Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
de5fbcaf by Salvatore Bonaccorso at 2025-08-29T20:33:59+02:00
Note libxml2 mitigations for CVE-2025-7425 in libxslt
- - - - -
39fcd674 by Salvatore Bonaccorso at 2025-08-29T20:34:02+02:00
Add reference for libxslt only soluion for CVE-2025-7425
- - - - -
1063f3b5 by Salvatore Bonaccorso at 2025-08-29T20:40:32+02:00
Remove trailing empty line
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -13985,7 +13985,6 @@ CVE-2025-53862 (A flaw was found in Ansible. Three API
endpoints are accessible
CVE-2025-53861 (A flaw was found in Ansible. Sensitive cookies without
security flags ...)
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype,
flags are ...)
- {DSA-5990-1}
- libxslt <unfixed> (bug #1109122)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379274
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
@@ -13995,7 +13994,10 @@ CVE-2025-7425 (A flaw was found in libxslt where the
attribute type, atype, flag
NOTE: and followups.
NOTE: Mitigated by
https://gitlab.gnome.org/GNOME/libxml2/-/commit/9de92ed78d8495527c5d7a4d0cc76c1f83768195
(2.14)
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f1e1f13b766eb580a8dcc0c4e7a447346dfd862e
(master)
- NOTE: Mitigation landed in sid in 2.14.5+dfsg-0.1
+ NOTE: Mitigation landed in sid in 2.14.5+dfsg-0.1. Additionally the
update for libxml2 as provided
+ NOTE: via DSA 5990-1 (for trixie: 2.12.7+dfsg+really2.9.14-2.1+deb13u1,
for bookworm
+ NOTE: 2.9.14+dfsg-1.3~deb12u4) mitigate the issue in trixie and
bookworm.
+ NOTE: Potential libxslt-only solution:
https://gitlab.gnome.org/GNOME/libxslt/-/issues/140#note_2513942
CVE-2025-7424 (A flaw was found in the libxslt library. The same memory field,
psvi, ...)
{DSA-5979-1}
- libxslt 1.1.35-2 (bug #1109123)
=====================================
data/DSA/list
=====================================
@@ -2,7 +2,6 @@
{CVE-2023-46809 CVE-2024-21892 CVE-2024-22019 CVE-2024-22020
CVE-2024-22025 CVE-2024-27982 CVE-2024-27983 CVE-2025-47153}
[bookworm] - nodejs 18.20.4+dfsg-1~deb12u1
[29 Aug 2025] DSA-5990-1 libxml2 - security update
- {CVE-2025-7425}
[bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u4
[trixie] - libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u1
[28 Aug 2025] DSA-5989-1 udisks2 - security update
=====================================
data/next-point-update.txt
=====================================
@@ -59,4 +59,3 @@ CVE-2025-XXXX [OSSN-0094]
[trixie] - watcher 14.0.0-1+deb13u1
CVE-2025-53859
[trixie] - nginx 1.26.3-3+deb13u1
-
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a1ec9624da36e9ed68d266bb9bbef0932ed973bb...1063f3b503a58f89bb0dbae97507fdd724597fa9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a1ec9624da36e9ed68d266bb9bbef0932ed973bb...1063f3b503a58f89bb0dbae97507fdd724597fa9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
