Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
59bf9c05 by Moritz Muehlenhoff at 2025-06-24T13:26:43+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -150,8 +150,9 @@ CVE-2025-6518 (A vulnerability was found in PySpur-Dev
pyspur up to 0.1.18. It h
CVE-2025-6517 (A vulnerability was found in Dromara MaxKey up to 4.1.7 and
classified ...)
NOT-FOR-US: Dromara MaxKey
CVE-2025-6516 (A vulnerability has been found in HDF5 up to 1.14.6 and
classified as ...)
- - hdf5 <unfixed>
+ - hdf5 <unfixed> (unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5581
+ NOTE: Negligible security impact
CVE-2025-6513 (Standard Windows users can access the configuration file for
database ...)
NOT-FOR-US: Bizerba
CVE-2025-6512 (On a client with a non-admin user, a script can be integrated
into a r ...)
@@ -163,8 +164,9 @@ CVE-2025-6510 (A vulnerability was found in Netgear EX6100
1.0.2.28_1.1.138. It
CVE-2025-6509 (A vulnerability was found in seaswalker spring-analysis up to
4379cce8 ...)
NOT-FOR-US: seaswalker spring-analysis
CVE-2025-52969 (ClickHouse 25.7.1.557 allows low-privileged users to execute
shell com ...)
- - clickhouse <removed>
- TODO: check details
+ - clickhouse <removed> (unimportant)
+ NOTE: Not considered a security issue by upstream
+ NOTE: https://github.com/skraft9/clickhouse-security-research
CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests
containing SameS ...)
- xdg-utils <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2025/06/23/1
@@ -428,6 +430,7 @@ CVE-2025-6393 (A vulnerability was found in TOTOLINK A702R,
A3002R, A3002RU and
NOT-FOR-US: TOTOLINK
CVE-2025-6375 (A vulnerability was found in poco up to 1.14.1. It has been
rated as p ...)
- poco <unfixed> (bug #1108157)
+ [bookworm] - poco <no-dsa> (Minor issue)
NOTE: https://github.com/pocoproject/poco/issues/4915
NOTE:
https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
(poco-1.14.2-release)
CVE-2025-6374 (A vulnerability was found in D-Link DIR-619L 2.06B01 and
classified as ...)
@@ -788,6 +791,7 @@ CVE-2025-44635 (There are multiple unauthorized remote
command execution vulnera
NOT-FOR-US: H3C
CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit
verbose S ...)
- hoteldruid <unfixed> (bug #1108154)
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://github.com/IvanT7D3/CVE-2025-44203
CVE-2025-3319 (IBM Spectrum Protect Server 8.1 through 8.1.26 could allow
attacker to ...)
NOT-FOR-US: IBM
@@ -75259,12 +75263,14 @@ CVE-2024-50052 (Mattermost versions 9.10.x <= 9.10.2,
9.11.x <= 9.11.1, 9.5.x <=
CVE-2024-49769 (Waitress is a Web Server Gateway Interface server for Python 2
and 3. ...)
{DLA-3955-1}
- waitress 3.0.1-1 (bug #1086468)
+ [bookworm] - waitress <no-dsa> (Minor issue)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
NOTE: https://github.com/Pylons/waitress/issues/418
NOTE: https://github.com/Pylons/waitress/pull/435
NOTE: Fixed by:
https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c
(v3.0.1)
CVE-2024-49768 (Waitress is a Web Server Gateway Interface server for Python 2
and 3. ...)
- waitress 3.0.1-1 (bug #1086467)
+ [bookworm] - waitress <no-dsa> (Minor issue)
[bullseye] - waitress <not-affected> (The vulnerable code was
introduced in version 2.0)
NOTE:
https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
NOTE: Fixed by:
https://github.com/Pylons/waitress/commit/6943dcf556610ece2ff3cddb39e59a05ef110661
(v3.0.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59bf9c050b532dac011cc53090620ac8d0c70ff4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59bf9c050b532dac011cc53090620ac8d0c70ff4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
