.03-1
- nvidia-graphics-drivers-tesla-535 535.261.03-1 (bug #1109916)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1109917)
@@ -61199,7 +61200,7 @@ CVE-2025-8114 (A flaw was found in libssh, a library that implements the SSH pro
{DLA-4385-1}
- libssh 0.11.3-1 (bug #1109860)
[trixie] - libssh 0.11.2-1+deb13u1
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383220
NOTE: https://gitlab.com/libssh/libssh-mirror/-/issues/317
NOTE: https://www.libssh.org/security/advisories/CVE-2025-8114.txt
@@ -64549,10 +64550,10 @@ CVE-2025-48924 (Uncontrolled Recursion vulnerability in Apache Commons Lang. Th
{DLA-4286-1 DLA-4262-1}
- libcommons-lang3-java 3.17.0-2 (bug #1109125)
[trixie] - libcommons-lang3-java 3.17.0-1+deb13u1
- [bookworm] - libcommons-lang3-java <no-dsa> (Minor issue)
+ [bookworm] - libcommons-lang3-java 3.12.0-2+deb12u1
- libcommons-lang-java 2.6-11 (bug #1109126)
[trixie] - libcommons-lang-java 2.6-10+deb13u1
- [bookworm] - libcommons-lang-java <no-dsa> (Minor issue)
+ [bookworm] - libcommons-lang-java 2.6-10+deb12u1
NOTE: https://www.openwall.com/lists/oss-security/2025/07/11/1
NOTE: https://github.com/apache/commons-lang/commit/b424803abdb2bec818e4fbcb251ce031c22aca53 (commons-lang-3.18.0-RC1)
CVE-2025-7442 (The WPGYM - Wordpress Gym Management System plugin for WordPress is vu ...)
@@ -65802,7 +65803,7 @@ CVE-2025-7362 (The MsUpload extension for MediaWiki is vulnerable to stored XSS
CVE-2025-7345 (A flaw exists in gdk\u2011pixbuf within the gdk_pixbuf__jpeg_image_loa ...)
{DLA-4344-1}
- gdk-pixbuf 2.42.12+dfsg-4 (bug #1109262)
- [bookworm] - gdk-pixbuf <postponed> (Minor issue)
+ [bookworm] - gdk-pixbuf 2.42.10+dfsg-1+deb12u3
NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249
CVE-2025-7326 (Weak authentication in EOLASP.NET Core allows an unauthorized attacker ...)
NOT-FOR-US: EOLASP.NET Core
@@ -68967,14 +68968,14 @@ CVE-2025-53076 (Improper Input Validation vulnerability in Samsung Open Source r
CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source rLottie ...)
- rlottie 0.1+dfsg-4.3 (bug #1109341)
[trixie] - rlottie 0.1+dfsg-4.2+deb13u1
- [bookworm] - rlottie <no-dsa> (Minor issue)
+ [bookworm] - rlottie 0.1+dfsg-4+deb12u1
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows ...)
- rlottie 0.1+dfsg-4.3 (bug #1109341)
[trixie] - rlottie 0.1+dfsg-4.2+deb13u1
- [bookworm] - rlottie <no-dsa> (Minor issue)
+ [bookworm] - rlottie 0.1+dfsg-4+deb12u1
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
@@ -69005,7 +69006,7 @@ CVE-2025-38087 (In the Linux kernel, the following vulnerability has been resolv
CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie allows Rem ...)
- rlottie 0.1+dfsg-4.3 (bug #1109341)
[trixie] - rlottie 0.1+dfsg-4.2+deb13u1
- [bookworm] - rlottie <no-dsa> (Minor issue)
+ [bookworm] - rlottie 0.1+dfsg-4+deb12u1
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE: https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
@@ -70276,7 +70277,7 @@ CVE-2025-6032 (A flaw was found in Podman. The podman machine init command fails
NOTE: Fixed by: https://github.com/containers/podman/commit/1569c209829530b1f42e8c2fce851de8003ab3fe (v5.5.2)
CVE-2025-5987 (A flaw was found in libssh when using the ChaCha20 cipher with the Ope ...)
- libssh 0.11.2-1 (bug #1108407)
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
[bullseye] - libssh <not-affected> (Vulnerable code introduced later)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5987.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57 (libssh-0.11.2)
@@ -70293,32 +70294,32 @@ CVE-2025-5449 (A flaw was found in the SFTP server message decoding logic of lib
CVE-2025-5372 (A flaw was found in libssh versions built with OpenSSL versions older ...)
{DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5372.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=a9d8a3d44829cf9182b252bc951f35fb0d573972 (libssh-0.11.2)
CVE-2025-5351 (A flaw was found in the key export functionality of libssh. The issue ...)
