Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
224e12c4 by Moritz Muehlenhoff at 2025-06-20T10:26:55+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1759,6 +1759,7 @@ CVE-2025-1562 (The Recover WooCommerce Cart Abandonment,
Newsletter, Email Marke
NOT-FOR-US: WordPress plugin
CVE-2025-48945
- pycares <unfixed>
+ [bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
NOTE:
https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
NOTE: Fixed by:
https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4
(v4.9.0)
CVE-2025-6199 (A flaw was found in the GIF parser of GdkPixbuf\u2019s LZW
decoder. Wh ...)
@@ -2294,6 +2295,7 @@ CVE-2025-4748 (Improper Limitation of a Pathname to a
Restricted Directory ('Pat
NOTE:
https://github.com/erlang/otp/commit/10608879c81332af2d3c00db61ee173c93c1ea4e
(OTP-26.2.5.13, OTP-27.3.4.1)
CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse
untrusted P ...)
- protobuf <unfixed> (bug #1108057)
+ [bookworm] - protobuf <no-dsa> (Minor issue)
NOTE:
https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel
vulnerability ...)
- tomcat11 <unfixed>
@@ -43663,6 +43665,7 @@ CVE-2025-24811 (A vulnerability has been identified in
SIMATIC S7-1200 CPU 1211C
NOT-FOR-US: Siemens
CVE-2025-24807 (eprosima Fast DDS is a C++ implementation of the DDS (Data
Distributio ...)
- fastdds 3.1.2+ds-1 (bug #1095838)
+ [bookworm] - fastdds <no-dsa> (Minor issue)
NOTE:
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-w33g-jmm2-8983
NOTE: https://github.com/eProsima/Fast-DDS/pull/5530
CVE-2025-24532 (A vulnerability has been identified in SCALANCE WAB762-1
(6GK5762-1AJ0 ...)
@@ -174828,10 +174831,11 @@ CVE-2023-40407 (The issue was addressed with
improved bounds checks. This issue
CVE-2023-40406 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2023-40403 (The issue was addressed with improved memory handling. This
issue is f ...)
- - libxslt <unfixed> (bug #1108074)
+ - libxslt <unfixed> (bug #1108074; unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/94
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxslt/-/commit/82f6cbf8ca61b1f9e00dc04aa3b15d563e7bbc6d
(v1.1.38)
NOTE: Backports:
https://gitlab.gnome.org/GNOME/libxslt/-/issues/94#note_1855467
+ NOTE: Hardening to improve ASLR, not a security issue by itself
CVE-2023-40402 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2023-40400 (This issue was addressed with improved checks. This issue is
fixed in ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ gdk-pixbuf (jmm)
gh
Santiago Vila might work on preparing an update
--
+icu
+--
jpeg-xl
--
konsole (jmm)
@@ -73,9 +75,13 @@ sympa
--
tomcat10
--
+trafficserver (jmm)
+--
wordpress
--
xen
--
+xorg-server
+--
zabbix
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/224e12c4beeab2d5663ac624c76768762df77f09
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/224e12c4beeab2d5663ac624c76768762df77f09
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
