[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 15 Jun 2025 07:50:37 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3fca0ec8 by Moritz Muehlenhoff at 2025-06-15T16:49:15+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -77,7 +77,7 @@ CVE-2025-24311 (An out-of-bounds read vulnerability exists in 
the cv_send_blockd
 CVE-2025-2843
        NOT-FOR-US: Red Hat Observability observability-operator
 CVE-2025-6052 (A flaw was found in how GLib\u2019s GString manages memory when 
adding ...)
-       - glib2.0 <unfixed> (bug #1107797)
+       - glib2.0 <unfixed> (bug #1107797; unimportant)
        [bookworm] - glib2.0 <not-affected> (Vulnerable code introduced later)
        [bullseye] - glib2.0 <not-affected> (Vulnerable code introduced later)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2372666
@@ -86,6 +86,7 @@ CVE-2025-6052 (A flaw was found in how GLib\u2019s GString 
manages memory when a
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/glib/-/commit/33d9ba2fcc907b4f9a6c0540f9976b64b6f59db2
 (2.85.1)
        NOTE: Backport: 
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4656
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/glib/-/commit/987309f23ada52592bffdb5db0d8a5d58bd8097b
 (2.84.3)
+       NOTE: Negligible security impact
 CVE-2025-6035 (A flaw was found in GIMP. An integer overflow vulnerability 
exists in  ...)
        - gimp 3.0.4-2
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13518
@@ -220,6 +221,7 @@ CVE-2025-4227 (An improper access control vulnerability in 
the  Endpoint Traffic
        NOT-FOR-US: Palo Alto Networks
 CVE-2025-49589 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. 
A stack- ...)
        - pcsx2 <unfixed> (bug #1107756)
+       [bookworm] - pcsx2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35
        NOTE: 
https://github.com/PCSX2/pcsx2/commit/1aa922f7007afe71e0b58b0c3bd0833a53cb945c 
(v2.3.411)
        NOTE: 
https://github.com/PCSX2/pcsx2/commit/8eb46b5a4c0380d59cb540f8b5f59daf8e609bd7 
(v2.3.414)
@@ -2895,6 +2897,7 @@ CVE-2025-4673 (Proxy-Authorization and Proxy-Authenticate 
headers persisted on c
        - golang-1.24 <unfixed> (bug #1107364)
        - golang-1.23 <unfixed> (bug #1107390)
        - golang-1.19 <removed>
+       [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        NOTE: https://github.com/golang/go/issues/73816
        NOTE: Fixed by: 
https://github.com/golang/go/commit/85897ca220a149333a88b1e4d63f3b751f1141f5 
(go1.24.4)
@@ -3651,8 +3654,10 @@ CVE-2025-5455 (An issue was found in the private API 
function qDecodeDataUrl() i
        - qt6-base <unfixed>
        [bookworm] - qt6-base <no-dsa> (Minor issue)
        - qtbase-opensource-src <unfixed>
+       [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
        [bullseye] - qtbase-opensource-src <postponed> (Minor issue; DoS for 
local user)
        - qtbase-opensource-src-gles <unfixed>
+       [bookworm] - qtbase-opensource-src-gles <no-dsa> (Minor issue)
        [bullseye] - qtbase-opensource-src-gles <postponed> (Minor issue; DoS 
for local user)
        NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/642006
 CVE-2025-5447 (A vulnerability was found in Linksys RE6500, RE6250, RE6300, 
RE6350, R ...)
@@ -6085,6 +6090,7 @@ CVE-2025-48063 (XWiki is a generic wiki platform. In 
XWiki 16.10.0, required rig
        NOT-FOR-US: XWiki
 CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and 
including 1 ...)
        - jq 1.8.0-1 (bug #1106288)
+       [bookworm] - jq <no-dsa> (Minor issue)
        [bullseye] - jq <postponed> (Minor issue; revisit when fixed upstream)
        NOTE: 
https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w
 CVE-2025-48012 (Authentication Bypass by Capture-replay vulnerability in 
Drupal One Ti ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source 
package.
 
+--
+ark (jmm)
 --
 catdoc (carnil)
   Maintainer is preparing own updates; same version across all supported 
versions and



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fca0ec89c1ec24691e16b2fdbcb2cce4d077617

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3fca0ec89c1ec24691e16b2fdbcb2cce4d077617
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to