Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
537cc7e3 by Moritz Muehlenhoff at 2025-06-27T16:31:38+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,6 +8,7 @@ CVE-2025-6751 (A vulnerability, which was classified as
critical, was found in L
NOT-FOR-US: Linksys
CVE-2025-6750 (A vulnerability, which was classified as problematic, has been
found i ...)
- hdf5 <unfixed>
+ [bookworm] - hdf5 <no-dsa> (Minor issue)
NOTE: https://github.com/HDFGroup/hdf5/issues/5549
CVE-2025-6749 (A vulnerability classified as critical was found in huija
bicycleShari ...)
NOT-FOR-US: bicycleSharingServer
@@ -1006,8 +1007,9 @@ CVE-2025-52969 (ClickHouse 25.7.1.557 allows
low-privileged users to execute she
NOTE: Not considered a security issue by upstream
NOTE: https://github.com/skraft9/clickhouse-security-research
CVE-2025-52968 (xdg-open in xdg-utils through 1.2.1 can send requests
containing SameS ...)
- - xdg-utils <unfixed>
+ - xdg-utils <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/23/1
+ NOTE: Hardening/security enhancement, not a security issue in xdg-utils
CVE-2025-52967 (gateway_proxy_handler in MLflow before 3.1.0 lacks
gateway_path valida ...)
NOT-FOR-US: mlflow
CVE-2025-52939 (Out-of-bounds Write vulnerability in dail8859 NotepadNext
(src/lua/src ...)
@@ -1807,11 +1809,13 @@ CVE-2025-6272 (A vulnerability has been found in wasm3
0.5.0 and classified as p
CVE-2025-6271 (A vulnerability, which was classified as problematic, was found
in swf ...)
- swftools <removed>
CVE-2025-6270 (A vulnerability, which was classified as critical, has been
found in H ...)
- - hdf5 <unfixed> (bug #1108156)
+ - hdf5 <unfixed> (bug #1108156; unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5580
+ NOTE: Negligible security impact
CVE-2025-6269 (A vulnerability classified as critical was found in HDF5 up to
1.14.6. ...)
- - hdf5 <unfixed> (bug #1108155)
+ - hdf5 <unfixed> (bug #1108155; unimportant)
NOTE: https://github.com/HDFGroup/hdf5/issues/5579
+ NOTE: Negligible security impact
CVE-2025-6268 (A vulnerability classified as problematic has been found in
Luna Imagi ...)
NOT-FOR-US: Luna Imaging
CVE-2025-6267 (A vulnerability was found in zhilink
\u667a\u4e92\u8054(\u6df1\u5733)\ ...)
@@ -3927,8 +3931,9 @@ CVE-2025-6177 (Privilege Escalation in MiniOS in Google
ChromeOS (16063.45.2 and
CVE-2025-6172 (Permission vulnerability in the mobile application
(com.afmobi.boompla ...)
NOT-FOR-US: TECNO Mobile
CVE-2025-6170 (A flaw was found in the interactive shell of the xmllint
command-line ...)
- - libxml2 <unfixed> (bug #1107938)
+ - libxml2 <unfixed> (bug #1107938; unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-6137 (A vulnerability classified as critical has been found in
TOTOLINK T10 ...)
NOT-FOR-US: TOTOLINK
CVE-2025-6136 (A vulnerability was found in Projectworlds Life Insurance
Management S ...)
@@ -4029,6 +4034,7 @@ CVE-2025-48988 (Allocation of Resources Without Limits or
Throttling vulnerabili
NOTE:
https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910
(9.0.106)
CVE-2025-48976 (Allocation of resources for multipart headers with
insufficient limits ...)
- libcommons-fileupload-java <unfixed> (bug #1108120)
+ [bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
- tomcat11 <unfixed> (bug #1108118)
- tomcat10 <unfixed> (bug #1108119)
- tomcat9 9.0.70-2
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/537cc7e36bfc8cf50c2462bf47d12b3d0f61c3cc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/537cc7e36bfc8cf50c2462bf47d12b3d0f61c3cc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