- libssh 0.11.2-1 (bug #1108407)
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
[bullseye] - libssh <not-affected> (Vulnerable code introduced later)
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5351.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6ddb730a27338983851248af59b128b995aad256 (libssh-0.11.2)
CVE-2025-5318 (A flaw was found in the libssh library in versions less than 0.11.2. A ...)
{DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
NOTE: https://www.libssh.org/security/advisories/CVE-2025-5318.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 (libssh-0.11.2)
CVE-2025-4878 (A vulnerability was found in libssh, where an uninitialized variable e ...)
{DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4878.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 (libssh-0.11.2)
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb (libssh-0.11.2)
CVE-2025-4877 (There's a vulnerability in the libssh package where when a libssh cons ...)
{DLA-4385-1}
- libssh 0.11.2-1 (bug #1108407)
- [bookworm] - libssh <no-dsa> (Minor issue)
+ [bookworm] - libssh 0.10.6-0+deb12u2
NOTE: https://www.libssh.org/security/advisories/CVE-2025-4877.txt
NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d (libssh-0.11.2)
CVE-2025-5087 (Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely usin ...)
@@ -73536,7 +73537,7 @@ CVE-2025-6020 (A flaw was found in linux-pam. The module pam_namespace may use a
{DLA-4306-1}
[experimental] - pam 1.7.0-4
- pam 1.7.0-5 (bug #1107919)
- [bookworm] - pam <no-dsa> (Can be fixed via point release)
+ [bookworm] - pam 1.5.2-6+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/06/17/1
NOTE: https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e (v1.7.1)
@@ -77071,7 +77072,7 @@ CVE-2025-30415 (Denial of service due to improper handling of malformed input. T
CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1107519)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-2336
NOTE: PoC: https://codepen.io/herodevs/pen/bNGYaXx/412a3a4218387479898912f60c269c6c
CVE-2025-29094 (Cross Site Scripting vulnerability in Motivian Content Mangment System ...)
@@ -85569,7 +85570,7 @@ CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, for
CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...)
{DLA-4182-1}
- syslog-ng 4.8.1-5 (bug #1104890)
- [bookworm] - syslog-ng <no-dsa> (Minor issue)
+ [bookworm] - syslog-ng 3.38.1-5+deb12u1
NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
NOTE: https://github.com/syslog-ng/syslog-ng/issues/5360
NOTE: Fixed by: https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006 (develop)
@@ -86385,7 +86386,7 @@ CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. I
CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It ...)
{DLA-4215-1}
- ublock-origin 1.62.0+dfsg-2 (bug #1104635)
- [bookworm] - ublock-origin <no-dsa> (Minor issue)
+ [bookworm] - ublock-origin 1.62.0+dfsg-0+deb12u1
NOTE: https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c (1.63.3b17)
CVE-2025-4199 (The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Sit ...)
NOT-FOR-US: WordPress plugin
@@ -88683,7 +88684,7 @@ CVE-2025-1194 (A Regular Expression Denial of Service (ReDoS) vulnerability was
CVE-2025-0716 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1104485)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-0716
NOTE: PoC: https://codepen.io/herodevs/pen/qEWQmpd/a86a0d29310e12c7a3756768e6c7b915
CVE-2025-0520 (An unrestricted file upload vulnerability in ShowDoc caused by imprope ...)
@@ -90213,7 +90214,7 @@ CVE-2024-46546 (NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain
CVE-2024-33452 (An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a r ...)
{DLA-4228-1}
- libnginx-mod-http-lua 1:0.10.27-1
- [bookworm] - libnginx-mod-http-lua <no-dsa> (Minor issue)
+ [bookworm] - libnginx-mod-http-lua 1:0.10.23-1+deb12u1
- nginx 1.22.0-3
NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package
NOTE: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
@@ -91880,7 +91881,7 @@ CVE-2025-2564 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <=
CVE-2025-2291 (Password can be used past expiry in PgBouncer due to auth_query not ta ...)
{DLA-4180-1}
- pgbouncer 1.24.1-1 (bug #1103394)
- [bookworm] - pgbouncer <no-dsa> (Minor issue)
+ [bookworm] - pgbouncer 1.18.0-1+deb12u1
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/9912ee7f1af2e1b81d4d624a0da1cb49075ee78a (pgbouncer_1_24_1)
CVE-2025-29905 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
NOT-FOR-US: Siemens
@@ -97477,7 +97478,7 @@ CVE-2025-30354 (Bruno is an open source IDE for exploring and testing APIs. A bu
CVE-2025-30224 (MyDumper is a MySQL Logical Backup Tool. The MySQL C client library (l ...)
