Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fe091ce by Moritz Muehlenhoff at 2025-08-26T11:06:59+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1920,6 +1920,8 @@ CVE-2025-9132 (Out of bounds write in V8 in Google Chrome
prior to 139.0.7258.13
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-9165 (A flaw has been found in LibTIFF 4.7.0. This affects the
function _TIF ...)
- tiff 4.7.0-4 (bug #1111878)
+ [trixie] - tiff <no-dsa> (Minor issue)
+ [bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/728
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/747
NOTE:
https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0
@@ -2968,6 +2970,7 @@ CVE-2025-55203 (Plane is open-source project management
software. Prior to versi
CVE-2025-54989 (Firebird is a relational database. Prior to versions 3.0.13,
4.0.6, an ...)
{DLA-4282-1}
- firebird3.0 3.0.13.ds7-1 (bug #1111321)
+ [trixie] - firebird3.0 <no-dsa> (Minor issue)
[bookworm] - firebird3.0 <no-dsa> (Minor issue)
- firebird4.0 4.0.6.3221.ds6-1 (bug #1111320)
NOTE:
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-7qp6-hqxj-pjjp
@@ -3163,6 +3166,8 @@ CVE-2025-8962 (A vulnerability was found in code-projects
Hostel Management Syst
NOT-FOR-US: code-projects
CVE-2025-8961 (A weakness has been identified in LibTIFF 4.7.0. This affects
the func ...)
- tiff <unfixed> (bug #1111317)
+ [trixie] - tiff <no-dsa> (Minor issue)
+ [bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/721
CVE-2025-8960 (A vulnerability has been found in Campcodes Online Flight
Booking Mana ...)
NOT-FOR-US: Campcodes
@@ -6876,6 +6881,8 @@ CVE-2025-4588 (The 360 Photo Spheres plugin for WordPress
is vulnerable to Store
NOT-FOR-US: WordPress plugin
CVE-2024-13978 (A vulnerability was found in LibTIFF up to 4.7.0. It has been
declared ...)
- tiff 4.7.0-4 (bug #1111323)
+ [trixie] - tiff <no-dsa> (Minor issue)
+ [bookworm] - tiff <no-dsa> (Minor issue)
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/649
NOTE: https://gitlab.com/libtiff/libtiff/-/issues/650
NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/667
@@ -8465,6 +8472,7 @@ CVE-2025-23286 (NVIDIA GPU Display Driver for Windows and
Linux contains a vulne
[bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Contrib not
supported)
[experimental] - nvidia-graphics-drivers-tesla-535 535.261.03-1
- nvidia-graphics-drivers-tesla-535 <unfixed> (bug #1109916)
+ [trixie] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not
supported)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not
supported)
- nvidia-graphics-drivers-tesla-550 <unfixed> (bug #1109917)
CVE-2025-23279 (NVIDIA .run Installer for Linux and Solaris contains a
vulnerability w ...)
@@ -71372,6 +71380,7 @@ CVE-2025-21312 (Windows Smart Card Reader Information
Disclosure Vulnerability)
NOT-FOR-US: Microsoft
CVE-2025-21311 (Windows NTLM V1 Elevation of Privilege Vulnerability)
- squid 7.1-1
+ [trixie] - squid <no-dsa> (Minor issue)
[bookworm] - squid <no-dsa> (Minor issue)
[bullseye] - squid <postponed> (Minor issue, generic deprecation of
NTLMv1 auth)
NOTE: 7.1 removes the ntlm_smb_lm_auth module
@@ -136826,7 +136835,7 @@ CVE-2024-3155 (The Post Grid, Form Maker, Popup
Maker, WooCommerce Blocks, Post
NOT-FOR-US: WordPress plugin
CVE-2024-35195 (Requests is a HTTP library. Prior to 2.32.0, when making
requests thro ...)
- requests 2.32.3+dfsg-1 (bug #1071593)
- [bookworm] - requests <no-dsa> (Minor issue)
+ [bookworm] - requests <ignored> (Minor issue, too intrusive to backport)
[bullseye] - requests <no-dsa> (Minor issue)
[buster] - requests <postponed> (Minor issue; can be fixed in next
update)
NOTE:
https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56
@@ -339196,6 +339205,7 @@ CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T
is affected by Stored Cros
NOT-FOR-US: Sofico
CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1
allows an ou ...)
- squirrel3 <unfixed> (bug #1016212)
+ [trixie] - squirrel3 <no-dsa> (Minor issue)
[bullseye] - squirrel3 <no-dsa> (Minor issue)
[buster] - squirrel3 <no-dsa> (Minor issue)
NOTE:
https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98
(v3.2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fe091cebb915a8ebeef3f016952e2f1235966d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fe091cebb915a8ebeef3f016952e2f1235966d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
