bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 22 Sep 2025 08:35:14 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
11bf94da by Moritz Muehlenhoff at 2025-09-22T17:29:18+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -220,6 +220,7 @@ CVE-2025-59670
 CVE-2025-59431 (MapServer is a system for developing web-based GIS 
applications. Prior ...)
        - mapserver 8.4.1-1
        NOTE: 
https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w
+       NOTE: 
https://github.com/MapServer/MapServer/commit/aaeedcdabd1cca4b0f1e94cdcd5e48922d97dd00
 CVE-2025-59427 (The Cloudflare Vite plugin enables a full-featured integration 
between ...)
        NOT-FOR-US: Cloudflare Vite plugin
 CVE-2025-59344 (AliasVault is a privacy-first password manager with built-in 
email ali ...)
@@ -2711,9 +2712,11 @@ CVE-2025-59453 (Click Studios Passwordstate before 9.9 
Build 9972 has a potentia
        NOT-FOR-US: Click Studios Passwordstate
 CVE-2025-59437 (The ip (aka node-ip) package through 2.0.1 (in NPM) might 
allow SSRF b ...)
        - node-ip <unfixed>
-       TODO: check details
+       [trixie] - node-ip <no-dsa> (Minor issue)
+       [bookworm] - node-ip <no-dsa> (Minor issue)
 CVE-2025-59436 (The ip (aka node-ip) package through 2.0.1 (in NPM) might 
allow SSRF b ...)
        - node-ip <unfixed>
+       [trixie] - node-ip <no-dsa> (Minor issue)
        [bookworm] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 
not applied)
        [bullseye] - node-ip <not-affected> (Incomplete fix for CVE-2024-29415 
not applied)
        NOTE: https://github.com/indutny/node-ip/issues/160
@@ -36174,6 +36177,7 @@ CVE-2025-48942 (vLLM is an inference and serving engine 
for large language model
        - vllm <itp> (bug #1095237)
 CVE-2025-48938 (go-gh is a collection of Go modules to make authoring GitHub 
CLI exten ...)
        - golang-github-cli-go-gh <unfixed> (bug #1107084)
+       [trixie] - golang-github-cli-go-gh <no-dsa> (Minor issue)
        [bookworm] - golang-github-cli-go-gh <no-dsa> (Minor issue)
        - golang-github-cli-go-gh-v2 <unfixed> (bug #1107083)
        [trixie] - golang-github-cli-go-gh-v2 <no-dsa> (Minor issue)


=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ cpp-httplib
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
+ghostscript (carnil)
+--
 intel-microcode (carnil)
   Expose fixes first in unstable, evaluate with maintainer proposed-updates or 
DSA
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bf94da73c4c51459fd2375e2b0361ebb8ce1f1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/11bf94da73c4c51459fd2375e2b0361ebb8ce1f1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to