{DLA-4190-1}
- mydumper 0.10.1-2 (bug #1102002)
- [bookworm] - mydumper <no-dsa> (Minor issue)
+ [bookworm] - mydumper 0.10.1-1+deb12u2
NOTE: https://github.com/mydumper/mydumper/security/advisories/GHSA-r8qc-xp3g-c458
NOTE: Fixed by: https://github.com/mydumper/mydumper/commit/30b2fe12694269ff49b681a605cfc51770b5279d (v0.18.2-9)
CVE-2025-30210 (Bruno is an open source IDE for exploring and testing APIs. Prior to 1 ...)
@@ -113909,13 +113910,13 @@ CVE-2021-46686 (Improper neutralization of special elements used in an OS comman
CVE-2024-57259 (sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-on ...)
{DLA-4150-1}
- u-boot 2025.01-1 (bug #1098254)
- [bookworm] - u-boot <no-dsa> (Minor issue)
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e (v2025.01-rc1)
CVE-2024-57258 (Integer overflows in memory allocation in Das U-Boot before 2025.01-rc ...)
{DLA-4150-1}
- u-boot 2025.01-1 (bug #1098254)
- [bookworm] - u-boot <no-dsa> (Minor issue)
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3 (v2025.01-rc1)
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f (v2025.01-rc1)
@@ -113923,25 +113924,25 @@ CVE-2024-57258 (Integer overflows in memory allocation in Das U-Boot before 2025
CVE-2024-57257 (A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc ...)
{DLA-4150-1}
- u-boot 2025.01-1 (bug #1098254)
- [bookworm] - u-boot <no-dsa> (Minor issue)
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34 (v2025.01-rc1)
CVE-2024-57256 (An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.0 ...)
{DLA-4150-1}
- u-boot 2025.01-1 (bug #1098254)
- [bookworm] - u-boot <no-dsa> (Minor issue)
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9 (v2025.01-rc1)
CVE-2024-57255 (An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025. ...)
{DLA-4150-1}
- u-boot 2025.01-1 (bug #1098254)
- [bookworm] - u-boot <no-dsa> (Minor issue)
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356 (v2025.01-rc1)
CVE-2024-57254 (An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc ...)
{DLA-4150-1}
- u-boot 2025.01-1 (bug #1098254)
- [bookworm] - u-boot <no-dsa> (Minor issue)
+ [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d (v2025.01-rc1)
CVE-2024-57262 (In barebox before 2025.01.0, ext4fs_read_symlink has an integer overfl ...)
@@ -130481,25 +130482,21 @@ CVE-2024-53961 (ColdFusion versions 2023.11, 2021.17 and earlier are affected by
CVE-2024-4982 (A directory traversal vulnerability was discovered in Pagure server. I ...)
{DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
- [bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280726
NOTE: Fixed by: https://pagure.io/pagure/c/c43844d23c919133fc983fe8c0f1dfb3b86e67d0 (5.14.1)
CVE-2024-4981 (A vulnerability was discovered in Pagure server. If a malicious user w ...)
{DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
- [bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2280723
NOTE: Fixed by: https://pagure.io/pagure/c/454f2677bc50d7176f07da9784882eb2176537f4 (5.14.1)
CVE-2024-47516 (A vulnerability was found in Pagure. An argument injection in Git duri ...)
{DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
- [bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315805
NOTE: Fixed by: https://pagure.io/pagure/c/1db796dd0fa85c5f30f1e7123638e237f73bc92d (5.14.1)
CVE-2024-47515 (A vulnerability was found in Pagure. Support of symbolic links during ...)
{DLA-4390-1}
- pagure 5.14.1+dfsg-1 (bug #1091383)
- [bookworm] - pagure <ignored> (Pagure in Bookworm is non-functional)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2315806
NOTE: Fixed by: https://pagure.io/pagure/c/9b715170008bdc1dd273f7c28debe782a8f7969e (5.14.1)
CVE-2024-41887 (Team ENVY, a Security Research TEAM has found a flaw that allows for a ...)
@@ -147094,7 +147091,7 @@ CVE-2024-10214 (Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly
CVE-2024-45802 (Squid is an open source caching proxy for the Web supporting HTTP, HTT ...)
{DLA-4083-1}
- squid 6.12-1
- [bookworm] - squid <no-dsa> (Minor issue)
+ [bookworm] - squid 5.7-2+deb12u5
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
NOTE: Not a code fix, this merely disables ESI by default (and thus in the Debian build)
NOTE: Upstream disabled ESI support in default builds already in 6.10 but Debian builds
@@ -147518,7 +147515,7 @@ CVE-2024-49762 (Pterodactyl is a free, open-source game server management panel.
NOT-FOR-US: Pterodactyl
CVE-2024-49760 (OpenRefine is a free, open source tool for working with messy data. Th ...)
