[Git][security-tracker-team/security-tracker][master] 2 commits: erlang spu updated with a second CVE fix

Moritz Muehlenhoff (@jmm) Thu, 26 Jun 2025 14:08:43 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
77544f46 by Moritz Mühlenhoff at 2025-06-26T23:08:15+02:00
erlang spu updated with a second CVE fix

- - - - -
7849c17b by Moritz Mühlenhoff at 2025-06-26T23:08:15+02:00
icu DSA

- - - - -


4 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3877,6 +3877,7 @@ CVE-2025-5309 (The chat feature within Remote Support 
(RS) and Privileged Remote
        NOT-FOR-US: BeyondTrust
 CVE-2025-4748 (Improper Limitation of a Pathname to a Restricted Directory 
('Path Tra ...)
        - erlang <unfixed> (bug #1107939)
+       [bookworm] - erlang <no-dsa> (Minor issue, will be fixed via spu)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc
        NOTE: https://github.com/erlang/otp/pull/9941
        NOTE: 
https://github.com/erlang/otp/commit/10608879c81332af2d3c00db61ee173c93c1ea4e 
(OTP-26.2.5.13, OTP-27.3.4.1)


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jun 2025] DSA-5951-1 icu - security update
+       {CVE-2025-5222}
+       [bookworm] - icu 72.1-3+deb12u1
 [25 Jun 2025] DSA-5950-1 firefox-esr - security update
        {CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430}
        [bookworm] - firefox-esr 128.12.0esr-1~deb12u1


=====================================
data/dsa-needed.txt
=====================================
@@ -28,8 +28,6 @@ frr
 gh
   Santiago Vila might work on preparing an update
 --
-icu
---
 jpeg-xl
 --
 libreswan


=====================================
data/next-point-update.txt
=====================================
@@ -1,5 +1,7 @@
 CVE-2025-46712
        [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
+CVE-2025-4748
+       [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
 CVE-2025-46397
        [bookworm] - fig2dev 1:3.2.8b-3+deb12u2
 CVE-2025-46398



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/376e5925bc6e811c702d43dbe31dfc5114133ad1...7849c17bbd164daf2f5876192f75e39c3dee3053

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/376e5925bc6e811c702d43dbe31dfc5114133ad1...7849c17bbd164daf2f5876192f75e39c3dee3053
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: erlang spu updated with a second CVE fix

Reply via email to