Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b8922ae by security tracker role at 2025-07-27T08:13:05+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2025-8225 (A vulnerability was found in GNU Binutils 2.44 and classified
as probl ...)
+ TODO: check
+CVE-2025-8224 (A vulnerability has been found in GNU Binutils 2.44 and
classified as ...)
+ TODO: check
+CVE-2025-8223 (A vulnerability, which was classified as problematic, was found
in jer ...)
+ TODO: check
+CVE-2025-8222 (A vulnerability, which was classified as problematic, has been
found i ...)
+ TODO: check
+CVE-2025-8221 (A vulnerability classified as problematic was found in
jerryshensjf JP ...)
+ TODO: check
+CVE-2025-8220 (A vulnerability classified as critical has been found in
Engeman Web u ...)
+ TODO: check
+CVE-2025-8219 (A vulnerability was found in Shanghai Lingdang Information
Technology ...)
+ TODO: check
+CVE-2025-8211 (A vulnerability was found in Roothub up to 2.6. It has been
declared a ...)
+ TODO: check
+CVE-2025-8210 (A vulnerability was found in Yeelink Yeelight App up to 3.5.4
on Andro ...)
+ TODO: check
+CVE-2025-8104 (The Memory Usage plugin for WordPress is vulnerable to
Cross-Site Requ ...)
+ TODO: check
+CVE-2025-6241 (LsiAgent.exe, a component of SysTrack from Lakeside Software,
attempts ...)
+ TODO: check
+CVE-2025-5120 (A sandbox escape vulnerability was identified in
huggingface/smolagent ...)
+ TODO: check
+CVE-2025-54597 (LinuxServer.io Heimdall before 2.7.3 allows XSS via the q
parameter.)
+ TODO: check
CVE-2025-8207 (A vulnerability was found in Canara ai1 Mobile Banking App
3.6.23 on A ...)
TODO: check
CVE-2025-8206 (A vulnerability, which was classified as problematic, was found
in Com ...)
@@ -1198,7 +1224,7 @@ CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64
results in all "RewriteCond e
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by:
https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird
ESR 128. ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1209,7 +1235,7 @@ CVE-2025-8040 (Memory safety bugs present in Firefox ESR
140.0, Thunderbird ESR
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR
128.12, ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1220,7 +1246,7 @@ CVE-2025-8044 (Memory safety bugs present in Firefox 140
and Thunderbird 140. So
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
CVE-2025-8033 (The JavaScript engine did not handle closed generators
correctly and i ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1234,7 +1260,7 @@ CVE-2025-8038 (Thunderbird ignored paths when checking
the validity of navigatio
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
CVE-2025-8032 (XSLT document loading did not correctly propagate the source
document ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1242,7 +1268,7 @@ CVE-2025-8032 (XSLT document loading did not correctly
propagate the source docu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
CVE-2025-8031 (The `username:password` part was not correctly stripped from
URLs in C ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1253,7 +1279,7 @@ CVE-2025-8043 (Focus incorrectly truncated URLs towards
the beginning instead of
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature
could po ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1267,7 +1293,7 @@ CVE-2025-8036 (Thunderbird cached CORS preflight
responses across IP address cha
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object`
and `emb ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1281,7 +1307,7 @@ CVE-2025-8041
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries
could le ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1289,7 +1315,7 @@ CVE-2025-8028 (On arm64, a WASM `br_table` instruction
with a lot of entries cou
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the
64-bit ret ...)
- {DSA-5964-1 DLA-4250-1}
+ {DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -163516,7 +163542,7 @@ CVE-2023-38625 (A post-authenticated server-side
request forgery (SSRF) vulnerab
CVE-2023-38624 (A post-authenticated server-side request forgery (SSRF)
vulnerability ...)
NOT-FOR-US: Trend Micro
CVE-2023-36177 (An issue was discovered in badaix Snapcast version 0.27.0,
allows remo ...)
- {DSA-5847-1}
+ {DSA-5847-1 DLA-4252-1}
- snapcast 0.30.0-1
NOTE: Introduced with:
https://github.com/badaix/snapcast/commit/b26d8929505a30bb6177bd1b905f13eace1530dc
(v0.16.0)
NOTE: Fixed by:
https://github.com/badaix/snapcast/commit/9e6009cad0ef6e2e88f64a1b2504eb4749af287f
(v0.30.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8922ae1a4ebb943de8d760c906d3c5aa5147ca
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b8922ae1a4ebb943de8d760c906d3c5aa5147ca
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
