Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
52da126b by Moritz Muehlenhoff at 2025-06-12T23:19:43+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -261,9 +261,12 @@ CVE-2025-0163 (IBM Security Verify Access Appliance and
Docker 10.0 through 10.0
NOT-FOR-US: IBM
CVE-2025-5991 (There is a "Use After Free" vulnerability in Qt's
QHttp2ProtocolHandle ...)
- qt6-base <unfixed>
+ [bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src <unfixed>
- - qtbase-opensource-src-gles <unfixed>
+ [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+ - qtbase-opensource-src-gles <unfixed> (unimportant)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/643777
+ NOTE: The -gles package doesn't build the HTTP2 code, only included in
the source package
CVE-2025-5985 (A vulnerability was found in code-projects School Fees Payment
System ...)
NOT-FOR-US: code-projects
CVE-2025-5984 (A vulnerability has been found in SourceCodester Online Student
Cleara ...)
@@ -1399,6 +1402,7 @@ CVE-2025-5890 (A vulnerability classified as problematic
has been found in actio
NOT-FOR-US: Node @actions/*
CVE-2025-5889 (A vulnerability was found in juliangruber brace-expansion up to
1.1.11 ...)
- node-brace-expansion 2.0.1+~1.1.0-2 (bug #1107695)
+ [bookworm] - node-brace-expansion <no-dsa> (Minor issue)
NOTE:
https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466
NOTE: https://github.com/juliangruber/brace-expansion/pull/65
NOTE:
https://github.com/juliangruber/brace-expansion/commit/0b6a9781e18e9d2769bb2931f4856d1360243ed2
(v1.1.12)
@@ -3441,6 +3445,7 @@ CVE-2025-48494 (Gokapi is a self-hosted file sharing
server with automatic expir
CVE-2025-48387 (tar-fs provides filesystem bindings for tar-stream. Versions
prior to ...)
{DLA-4214-1}
- node-tar-fs 3.0.9+~cs2.0.4-1
+ [bookworm] - node-tar-fs <no-dsa> (Minor issue)
NOTE:
https://github.com/mafintosh/tar-fs/security/advisories/GHSA-8cj5-5rvv-wf4v
NOTE: Fixed by:
https://github.com/mafintosh/tar-fs/commit/647447b572bc135c41035e82ca7b894f02b17f0f
(v3.0.9)
CVE-2025-47585 (Missing Authorization vulnerability in Mage people team
Booking and Re ...)
@@ -11703,6 +11708,7 @@ CVE-2025-46813 (Discourse is an open-source community
platform. A data leak vuln
NOT-FOR-US: Discourse
CVE-2025-46734 (league/commonmark is a PHP Markdown parser. A cross-site
scripting (XS ...)
- php-league-commonmark 2.7.0-1
+ [bookworm] - php-league-commonmark <no-dsa> (Minor issue)
NOTE:
https://github.com/thephpleague/commonmark/security/advisories/GHSA-3527-qv2q-pfvx
NOTE:
https://github.com/thephpleague/commonmark/commit/f0d626cf05ad3e99e6db26ebcb9091b6cd1cd89b
(2.7.0)
CVE-2025-46731 (Craft is a content management system. Versions of Craft CMS on
the 4.x ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52da126bceffdaa278e401b0687a688d687e0005
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/52da126bceffdaa278e401b0687a688d687e0005
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