- openrefine 3.8.7-1 (bug #1086041)
- [bookworm] - openrefine <no-dsa> (Minor issue)
+ [bookworm] - openrefine 3.6.2-2+deb12u3
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qfwq-6jh6-8xx4
NOTE: https://github.com/OpenRefine/OpenRefine/commit/24d084052dc55426fe460f2a17524fd18d28b20c
NOTE: https://github.com/OpenRefine/OpenRefine/commit/478285afffea59c893ac472faa74898ab9e5e95a (3.8.3)
@@ -147549,19 +147546,19 @@ CVE-2024-47883 (The OpenRefine fork of the MIT Simile Butterfly server is a modu
NOTE: https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c (1.2.6)
CVE-2024-47882 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
- [bookworm] - openrefine <no-dsa> (Minor issue)
+ [bookworm] - openrefine 3.6.2-2+deb12u3
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-j8hp-f2mj-586g
NOTE: https://github.com/OpenRefine/OpenRefine/commit/85594e75e7b36025f7b6a67dcd3ec253c5dff8c2
NOTE: https://github.com/OpenRefine/OpenRefine/commit/b0d5dd0a6a40369593f4a6b593e3e0ffa213339e (3.8.3)
CVE-2024-47881 (OpenRefine is a free, open source tool for working with messy data. St ...)
- openrefine 3.8.7-1 (bug #1086041)
- [bookworm] - openrefine <no-dsa> (Minor issue)
+ [bookworm] - openrefine 3.6.2-2+deb12u3
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-87cf-j763-vvh8
NOTE: https://github.com/OpenRefine/OpenRefine/commit/853a1d91662e7dc278a9a94a38be58de04494056
NOTE: https://github.com/OpenRefine/OpenRefine/commit/8a5cced755f9d4544cfc9fd1b9dc9274807b5020 (3.8.3)
CVE-2024-47880 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
- [bookworm] - openrefine <no-dsa> (Minor issue)
+ [bookworm] - openrefine 3.6.2-2+deb12u3
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-79jv-5226-783f
NOTE: https://github.com/OpenRefine/OpenRefine/commit/8060477fa53842ebabf43b63e039745932fa629d
NOTE: https://github.com/OpenRefine/OpenRefine/commit/fbf94fe3f001d6e2aa02e890930cf1affb0847b0 (3.8.3)
@@ -147573,7 +147570,7 @@ CVE-2024-47879 (OpenRefine is a free, open source tool for working with messy da
NOTE: https://github.com/OpenRefine/OpenRefine/commit/52c882a447d9efe8d3ef73b78468887c5da39790 (3.8.3)
CVE-2024-47878 (OpenRefine is a free, open source tool for working with messy data. Pr ...)
- openrefine 3.8.7-1 (bug #1086041)
- [bookworm] - openrefine <no-dsa> (Minor issue)
+ [bookworm] - openrefine 3.6.2-2+deb12u3
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-pw3x-c5vp-mfc3
NOTE: https://github.com/OpenRefine/OpenRefine/commit/10bf0874d67f1018a58b3732332d76b840192fea
NOTE: https://github.com/OpenRefine/OpenRefine/commit/37b375478eca41b8948b104bf6790ebf659a88cb (3.8.3)
@@ -151037,7 +151034,7 @@ CVE-2024-45844 (BIG-IP monitor functionality may allow an attacker to bypass acc
CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and the relate ...)
{DLA-4295-1}
- libhtp 1:0.5.49-1
- [bookworm] - libhtp <no-dsa> (Minor issue)
+ [bookworm] - libhtp 1:0.5.42-1+deb12u1
NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-rqqp-24ch-248f
NOTE: https://redmine.openinfosecfoundation.org/issues/7191
CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
@@ -159438,13 +159435,13 @@ CVE-2024-8601 (This vulnerability exists in TechExcel Back Office Software versi
CVE-2024-8373 (Improper sanitization of the value of the [srcset] attribute in <sourc ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1088805)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8373
NOTE: PoC: https://codepen.io/herodevs/full/bGPQgMp/8da9ce87e99403ee13a295c305ebfa0b
CVE-2024-8372 (Improper sanitization of the value of the 'srcset' attribute in Angula ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1088804)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-8372
NOTE: PoC: https://codepen.io/herodevs/full/xxoQRNL/0072e627abe03e9cda373bc75b4c1017
CVE-2024-8042 (Rapid7 Insight Platform versions between November 2019 and August 14, ...)
@@ -159526,7 +159523,7 @@ CVE-2024-27364 (An issue was discovered in Mobile Processor, Wearable Processor
NOT-FOR-US: Samsung
CVE-2024-24510 (Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows ...)
- sogo 5.10.0-1
- [bookworm] - sogo <no-dsa> (Minor issue, can be fixed via point release)
+ [bookworm] - sogo 5.8.0-2+deb12u1
[bullseye] - sogo <ignored> (fix requires an intrusive backport and entails a high regression risk)
NOTE: Fixed by: https://github.com/Alinto/sogo/commit/21468700718ed71774eaf2979ee59330fc569424 (SOGo-5.10.0)
CVE-2023-50883 (ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediat ...)
