Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
739097c3 by Moritz Muehlenhoff at 2025-08-13T13:27:37+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5143,6 +5143,7 @@ CVE-2015-10143 (The Platform theme for WordPress is
vulnerable to unauthorized m
CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF
Enable bi ...)
[experimental] - qemu 1:10.1.0~rc1+ds-2
- qemu 1:10.0.3+ds-1 (bug #1109989)
+ [trixie] - qemu <no-dsa> (Minor issue)
[bookworm] - qemu <not-affected> (Vulnerable code not present)
[bullseye] - qemu <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/
@@ -5151,6 +5152,7 @@ CVE-2025-54567 (hw/pci/pcie_sriov.c in QEMU through
10.0.3 mishandles the VF Ena
CVE-2025-54566 (hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration
state incon ...)
[experimental] - qemu 1:10.1.0~rc1+ds-2
- qemu 1:10.0.3+ds-1 (bug #1109989)
+ [trixie] - qemu <no-dsa> (Minor issue)
[bookworm] - qemu <not-affected> (Vulnerable code not present)
[bullseye] - qemu <not-affected> (Vulnerable code not present)
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/
@@ -14720,6 +14722,7 @@ CVE-2025-6393 (A vulnerability was found in TOTOLINK
A702R, A3002R, A3002RU and
NOT-FOR-US: TOTOLINK
CVE-2025-6375 (A vulnerability was found in poco up to 1.14.1. It has been
rated as p ...)
- poco <unfixed> (bug #1108157)
+ [trixie] - poco <no-dsa> (Minor issue)
[bookworm] - poco <no-dsa> (Minor issue)
[bullseye] - poco <postponed> (Minor issue)
NOTE: https://github.com/pocoproject/poco/issues/4915
@@ -17879,6 +17882,7 @@ CVE-2025-4227 (An improper access control vulnerability
in the Endpoint Traffic
NOT-FOR-US: Palo Alto Networks
CVE-2025-49589 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator.
A stack- ...)
- pcsx2 <unfixed> (bug #1107756)
+ [trixie] - pcsx2 <no-dsa> (Minor issue)
[bookworm] - pcsx2 <no-dsa> (Minor issue)
[bullseye] - pcsx2 <postponed> (Minor issue)
NOTE:
https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35
@@ -19212,11 +19216,13 @@ CVE-2025-5900 (A vulnerability, which was classified
as problematic, was found i
NOT-FOR-US: Tenda
CVE-2025-5899 (A vulnerability classified as critical was found in GNU PSPP
82fb509fb ...)
- pspp <unfixed> (bug #1107819)
+ [trixie] - pspp <no-dsa> (Minor issue)
[bookworm] - pspp <no-dsa> (Minor issue)
[bullseye] - pspp <postponed> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/index.php?67072
CVE-2025-5898 (A vulnerability classified as critical has been found in GNU
PSPP 82fb ...)
- pspp <unfixed> (bug #1107818)
+ [trixie] - pspp <no-dsa> (Minor issue)
[bookworm] - pspp <no-dsa> (Minor issue)
[bullseye] - pspp <postponed> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/index.php?67071
@@ -23982,10 +23988,17 @@ CVE-2025-4969 (A vulnerability was found in the
libsoup package. This flaw stems
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/467
CVE-2025-4949 (In Eclipse JGit versions 7.2.0.202503040940-r and older, the
ManifestP ...)
- jgit <unfixed> (bug #1106287)
+ [trixie] - jgit <no-dsa> (Minor issue)
[bookworm] - jgit <no-dsa> (Minor issue)
[bullseye] - jgit <postponed> (Minor issue)
NOTE:
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/64
+ NOTE: https://eclipse.gerrithub.io/c/eclipse-jgit/jgit/+/1215019
+ NOTE: https://eclipse.gerrithub.io/c/eclipse-jgit/jgit/+/1215020
+ NOTE: Fixed in:
+ NOTE: 6.10.1.202505221210-r
+ NOTE: 7.0.1.202505221510-r
+ NOTE: 7.1.1.202505221757-r
CVE-2025-4524 (The Madara \u2013 Responsive and modern WordPress theme for
manga site ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4436
@@ -27764,11 +27777,13 @@ CVE-2025-47816 (libpspp-core.a in GNU PSPP through
2.0.1 allows attackers to cau
NOTE: https://savannah.gnu.org/bugs/?67073
CVE-2025-47815 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to
cause a h ...)
- pspp <unfixed> (bug #1105105)
+ [trixie] - pspp <no-dsa> (Minor issue)
[bookworm] - pspp <no-dsa> (Minor issue)
[bullseye] - pspp <postponed> (Minor issue, no patch)
NOTE: https://savannah.gnu.org/bugs/?67075
CVE-2025-47814 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to
cause a h ...)
- pspp <unfixed> (bug #1105106)
+ [trixie] - pspp <no-dsa> (Minor issue)
[bookworm] - pspp <no-dsa> (Minor issue)
[bullseye] - pspp <postponed> (Minor issue, no patch)
NOTE: https://savannah.gnu.org/bugs/?67074
@@ -36784,6 +36799,7 @@ CVE-2025-3573 (Versions of the package
jquery-validation before 1.20.0 are vulne
- znuny <unfixed> (bug #1104135)
[bookworm] - znuny <no-dsa> (Minor issue)
- phpmyadmin <unfixed> (bug #1104136)
+ [trixie] - phpmyadmin <no-dsa> (Minor issue)
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
[bullseye] - phpmyadmin <postponed> (Minor Issue; barely an issue in
the phpmyadmin package XSS)
- node-jquery-validation <not-affected> (Fixed before initial upload to
Debian)
@@ -83951,6 +83967,7 @@ CVE-2024-52523 (Nextcloud Server is a self hosted
personal cloud system. After s
- nextcloud-server <itp> (bug #941708)
CVE-2024-52522 (Rclone is a command-line program to sync files and directories
to and ...)
- rclone <unfixed> (bug #1088107)
+ [trixie] - rclone <no-dsa> (Minor issue)
[bookworm] - rclone <no-dsa> (Minor issue)
[bullseye] - rclone <not-affected> (--metadata added in 1.59.0)
NOTE:
https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv
@@ -416462,11 +416479,9 @@ CVE-2020-21723 (A Segmentation Fault issue
discovered StreamSerializer::extractS
NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/
NOTE: Crash in CLI tool, no security impact
CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows
remote att ...)
- - oggvideotools <unfixed> (bug #1050836)
- [bookworm] - oggvideotools <postponed> (Minor issue, revisit when fixed
upstream)
- [bullseye] - oggvideotools <no-dsa> (Minor issue)
- [buster] - oggvideotools <no-dsa> (Minor issue)
+ - oggvideotools <unfixed> (bug #1050836; unimportant)
NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/
+ NOTE: Bogus report, was done on a very old ubuntu version and no PoC
ever provided
CVE-2020-21721
RESERVED
CVE-2020-21720
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739097c3caa07d12ee7c0401e91cc625412225e3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/739097c3caa07d12ee7c0401e91cc625412225e3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
