bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 28 Sep 2025 14:28:42 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b8d82cf3 by Moritz Muehlenhoff at 2025-09-28T23:28:21+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -484,16 +484,20 @@ CVE-2025-11019 (A vulnerability has been found in 
Total.js CMS up to 19.9.0. Thi
 CVE-2025-11018 (A flaw has been found in Four-Faith Water Conservancy 
Informatization  ...)
        NOT-FOR-US: Four-Faith Water Conservancy Informatization Platform
 CVE-2025-11017 (A vulnerability was detected in OGRECave Ogre up to 14.4.1. 
The impact ...)
-       - ogre-1.12 <unfixed>
-       - ogre-1.9 <unfixed>
+       - ogre-1.12 <unfixed> (unimportant)
+       - ogre-1.9 <unfixed> (unimportant)
        NOTE: https://github.com/OGRECave/ogre/issues/3447
+       NOTE: Crosses no security boundary
 CVE-2025-11016 (A security vulnerability has been detected in kalcaddle kodbox 
up to 1 ...)
        NOT-FOR-US: kalcaddle kodbox
 CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1. 
Impacted ...)
-       - ogre-1.12 <unfixed>
+       - ogre-1.12 <unfixed> (unimportant)
        NOTE: https://github.com/OGRECave/ogre/issues/3446
+       NOTE: No security impact
 CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to 
14.4.1. Thi ...)
        - ogre-1.12 <unfixed>
+       [trixie] - ogre-1.12 <no-dsa> (Minor issue)
+       [bookworm] - ogre-1.12 <no-dsa> (Minor issue)
        NOTE: https://github.com/OGRECave/ogre/issues/3445
 CVE-2025-11013 (A vulnerability was identified in BehaviorTree up to 4.7.0. 
This vulne ...)
        NOT-FOR-US: BehaviorTree
@@ -742,6 +746,7 @@ CVE-2025-59422 (Dify is an open-source LLM app development 
platform. In version
        NOT-FOR-US: Dify
 CVE-2025-57632 (libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing 
SMB2 ch ...)
        - libsmb2 <unfixed> (bug #1116446)
+       [trixie] - libsmb2 <no-dsa> (Minor issue)
        NOTE: https://gist.github.com/ZjW1nd/0b95b63307ceee7890e88e4abc6f041e
        NOTE: https://github.com/sahlberg/libsmb2/pull/431
 CVE-2025-57623 (A NULL pointer dereference in TOTOLINK N600R firmware 
v4.3.0cu.7866_B2 ...)
@@ -781,42 +786,60 @@ CVE-2025-55556 (TensorFlow v2.18.0 was discovered to 
output random results when
        NOTE: https://github.com/tensorflow/tensorflow/issues/82317
 CVE-2025-55554 (pytorch v2.8.0 was discovered to contain an integer overflow 
in the co ...)
        - pytorch <unfixed> (bug #1116534)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/151510
 CVE-2025-55553 (A syntax error in the component proxy_tensor.py of pytorch 
v2.7.0 allo ...)
        - pytorch <unfixed> (bug #1116535)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/151432
        NOTE: https://github.com/pytorch/pytorch/pull/154645
        NOTE: 
https://github.com/pytorch/pytorch/commit/f9dc20c7a3409865ff72c02575068edc1797473f
 (v2.8.0-rc1)
 CVE-2025-55552 (pytorch v2.8.0 was discovered to display unexpected behavior 
when the  ...)
        - pytorch <unfixed> (bug #1116536)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/147847
 CVE-2025-55551 (An issue in the component torch.linalg.lu of pytorch v2.8.0 
allows att ...)
        - pytorch <unfixed> (bug #1116537)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/151401
 CVE-2025-48707 (An issue was discovered in Stormshield Network Security (SNS) 
before 5 ...)
        NOT-FOR-US: Stormshield Network Security (SNS)
 CVE-2025-46153 (PyTorch before 3.7.0 has a bernoulli_p decompose function in 
decomposi ...)
        - pytorch <unfixed> (bug #1116538)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/142853
        NOTE: https://github.com/pytorch/pytorch/pull/143460
        NOTE: Fixed by: 
https://github.com/pytorch/pytorch/commit/288aa873831057b1eb7d747914ec4fdc76c23a80
 (v2.7.0-rc1)
 CVE-2025-46152 (In PyTorch before 2.7.0, bitwise_right_shift produces 
incorrect output ...)
        - pytorch <unfixed> (bug #1116539)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/143555
        NOTE: https://github.com/pytorch/pytorch/pull/143635
        NOTE: Fixed by: 
https://github.com/pytorch/pytorch/commit/607884c9afeb29fd230ed2fbadae92377e47dc97
 (v2.7.0-rc1)
 CVE-2025-46150 (In PyTorch before 2.7.0, when torch.compile is used, 
FractionalMaxPool ...)
        - pytorch <unfixed> (bug #1116540)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/141538
        NOTE: https://github.com/pytorch/pytorch/pull/144395
        NOTE: Fixed by: 
https://github.com/pytorch/pytorch/commit/ccc2878c978258ec88f7ec591305ba5b13e06579
 (v2.7.0-rc1)
 CVE-2025-46149 (In PyTorch before 2.7.0, when inductor is used, nn.Fold has an 
asserti ...)
        - pytorch <unfixed> (bug #1116541)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/147848
        NOTE: https://github.com/pytorch/pytorch/pull/147961
        NOTE: Fixed by: 
https://github.com/pytorch/pytorch/commit/be830c8b1c496277491bbbdd40a5cb35de17d5fb
 (v2.7.0-rc1)
 CVE-2025-46148 (In PyTorch through 2.6.0, when eager is used, 
nn.PairwiseDistance(p=2) ...)
        - pytorch <unfixed> (bug #1116543)
+       [trixie] - pytorch <no-dsa> (Minor issue)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/151198
        NOTE: https://github.com/pytorch/pytorch/pull/152993
        NOTE: Fixed by: 
https://github.com/pytorch/pytorch/commit/e5f869999cf5429e24fbb5c3923a5c795549b9e7
 (v2.8.0-rc1)
@@ -1384,6 +1407,7 @@ CVE-2017-20200 (A vulnerability has been found in Coinomi 
up to 1.7.6. This issu
        NOT-FOR-US: Coinomi
 CVE-2025-59825 (astral-tokio-tar is a tar archive reading/writing library for 
async Ru ...)
        - rust-astral-tokio-tar 0.5.5-1 (bug #1116337)
+       [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
        NOTE: https://github.com/advisories/GHSA-3wgq-wrwc-vqmv
        NOTE: 
https://github.com/astral-sh/tokio-tar/commit/036fdecc85c52458ace92dc9e02e9cef90684e75
 (v0.5.4)
 CVE-2025-10894 (Malicious code was inserted into the Nx (build system) package 
and sev ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d82cf3e7a652ccc255302b623be0f2a6eec4b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8d82cf3e7a652ccc255302b623be0f2a6eec4b8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to