@@ -195185,7 +195182,7 @@ CVE-2024-34467 (ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to ina
CVE-2024-34462 (Alinto SOGo through 5.10.0 allows XSS during attachment preview.)
{DLA-4434-1}
- sogo 5.11.0-1 (bug #1071163)
- [bookworm] - sogo <no-dsa> (Minor issue)
+ [bookworm] - sogo 5.8.0-2+deb12u1
[buster] - sogo <postponed> (Minor issue)
NOTE: https://github.com/Alinto/sogo/commit/2e37e59ed140d4aee0ff2fba579ca5f83f2c5920 (SOGo-5.11.0)
CVE-2023-52729 (TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error ...)
@@ -200073,7 +200070,7 @@ CVE-2024-32661 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 2.11.7+dfsg1-3 (bug #1072112)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p5m5-342g-pv9m
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 (3.5.1)
@@ -200082,7 +200079,7 @@ CVE-2024-32660 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 2.11.7+dfsg1-1 (bug #1072112)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 (3.5.1)
@@ -200090,7 +200087,7 @@ CVE-2024-32659 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 2.11.7+dfsg1-1 (bug #1072112)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b (3.5.1)
@@ -200099,7 +200096,7 @@ CVE-2024-32658 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 3.5.1+dfsg1-1 (bug #1069752)
- freerdp2 2.11.7+dfsg1-1 (bug #1072112)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf (3.5.1)
@@ -200326,7 +200323,7 @@ CVE-2024-32041 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 2.11.7+dfsg1-1 (bug #1069728)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
@@ -200335,7 +200332,7 @@ CVE-2024-32039 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 2.11.7+dfsg1-1 (bug #1069728)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
@@ -200344,7 +200341,7 @@ CVE-2024-32040 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 2.11.7+dfsg1-1 (bug #1069728)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
@@ -200353,7 +200350,7 @@ CVE-2024-32458 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 2.11.7+dfsg1-1 (bug #1069728)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
@@ -200362,7 +200359,7 @@ CVE-2024-32459 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 2.11.7+dfsg1-1 (bug #1069728)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
@@ -200371,7 +200368,7 @@ CVE-2024-32460 (FreeRDP is a free implementation of the Remote Desktop Protocol.
{DLA-4053-1}
- freerdp3 <not-affected> (Fixed with initial upload to Debian unstable)
- freerdp2 2.11.7+dfsg1-1 (bug #1069728)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://www.freerdp.com/2024/04/17/2_11_6-release
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
@@ -217987,7 +217984,7 @@ CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prev
CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted traff ...)
{DLA-4295-1}
- libhtp 1:0.5.46-1
- [bookworm] - libhtp <no-dsa> (Minor issue)
+ [bookworm] - libhtp 1:0.5.42-1+deb12u1
[buster] - libhtp <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
NOTE: https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a (0.5.46)
@@ -221147,7 +221144,7 @@ CVE-2024-24337 (CSV Injection vulnerability in '/members/moremember.pl' and '/ad
- koha <itp> (bug #702134)
CVE-2024-23833 (OpenRefine is a free, open source power tool for working with messy da ...)
- openrefine 3.7.8-1 (bug #1064192)
- [bookworm] - openrefine <no-dsa> (Minor issue)
+ [bookworm] - openrefine 3.6.2-2+deb12u3
NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4
NOTE: https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a (3.7.8)
CVE-2024-23763 (SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers ...)
@@ -221486,7 +221483,7 @@ CVE-2024-21624 (nonebot2 is a cross-platform Python asynchronous chatbot framewo
CVE-2024-21490 (This affects versions of the package angular from 1.3.0. A regular exp ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1088803)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
[buster] - angular.js <postponed> (Fix along with the next DLA)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113
NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos
@@ -225600,7 +225597,7 @@ CVE-2024-22562 (swftools 0.9.2 was discovered to contain a Stack Buffer Underflo
CVE-2024-22211 (FreeRDP is a set of free and open source remote desktop protocol libra ...)
{DLA-4053-1}
- freerdp2 2.11.5+dfsg1-1 (bug #1061173)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
[buster] - freerdp2 <postponed> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59
NOTE: https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff (3.2.0)
@@ -225964,7 +225961,7 @@ CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause
{DLA-4306-1}
[experimental] - pam 1.5.3-2
- pam 1.5.3-4 (bug #1061097)
- [bookworm] - pam <no-dsa> (Minor issue)
+ [bookworm] - pam 1.5.2-6+deb12u2
[buster] - pam <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2024/01/18/3
NOTE: https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb (v1.6.0)
@@ -226647,7 +226644,7 @@ CVE-2023-49106 (Missing Password Field Masking vulnerability in Hitachi Device M
NOT-FOR-US: Hitachi
CVE-2023-48104 (Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.)
