Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
87b727ae by Thorsten Alteholz at 2025-07-26T00:45:17+02:00
mark CVE-2025-30192 as EOL for Bullseye
- - - - -
34aa47b1 by Thorsten Alteholz at 2025-07-26T00:48:12+02:00
mark CVE-2025-8058 as postponed for glibc
- - - - -
52fc4fae by Thorsten Alteholz at 2025-07-26T00:52:49+02:00
mark CVE-2025-45582 as postponed for Buster
- - - - -
e69ba9b5 by Thorsten Alteholz at 2025-07-26T01:13:49+02:00
mark CVE-2025-7962 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -818,6 +818,7 @@ CVE-2025-8060 (A vulnerability has been found in Tenda AC23
16.03.07.52 and clas
NOT-FOR-US: Tenda
CVE-2025-8058 (The regcomp function in the GNU C library version from 2.4 to
2.41 is ...)
- glibc <unfixed> (bug #1109803)
+ [bullseye] - glibc <postponed> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33185
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2025-0005
NOTE: Inroduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=963d8d782fc98fb6dc3a66f0068795f9920c269d
@@ -1364,7 +1365,9 @@ CVE-2025-38352 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/f90fff1e152dedf52b932240ebbd670d83330eca (6.16-rc2)
CVE-2025-7962 (In Jakarta Mail 2.0.2 it is possible to preform a SMTP
Injection by ut ...)
- jakarta-mail <unfixed> (bug #1109804)
+ [bullseye] - jakarta-mail <postponed> (Minor issue)
- javamail <unfixed> (bug #1109824)
+ [bullseye] - javamail <postponed> (Minor issue)
NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/67
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/290
NOTE:
https://github.com/jakartaee/mail-api/commit/cc9b954f3816f18f1b96dd50b1f8f51b3116462d
(1.6.8)
@@ -1751,6 +1754,7 @@ CVE-2025-30192 (An attacker spoofing answers to ECS
enabled requests sent out by
- pdns-recursor <unfixed> (bug #1109808)
[trixie] - pdns-recursor <no-dsa> (Minor issue; can be fixed via point
release update)
[bookworm] - pdns-recursor <no-dsa> (Minor issue; can be fixed via
point release update)
+ [bullseye] - pdns-recursor <end-of-life> (No longer supported with
security updates in Bullseye)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html
CVE-2025-2301 (Authorization Bypass Through User-Controlled Key vulnerability
in Akbi ...)
NOT-FOR-US: Akbim Software Online Exam Registration
@@ -3893,6 +3897,7 @@ CVE-2025-47182 (Improper input validation in Microsoft
Edge (Chromium-based) all
NOT-FOR-US: Microsoft
CVE-2025-45582 (GNU Tar through 1.35 allows file overwrite via directory
traversal in ...)
- tar <unfixed>
+ [bullseye] - tar <postponed> (Minor issue)
NOTE: https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
TODO: check details
CVE-2025-43856 (immich is a high performance self-hosted photo and video
management so ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a4a099087333483dad66a049ae3bd224fd4674b...e69ba9b5fce39a9d42e40d04765cc065ab676306
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9a4a099087333483dad66a049ae3bd224fd4674b...e69ba9b5fce39a9d42e40d04765cc065ab676306
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
