Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a67828d3 by Moritz Muehlenhoff at 2025-05-19T09:02:59+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -206,7 +206,8 @@ CVE-2025-4190 (The CSV Mass Importer WordPress plugin
through 1.2 does not prope
CVE-2025-4189 (The Audio Comments Plugin plugin for WordPress is vulnerable to
Cross- ...)
NOT-FOR-US: WordPress plugin
CVE-2025-48188 (libpspp-core.a in GNU PSPP through 2.0.1 has an incorrect call
from fi ...)
- - pspp <unfixed> (bug #1105918)
+ - pspp <unfixed> (unimportant; bug #1105918)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://savannah.gnu.org/bugs/?67079
CVE-2025-3812 (The WPBot Pro Wordpress Chatbot plugin for WordPress is
vulnerable to ...)
NOT-FOR-US: WordPress plugin
@@ -226,6 +227,7 @@ CVE-2025-4806 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: SourceCodester
CVE-2025-4802 (Untrusted LD_LIBRARY_PATH environment variable vulnerability in
the GN ...)
- glibc 2.39-4
+ [bookworm] - glibc <no-dsa> (Minor issue)
NOTE: Introduced with:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=10e93d968716ab82931d593bada121c17c0a4b93
(glibc-2.27)
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5451fa962cd0a90a0e2ec1d8910a559ace02bba0
(glibc-2.39)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32976
@@ -1107,6 +1109,7 @@ CVE-2025-4516 (There is an issue in CPython when using
`bytes.decode("unicode_es
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
NOTE: https://github.com/python/cpython/issues/133767
@@ -1298,6 +1301,7 @@ CVE-2025-23165 [Corrupted pointer in
node::fs::ReadFileUtf8(const FunctionCallba
NOTE: Fixed by
https://github.com/nodejs/node/commit/6a7b005a07a0912260e328c6397317b5b862ffde
CVE-2025-23167 [Improper HTTP header block termination in llhttp]
- node-undici <unfixed> (bug #1105919)
+ [bookworm] - node-undici <no-dsa> (Minor issue)
- llhttp <itp> (bug #977716)
NOTE:
https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#improper-http-header-block-termination-in-llhttp-cve-2025-23167---medium
CVE-2025-23166 [Improper error handling in async cryptographic operations
crashes process]
@@ -7724,6 +7728,7 @@ CVE-2025-23244 (NVIDIA GPU Display Driver for Linux
contains a vulnerability whi
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1104075)
NOTE: 525.147.05-6 turned the package into a metapackage to aid
switching to nvidia-graphics-drivers
- nvidia-graphics-drivers-tesla-535 535.247.01-1 (bug #1104077)
+ [bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not
supported)
- nvidia-open-gpu-kernel-modules 535.247.01-1 (bug #1104076)
[bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5630
@@ -8928,6 +8933,7 @@ CVE-2025-32442 (Fastify is a fast and low overhead web
framework, for Node.js. I
NOT-FOR-US: Fastify
CVE-2025-32434 (PyTorch is a Python package that provides tensor computation
with stro ...)
- pytorch 2.6.0+dfsg-1
+ [bookworm] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
CVE-2025-32389 (NamelessMC is a free, easy to use & powerful website software
for Mine ...)
NOT-FOR-US: NamelessMC
=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ intel-microcode (carnil)
--
jpeg-xl
--
+libavif
+--
libreswan
Waiting on feedback from maintainer
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a67828d3ef86ceb013a03780022e72735ed7476d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a67828d3ef86ceb013a03780022e72735ed7476d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