- sogo 5.9.1-1 (bug #1060925)
- [bookworm] - sogo <no-dsa> (Minor issue)
+ [bookworm] - sogo 5.8.0-2+deb12u1
[bullseye] - sogo <ignored> (fix requires an intrusive backport and entails a high regression risk)
[buster] - sogo <ignored> (Minor issue)
NOTE: Fixed by: https://github.com/Alinto/sogo/commit/7481ccf37087c3f456d7e5a844da01d0f8883098 (SOGo-5.9.1)
@@ -226877,7 +226874,7 @@ CVE-2024-0481 (A vulnerability was found in Taokeyun up to 1.0.5. It has been ra
CVE-2024-23301 (Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable init ...)
{DLA-4400-1 DLA-3733-1}
- rear 2.7+dfsg-1.2 (bug #1060747)
- [bookworm] - rear <no-dsa> (Minor issue)
+ [bookworm] - rear 2.7+dfsg-1+deb12u1
NOTE: https://github.com/rear/rear/issues/3122
NOTE: https://github.com/rear/rear/pull/3123
NOTE: https://github.com/rear/rear/commit/89b61793d80bc2cb2abe47a7d0549466fb087d16
@@ -242081,7 +242078,7 @@ CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS
CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...)
{DLA-4312-1}
- squid 6.1-1
- [bookworm] - squid <ignored> (unsupported, Gopher support has been removed upstream)
+ [bookworm] - squid 5.7-2+deb12u5
[buster] - squid <ignored> (unsupported, Gopher support has been removed upstream)
NOTE: No code fix, gopher support was removed:
NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1)
@@ -250533,14 +250530,14 @@ CVE-2023-41034 (Eclipse Leshan is a device management server and client Java imp
CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x
NOTE: https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 (3.0.0-beta3)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/c659973bb4cd65c065f2fe1a807dbc6805c684c6 (2.11.0)
CVE-2023-39356 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m
NOTE: https://github.com/FreeRDP/FreeRDP/commit/889348a86e49bc8f1351ed6496d847b32db5f86e (2.11.0)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/23db2f4e6ba71f1c10c543f24de595d7340adb46 (2.11.1)
@@ -250552,34 +250549,34 @@ CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol
CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6
NOTE: https://github.com/FreeRDP/FreeRDP/commit/82ac0164f330c08ddd9a6ef6f3dbf846c4b79def (2.11.0)
CVE-2023-39353 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f
NOTE: https://github.com/FreeRDP/FreeRDP/commit/efa0567c027239b901ccdc590b9e229e0111c68b (2.11.0)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/9ed6d6baede27d5006e0e4c9bec8e506f695cb6a (2.11.0)
CVE-2023-39352 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj
NOTE: https://github.com/FreeRDP/FreeRDP/commit/7daaba3c1411f71ac7260d01216ab8f8d3687c65 (3.0.0-beta1)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/856ecaa463e963ecfebc9734423d69139e7b3916 (2.11.0)
CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq
NOTE: https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5 (2.11.0)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0)
CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh
NOTE: https://github.com/FreeRDP/FreeRDP/commit/7ece410ce5b5660b9191e1ccb6835158afa11822 (2.11.0)
NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0)
@@ -250783,7 +250780,7 @@ CVE-2023-40582 (find-exec is a utility to discover available shell commands. Ver
CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq
NOTE: Upstream mentioned on #freerdp that the advisory title/summary
NOTE: should reference `nsc_rle_decode` instead of `general_LumaToYUV444`.
@@ -250796,7 +250793,7 @@ CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol
CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v
NOTE: https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083 (2.11.0)
CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...)
@@ -250810,7 +250807,7 @@ CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In
CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8
NOTE: https://github.com/FreeRDP/FreeRDP/commit/c23cbdc4a5756bd723223c7139654de7439fdcc0 (2.11.0)
CVE-2023-3992 (The PostX WordPress plugin before 3.0.6 does not sanitise and escape a ...)
@@ -251506,7 +251503,7 @@ CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publish
CVE-2023-40569 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp
NOTE: https://github.com/FreeRDP/FreeRDP/commit/23c3daeca1598393f8c93f563f7847a4d67919f1 (2.11.0)
CVE-2023-40568
@@ -251514,7 +251511,7 @@ CVE-2023-40568
CVE-2023-40567 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...)
{DLA-4053-1 DLA-3606-1}
- freerdp2 2.11.2+dfsg1-1 (bug #1051638)
- [bookworm] - freerdp2 <no-dsa> (Minor issue)
+ [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp
NOTE: https://github.com/FreeRDP/FreeRDP/commit/bacb8c016ef72aa767760b6b01d15500aee9d59a (2.11.0)
CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...)
