Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39e2a328 by Moritz Muehlenhoff at 2025-08-13T12:07:37+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14559,6 +14559,7 @@ CVE-2025-6494 (A vulnerability was found in
sparklemotion nokogiri c29c920907366
NOTE: https://github.com/sparklemotion/nokogiri/pull/3524
CVE-2025-6493 (A vulnerability was found in CodeMirror up to 5.17.0 and
classified as ...)
- codemirror-js <unfixed> (bug #1108477)
+ [trixie] - codemirror-js <no-dsa> (Minor issue)
[bookworm] - codemirror-js <no-dsa> (Minor issue)
[bullseye] - codemirror-js <postponed> (Minor issue)
NOTE: https://github.com/codemirror/codemirror5/issues/7128
@@ -27950,6 +27951,7 @@ CVE-2025-4403 (The Drag and Drop Multiple File Upload
for WooCommerce plugin for
NOT-FOR-US: WordPress plugin
CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with
GRUB c ...)
- grub2 <unfixed> (bug #1105108)
+ [trixie] - grub2 <no-dsa> (Minor issue)
[bookworm] - grub2 <no-dsa> (Minor issue)
NOTE: Fixed by:
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=c448f511e74cb7c776b314fcb7943f98d3f22b6d
NOTE: Additional hardening via:
@@ -98899,7 +98901,8 @@ CVE-2024-9049 (The Beaver Builder \u2013 WordPress Page
Builder plugin for WordP
NOT-FOR-US: WordPress plugin
CVE-2024-9029 (A flaw was found in the freeimage library. Processing a crafted
image ...)
- freeimage <unfixed> (bug #1082848)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Minor issue, revisit when fixed
upstream)
+ [bookworm] - freeimage <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - freeimage <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://sourceforge.net/p/freeimage/bugs/351/
CVE-2024-8991 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable
to Sto ...)
@@ -99959,7 +99962,8 @@ CVE-2024-33109 (Directory Traversal in the web
interface of the Tiptel IP 286 wi
NOT-FOR-US: Tiptel
CVE-2024-31570 (libfreeimage in FreeImage 3.4.0 through 3.18.0 has a
stack-based buffe ...)
- freeimage <unfixed> (bug #1082380)
- [bookworm] - freeimage <no-dsa> (Minor issue#)
+ [trixie] - freeimage <no-dsa> (Minor issue)
+ [bookworm] - freeimage <no-dsa> (Minor issue)
[bullseye] - freeimage <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://sourceforge.net/p/freeimage/bugs/355/
NOTE: https://www.openwall.com/lists/oss-security/2024/04/11/10
@@ -139194,6 +139198,7 @@ CVE-2023-51597 (Kofax Power PDF U3D File Parsing
Out-Of-Bounds Write Remote Code
NOT-FOR-US: Kofax Power PDF
CVE-2023-51596 (BlueZ Phone Book Access Profile Heap-based Buffer Overflow
Remote Code ...)
- bluez <unfixed> (bug #1074419)
+ [trixie] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -139202,6 +139207,7 @@ CVE-2023-51595 (Voltronic Power ViewPower Pro
selectDeviceListBy SQL Injection R
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51594 (BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure
Vulnerabi ...)
- bluez <unfixed> (bug #1082870)
+ [trixie] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -139210,6 +139216,7 @@ CVE-2023-51593 (Voltronic Power ViewPower Pro
Expression Language Injection Remo
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51592 (BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds
Read Inform ...)
- bluez <unfixed> (bug #1082869)
+ [trixie] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -139220,6 +139227,7 @@ CVE-2023-51590 (Voltronic Power ViewPower Pro
UpLoadAction Unrestricted File Upl
NOT-FOR-US: Voltronic Power ViewPower Pro
CVE-2023-51589 (BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds
Read Infor ...)
- bluez <unfixed> (bug #1081912)
+ [trixie] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -139242,6 +139250,7 @@ CVE-2023-51581 (Voltronic Power ViewPower
MacMonitorConsole Exposed Dangerous Me
NOT-FOR-US: Voltronic Power ViewPower
CVE-2023-51580 (BlueZ Audio Profile AVRCP avrcp_parse_attribute_list
Out-Of-Bounds Rea ...)
- bluez <unfixed> (bug #1081911)
+ [trixie] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -139450,6 +139459,7 @@ CVE-2023-44432 (Kofax Power PDF PDF File Parsing
Out-Of-Bounds Write Remote Code
NOT-FOR-US: Kofax Power PDF
CVE-2023-44431 (BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote
Code Exec ...)
- bluez <unfixed> (bug #1077687)
+ [trixie] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[bullseye] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
[buster] - bluez <postponed> (Minor issue, revisit when/if fixed
upstream)
@@ -154417,6 +154427,7 @@ CVE-2024-28581 (Buffer Overflow vulnerability in open
source FreeImage v.3.19.0
NOTE: https://sourceforge.net/p/freeimage/bugs/382/
CVE-2024-28580 (Buffer Overflow vulnerability in open source FreeImage
v.3.19.0 [r1909 ...)
- freeimage <unfixed> (bug #1068461)
+ [trixie] - freeimage <no-dsa> (Revisit when fixed upstream)
[bookworm] - freeimage <no-dsa> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Revisit when fixed upstream)
NOTE:
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
@@ -194521,6 +194532,7 @@ CVE-2023-40170 (jupyter-server is the backend for
Jupyter web applications. Impr
NOTE:
https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd
(v2.7.2)
CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows
attackers to ex ...)
- busybox <unfixed> (bug #1055307)
+ [trixie] - busybox <no-dsa> (Minor issue)
[bookworm] - busybox <no-dsa> (Minor issue)
[bullseye] - busybox <postponed> (Minor issue, revisit when fixed
upstream)
[buster] - busybox <postponed> (Minor issue, revisit when fixed
upstream)
@@ -613859,6 +613871,7 @@ CVE-2017-7476 (Gnulib before 2017-04-26 has a
heap-based buffer overflow with th
NOTE: Introduced with 4bc76593 and 4e6e16b3f.
CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer
dereference relat ...)
- cairo <unfixed> (low; bug #870264)
+ [trixie] - cairo <ignored> (Minor issue)
[bookworm] - cairo <ignored> (Minor issue)
[bullseye] - cairo <ignored> (Minor issue)
[buster] - cairo <ignored> (Minor issue)
@@ -649060,6 +649073,7 @@ CVE-2016-4456 (The "GNUTLS_KEYLOGFILE" environment
variable in gnutls 3.4.12 all
NOTE: https://www.openwall.com/lists/oss-security/2016/06/07/2
CVE-2016-1000002 (gdm3 3.14.2 and possibly later has an information leak
before screen l ...)
- gdm3 <unfixed> (low; bug #849432)
+ [trixie] - gdm3 <ignored> (Minor issue)
[bookworm] - gdm3 <ignored> (Minor issue)
[bullseye] - gdm3 <ignored> (Minor issue)
[buster] - gdm3 <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e2a328974789376bde4a179f097afc719b2cc8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39e2a328974789376bde4a179f097afc719b2cc8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
