Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1a9f9080 by Moritz Muehlenhoff at 2025-06-18T11:37:24+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -66,15 +66,18 @@ CVE-2025-6199 (A flaw was found in the GIF parser of
GdkPixbuf\u2019s LZW decode
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/c4986342b241cdc075259565f3fa7a7597d32a32
(2.43.2)
CVE-2025-6196 (A flaw was found in libgepub, a library used to read EPUB
files. The s ...)
- libgepub 0.7.3-1
+ [bookworm] - libgepub <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libgepub/-/issues/18
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c
(0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic
complexity w ...)
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- python2.7 <removed>
- jython <unfixed>
+ [bookworm] - jython <no-dsa> (Minor issue)
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
NOTE: https://github.com/python/cpython/issues/135462
NOTE: https://github.com/python/cpython/pull/135464
@@ -418,6 +421,7 @@ CVE-2025-6142 (A vulnerability was found in Intera InHire
up to 20250530. It has
NOT-FOR-US: Intera InHire
CVE-2025-6141 (A vulnerability has been found in GNU ncurses up to
6.5-20250322 and c ...)
- ncurses <unfixed> (bug #1107937)
+ [bookworm] - ncurses <no-dsa> (Minor issue)
NOTE:
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html
NOTE:
https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html
NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20250329
@@ -472,10 +476,12 @@ CVE-2025-32800 (Conda-build contains commands and tools
to build conda packages.
CVE-2025-32799 (Conda-build contains commands and tools to build conda
packages. Prior ...)
NOT-FOR-US: Conda-build
CVE-2025-27587 (OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is
vulnerable ...)
- - openssl 3.5.0-1
+ - openssl 3.5.0-1 (unimportant)
NOTE: https://github.com/openssl/openssl/issues/24253
NOTE:
https://github.com/openssl/openssl/commit/85cabd94958303859b1551364a609d4ff40b67a5
(master)
NOTE:
https://github.com/openssl/openssl/commit/080c6be0b102934bf66daeac70f0863f209f8d0f
(openssl-3.5.0-beta1)
+ NOTE:
https://github.com/openssl/openssl/issues/24253#issuecomment-2144391562
+ NOTE: Not considered a vulnerability by OpenSSL upstream
CVE-2024-45380
REJECTED
CVE-2024-45069
@@ -4980,9 +4986,10 @@ CVE-2025-47697 (Client-side enforcement of server-side
security issue exists in
CVE-2025-46352 (The CS5000 Fire Panel is vulnerable due to a hard-coded
password that ...)
NOT-FOR-US: CS5000 Fire Panel
CVE-2025-44906 (jhead v3.08 was discovered to contain a heap-use-after-free
via the Pr ...)
- - jhead <unfixed>
+ - jhead <undetermined>
NOTE:
https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md
NOTE: https://github.com/Matthias-Wandel/jhead/issues/90
+ NOTE: Not reproducible by upstream
CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow
via the ...)
- hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc5.md
@@ -6973,6 +6980,7 @@ CVE-2025-4969 (A vulnerability was found in the libsoup
package. This flaw stems
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/467
CVE-2025-4949 (In Eclipse JGit versions 7.2.0.202503040940-r and older, the
ManifestP ...)
- jgit <unfixed> (bug #1106287)
+ [bookworm] - jgit <no-dsa> (Minor issue)
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/64
CVE-2025-4524 (The Madara \u2013 Responsive and modern WordPress theme for
manga site ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -25,6 +25,8 @@ commons-vfs (apo)
frr
coordination with the maintainer ongoing, Daniel Baumann proposing an update
--
+gdk-pixbuf (jmm)
+--
gh
Santiago Vila might work on preparing an update
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a9f908055369ab59d147abb00855c23fe783fd6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a9f908055369ab59d147abb00855c23fe783fd6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