@@ -280886,21 +280883,21 @@ CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0
CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1036694)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046
NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-inpur-url-validation-redos
CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1036694)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045
NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-resource-trailing-slashes-redos
CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1036694)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
[buster] - angular.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044
NOTE: PoC: https://stackblitz.com/edit/angularjs-vulnerability-angular-copy-redos
@@ -361367,7 +361364,7 @@ CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to
CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...)
{DLA-4242-1}
- angular.js 1.8.3-2 (bug #1014779)
- [bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - angular.js 1.8.3-1+deb12u1
[buster] - angular.js <not-affected> (vulnerable code not present)
[stretch] - angular.js <not-affected> (vulnerable code not present)
NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735
@@ -599337,7 +599334,7 @@ CVE-2018-14629 (A denial of service vulnerability was discovered in Samba's LDAP
NOTE: https://www.samba.org/samba/security/CVE-2018-14629.html
CVE-2018-14628 (An information leak vulnerability was discovered in Samba's LDAP serve ...)
- samba 2:4.19.3+dfsg-1 (bug #1034803)
- [bookworm] - samba <no-dsa> (Minor issue)
+ [bookworm] - samba 2:4.17.12+dfsg-0+deb12u3
[bullseye] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5477-1)
[buster] - samba <ignored> (Domain controller functionality is EOLed, see DSA-5015-1)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13595
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -1,245 +1,3 @@
-CVE-2023-39350
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-39351
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-39352
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-39353
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-39354
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-39356
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-40181
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-40186
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-40188
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-40567
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-40569
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2023-40589
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-22211
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32039
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32040
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32041
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32458
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32459
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32460
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32658
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32659
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32660
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2024-32661
- [bookworm] - freerdp2 2.11.7+dfsg1-6~deb12u1
-CVE-2025-30224
- [bookworm] - mydumper 0.10.1-1+deb12u2
-CVE-2025-4215
- [bookworm] - ublock-origin 1.62.0+dfsg-0+deb12u1
-CVE-2022-25844
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2023-26116
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2023-26117
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2023-26118
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2024-8372
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2024-8373
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2024-21490
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2025-0716
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2025-2336
- [bookworm] - angular.js 1.8.3-1+deb12u1
-CVE-2025-23279
- [bookworm] - nvidia-graphics-drivers 535.261.03-1
-CVE-2025-23286
- [bookworm] - nvidia-graphics-drivers 535.261.03-1
-CVE-2025-23279
- [bookworm] - nvidia-open-gpu-kernel-modules 535.261.03-1
-CVE-2025-23286
- [bookworm] - nvidia-open-gpu-kernel-modules 535.261.03-1
-CVE-2025-54571
- [bookworm] - modsecurity-apache 2.9.7-1+deb12u2
-CVE-2024-33452
- [bookworm] - libnginx-mod-http-lua 1:0.10.23-1+deb12u1
-CVE-2025-48924
- [bookworm] - libcommons-lang-java 2.6-10+deb12u1
-CVE-2024-23837
- [bookworm] - libhtp 1:0.5.42-1+deb12u1
-CVE-2024-45797
- [bookworm] - libhtp 1:0.5.42-1+deb12u1
-CVE-2025-4877
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-4878
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-5318
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-5351
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-5372
