Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9814d204 by Moritz Muehlenhoff at 2025-08-29T15:08:59+02:00
bookworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9219,6 +9219,7 @@ CVE-2025-8265 (A vulnerability classified as critical has
been found in 299Ko CM
NOT-FOR-US: 299Ko CMS
CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module
affecting ...)
- python3.13 3.13.6-1
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
- python3.11 <removed>
[bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -18888,6 +18889,7 @@ CVE-2025-5731 (A flaw was found in Infinispan CLI. A
sensitive password, decoded
NOT-FOR-US: Infinispan
CVE-2025-52555 (Ceph is a distributed object, block, and file storage
platform. In ver ...)
- ceph 18.2.6-1 (bug #1108410)
+ [bookworm] - ceph <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2374412
NOTE: https://www.openwall.com/lists/oss-security/2025/06/26/1
NOTE: https://github.com/ceph/ceph/pull/60314
@@ -22381,6 +22383,7 @@ CVE-2025-6196 (A flaw was found in libgepub, a library
used to read EPUB files.
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libgepub/-/commit/70895c45364ef4ee827b39b2ed1c33723410e94c
(0.7.2)
CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic
complexity w ...)
- python3.13 3.13.6-1
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.12 <removed>
- python3.11 <removed>
[bookworm] - python3.11 <no-dsa> (Minor issue)
@@ -23167,6 +23170,7 @@ CVE-2025-6052 (A flaw was found in how GLib\u2019s
GString manages memory when a
NOTE: Negligible security impact
CVE-2025-6035 (A flaw was found in GIMP. An integer overflow vulnerability
exists in ...)
- gimp 3.0.4-2
+ [bookworm] - gimp <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/13518
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/548bc3a46d54711d974aae9ce1bce291376c0436
(GIMP_3_0_4)
CVE-2025-6030 (Use of fixed learning codes, one code to lock the car and the
other co ...)
@@ -43184,6 +43188,7 @@ CVE-2025-2761 (GIMP FLI File Parsing Out-Of-Bounds
Write Remote Code Execution V
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/0806bc76ca74543d20e1307ccf6aebd26395c56c
(GIMP_3_0_0)
CVE-2025-2760 (GIMP XWD File Parsing Integer Overflow Remote Code Execution
Vulnerabi ...)
- gimp 3.0.4-3 (bug #1107758)
+ [bookworm] - gimp <no-dsa> (Minor issue)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-203/
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790
NOTE: Original fix incomplete (for 32bit systems):
@@ -70248,6 +70253,7 @@ CVE-2025-23084 (A vulnerability has been identified in
Node.js, specifically aff
NOTE: Fixed by:
https://github.com/nodejs/node/commit/0afc6f960017708df3870ff1d61249443873637b
(v23.6.1)
CVE-2025-23083 (With the aid of the diagnostics_channel utility, an event can
be hooke ...)
- nodejs 20.18.2+dfsg-1 (bug #1094134)
+ [bookworm] - nodejs <not-affected> (Vulnerable code not present)
[bullseye] - nodejs <not-affected> (vulnerable code introduced later)
NOTE:
https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#worker-permission-bypass-via-internalworker-leak-in-diagnostics-cve-2025-23083---high
NOTE: Fixed by:
https://github.com/nodejs/node/commit/51938f023aac90dc1dc0bc1f743501788613210e
(v23.6.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9814d204d408a0e554781529a438b14d36e24099
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9814d204d408a0e554781529a438b14d36e24099
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
