Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
539db480 by Moritz Muehlenhoff at 2025-08-11T17:57:20+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -277,12 +277,14 @@ CVE-2025-8735 (A vulnerability classified as problematic
was found in GNU cflow
NOTE: Crash in CLI tool, no security impact
CVE-2025-8734 (A vulnerability classified as problematic has been found in GNU
Bison ...)
- bison <unfixed> (bug #1110611)
+ [trixie] - bison <no-dsa> (Minor issue)
+ [bookworm] - bison <no-dsa> (Minor issue)
NOTE: https://github.com/akimd/bison/issues/115
CVE-2025-8733 (A vulnerability was found in GNU Bison up to 3.8.2. It has been
rated ...)
- bison <unfixed> (unimportant; bug #1110610)
NOTE: https://github.com/akimd/bison/issues/113
NOTE: https://github.com/akimd/bison/issues/114
- NOTE: Negligible security impact
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-8732 (A vulnerability was found in libxml2 up to 2.14.5. It has been
declare ...)
- libxml2 <unfixed> (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958
@@ -581,6 +583,7 @@ CVE-2023-40992 (Hospital Management System 4 is vulnerable
to a SQL injection in
NOT-FOR-US: Hospital Management System
CVE-2025-47907 (Cancelling a query (e.g. by cancelling the context passed to
one of th ...)
- golang-1.24 <unfixed>
+ [trixie] - golang-1.24 <no-dsa> (Minor issue)
- golang-1.23 <unfixed>
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
@@ -592,6 +595,7 @@ CVE-2025-47907 (Cancelling a query (e.g. by cancelling the
context passed to one
NOTE:
https://github.com/golang/go/commit/8a924caaf348fdc366bab906424616b2974ad4e9
(go1.23.12)
CVE-2025-47906
- golang-1.24 <unfixed>
+ [trixie] - golang-1.24 <no-dsa> (Minor issue)
- golang-1.23 <unfixed>
- golang-1.19 <removed>
[bookworm] - golang-1.19 <no-dsa> (Minor issue)
@@ -1513,6 +1517,8 @@ CVE-2025-51390 (TOTOLINK N600R V4.3.0cu.7647_B20210106
was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2025-50422 (Cairo through 1.18.4, as used in Poppler through 25.08.0, has
an "unsc ...)
- cairo <unfixed> (bug #1110606)
+ [trixie] - cairo <no-dsa> (Minor issue)
+ [bookworm] - cairo <no-dsa> (Minor issue)
[bullseye] - cairo <postponed> (Minor Issue; need dump right and local
access)
NOTE: https://github.com/Landw-hub/CVE-2025-50422
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1591
@@ -1527,7 +1533,6 @@ CVE-2025-50420 (An issue in the pdfseparate utility of
freedesktop poppler v25.0
CVE-2025-50340 (An Insecure Direct Object Reference (IDOR) vulnerability was
discovere ...)
- sogo <unfixed> (bug #1110604)
NOTE:
https://github.com/millad7/SOGo_web_mail-vulnerability-CVE-2025-50340
- TODO: check, contacted maintainer to verify
CVE-2025-46206 (An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote
attacker to c ...)
- mupdf 1.25.1+ds1-7 (bug #1110482)
[trixie] - mupdf <no-dsa> (Minor issue)
@@ -3162,6 +3167,8 @@ CVE-2025-8263
REJECTED
CVE-2025-8262 (A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has
been c ...)
- node-yarnpkg <unfixed> (bug #1110609)
+ [trixie] - node-yarnpkg <no-dsa> (Minor issue)
+ [bookworm] - node-yarnpkg <no-dsa> (Minor issue)
[bullseye] - node-yarnpkg <postponed> (minor issue; DoS)
NOTE: https://github.com/yarnpkg/yarn/pull/9199
CVE-2025-8261 (A vulnerability was found in Vaelsys 4.1.0 and classified as
critical. ...)
@@ -3439,6 +3446,8 @@ CVE-2025-8176 (A vulnerability was found in LibTIFF up to
4.7.0. It has been dec
NOTE: Crash in CLI tool, no security impact
CVE-2025-8197 (A global buffer overflow vulnerability was found in the
soup_header_na ...)
- libsoup3 <unfixed> (bug #1110607)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383525
TODO: check, clarify upstream status, details for libsoup2.4
CVE-2025-8183 (NULL Pointer Dereference in \xb5D3TN via non-singleton
destination End ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539db480b9796608991288839727d69ae5d63b53
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/539db480b9796608991288839727d69ae5d63b53
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