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-5987
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-8114
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-8277
- [bookworm] - libssh 0.10.6-0+deb12u2
-CVE-2025-6020
- [bookworm] - pam 1.5.2-6+deb12u2
-CVE-2024-22365
- [bookworm] - pam 1.5.2-6+deb12u2
-CVE-2025-54119
- [bookworm] - libphp-adodb 5.21.4-1+deb12u2
-CVE-2025-41244
- [bookworm] - open-vm-tools 2:12.2.0-1+deb12u4
-CVE-2024-57254
- [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
-CVE-2024-57255
- [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
-CVE-2024-57256
- [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
-CVE-2024-57257
- [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
-CVE-2024-57258
- [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
-CVE-2024-57259
- [bookworm] - u-boot 2023.01+dfsg-2+deb12u2
-CVE-2025-48924
- [bookworm] - libcommons-lang3-java 3.12.0-2+deb12u1
-CVE-2024-23833
- [bookworm] - openrefine 3.6.2-2+deb12u3
-CVE-2024-47878
- [bookworm] - openrefine 3.6.2-2+deb12u3
-CVE-2024-47880
- [bookworm] - openrefine 3.6.2-2+deb12u3
-CVE-2024-47881
- [bookworm] - openrefine 3.6.2-2+deb12u3
-CVE-2024-47882
- [bookworm] - openrefine 3.6.2-2+deb12u3
-CVE-2024-49760
- [bookworm] - openrefine 3.6.2-2+deb12u3
-CVE-2025-9714
- [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u5
-CVE-2025-11683
- [bookworm] - libyaml-syck-perl 1.34-2+deb12u1
-CVE-2025-62171
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-65955
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-66628
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-68469
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-68618
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-68950
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-69204
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u5
-CVE-2025-59518
- [bookworm] - lemonldap-ng 2.16.1+ds-deb12u7
-CVE-2025-XXXX [session id exposed in portal AJAX responses]
- [bookworm] - lemonldap-ng 2.16.1+ds-deb12u7
-CVE-2025-61921
- [bookworm] - ruby-sinatra 3.0.5-3+deb12u1
-CVE-2025-11568
- [bookworm] - luksmeta 9-4+deb12u1
-CVE-2025-64486
- [bookworm] - calibre 6.13.0+repack-2+deb12u5
-CVE-2025-64500
- [bookworm] - symfony 5.4.23+dfsg-1+deb12u5
-CVE-2024-47619
- [bookworm] - syslog-ng 3.38.1-5+deb12u1
-CVE-2023-46728
- [bookworm] - squid 5.7-2+deb12u5
-CVE-2025-59362
- [bookworm] - squid 5.7-2+deb12u5
-CVE-2024-45802
- [bookworm] - squid 5.7-2+deb12u5
-CVE-2025-7345
- [bookworm] - gdk-pixbuf 2.42.10+dfsg-1+deb12u3
-CVE-2025-54956
- [bookworm] - r-cran-gh 1.4.0-1+deb12u1
-CVE-2025-64503
- [bookworm] - cups-filters 1.28.17-3+deb12u2
-CVE-2025-57812
- [bookworm] - cups-filters 1.28.17-3+deb12u2
-CVE-2025-64524
- [bookworm] - cups-filters 1.28.17-3+deb12u2
-CVE-2025-0634
- [bookworm] - rlottie 0.1+dfsg-4+deb12u1
-CVE-2025-53075
- [bookworm] - rlottie 0.1+dfsg-4+deb12u1
-CVE-2025-53074
- [bookworm] - rlottie 0.1+dfsg-4+deb12u1
-CVE-2025-11411
- [bookworm] - unbound 1.17.1-2+deb12u4
-CVE-2018-14628
- [bookworm] - samba 2:4.17.12+dfsg-0+deb12u3
-CVE-2025-10230
- [bookworm] - samba 2:4.17.12+dfsg-0+deb12u3
-CVE-2025-9640
- [bookworm] - samba 2:4.17.12+dfsg-0+deb12u3
-CVE-2024-23301
- [bookworm] - rear 2.7+dfsg-1+deb12u1
-CVE-2025-10158
- [bookworm] - rsync 3.2.7-1+deb12u4
-CVE-2025-54812
- [bookworm] - log4cxx 1.0.0-1+deb12u1
-CVE-2025-54813
- [bookworm] - log4cxx 1.0.0-1+deb12u1
-CVE-2025-13601
- [bookworm] - glib2.0 2.74.6-2+deb12u8
-CVE-2025-14087
- [bookworm] - glib2.0 2.74.6-2+deb12u8
-CVE-2025-14512
- [bookworm] - glib2.0 2.74.6-2+deb12u8
-CVE-2025-11234
- [bookworm] - qemu 1:7.2+dfsg-7+deb12u18
-CVE-2025-12119
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u2
-CVE-2025-2291
- [bookworm] - pgbouncer 1.18.0-1+deb12u1
-CVE-2025-12819
- [bookworm] - pgbouncer 1.18.0-1+deb12u1
-CVE-2025-66200
- [bookworm] - apache2 2.4.66-1~deb12u1
-CVE-2025-65082
- [bookworm] - apache2 2.4.66-1~deb12u1
-CVE-2025-58098
- [bookworm] - apache2 2.4.66-1~deb12u1
-CVE-2025-55753
- [bookworm] - apache2 2.4.66-1~deb12u1
-CVE-2025-68973
- [bookworm] - gnupg2 2.2.40-1.1+deb12u2
-CVE-2025-67746
- [bookworm] - composer 2.5.5-1+deb12u3
-CVE-2023-48104
- [bookworm] - sogo 5.8.0-2+deb12u1
-CVE-2024-24510
- [bookworm] - sogo 5.8.0-2+deb12u1
-CVE-2024-34462
- [bookworm] - sogo 5.8.0-2+deb12u1
-CVE-2025-63498
- [bookworm] - sogo 5.8.0-2+deb12u1
-CVE-2025-63499
- [bookworm] - sogo 5.8.0-2+deb12u1
CVE-2024-39329
[bookworm] - python-django 3:3.2.19-1+deb12u2
CVE-2024-39330
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f20c27117b4757304e71f69fabce2dd677c192df...c9c8cc23c8af5cf4c2631e1eb4d84fd47ec432b0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f20c27117b4757304e71f69fabce2dd677c192df...c9c8cc23c8af5cf4c2631e1eb4d84fd47ec432b0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260110/16a6f754/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list