Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c137a717 by Moritz Muehlenhoff at 2025-09-01T17:24:48+02:00
bookworm/trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -242,6 +242,8 @@ CVE-2025-9499 (The Ocean Extra plugin for WordPress is
vulnerable to Stored Cros
NOT-FOR-US: WordPress plugin
CVE-2025-58160 (tracing is a framework for instrumenting Rust programs to
collect stru ...)
- rust-tracing-subscriber <unfixed> (bug #1112553)
+ [trixie] - rust-tracing-subscriber <no-dsa> (Minor issue)
+ [bookworm] - rust-tracing-subscriber <no-dsa> (Minor issue)
NOTE:
https://github.com/tokio-rs/tracing/security/advisories/GHSA-xwfj-jgwm-7wp5
NOTE: https://github.com/tokio-rs/tracing/pull/3368
NOTE: Fixed by:
https://github.com/tokio-rs/tracing/commit/4c52ca5266a3920fc5dfeebda2accf15ee7fb278
(tracing-subscriber-0.3.20)
@@ -292,6 +294,8 @@ CVE-2025-9671 (A weakness has been identified in UAB
Paytend App up to 2.1.9 on
NOT-FOR-US: UAB Paytend App
CVE-2025-9670 (A security flaw has been discovered in mixmark-io turndown up
to 7.2.1 ...)
- node-turndown <unfixed>
+ [trixie] - node-turndown <no-dsa> (Minor issue)
+ [bookworm] - node-turndown <no-dsa> (Minor issue)
NOTE: https://github.com/mixmark-io/turndown/issues/501
CVE-2025-9669 (A vulnerability has been found in Jinher OA 1.0. This issue
affects so ...)
NOT-FOR-US: Jinher OA
@@ -363,6 +367,8 @@ CVE-2025-56577 (An issue in Evope Core v.1.1.3.20 allows a
local attacker to obt
NOT-FOR-US: Evope Core
CVE-2025-55763 (Buffer Overflow in the URI parser of CivetWeb 1.14 through
1.16 (lates ...)
- civetweb <unfixed> (bug #1112507)
+ [trixie] - civetweb <no-dsa> (Minor issue)
+ [bookworm] - civetweb <no-dsa> (Minor issue)
NOTE: https://github.com/krispybyte/CVE-2025-55763
NOTE: https://github.com/civetweb/civetweb/pull/1347
CVE-2025-55750 (Gitpod is a developer platform for cloud development
environments. In ...)
@@ -1012,8 +1018,9 @@ CVE-2025-31972 (HCL BigFix SM is affected by a Sensitive
Information Exposure vu
CVE-2025-31971 (AIML Solutions for HCL SX is vulnerable to a URL validation
vulnerabil ...)
NOT-FOR-US: HCL
CVE-2025-29364 (spimsimulator spim v9.1.24 and before is vulnerable to Buffer
Overflow ...)
- - spim <unfixed>
+ - spim <unfixed> (unimportant)
NOTE:
https://github.com/Giles-one/spimsimulatorEscape?tab=readme-ov-file#bug2-bypass-check-in-read_syscall-and-write_syscall-leading-to-out-of-bounds-readwrite
+ NOTE: Negligible security impact
CVE-2025-25010 (Incorrect authorization in Kibana can lead to privilege
escalation via ...)
- kibana <itp> (bug #700337)
CVE-2025-0951 (Multiple plugins and/or themes for WordPress by LiquidThemes
are vulne ...)
@@ -52923,6 +52930,7 @@ CVE-2025-29787 (`zip` is a zip library for rust which
supports reading and writi
NOTE: Fixed by:
https://github.com/zip-rs/zip2/commit/a2e062f37066c3b12860a32eb1cb44856cfb7afe
(v2.3.0)
CVE-2025-29786 (Expr is an expression language and expression evaluation for
Go. Prior ...)
- golang-github-antonmedv-expr <unfixed> (bug #1103788)
+ [trixie] - golang-github-antonmedv-expr <no-dsa> (Minor issue)
[bookworm] - golang-github-antonmedv-expr <no-dsa> (Minor issue)
[bullseye] - golang-github-antonmedv-expr <postponed> (Minor issue)
NOTE: https://github.com/advisories/GHSA-93mq-9ffx-83m2
=====================================
data/dsa-needed.txt
=====================================
@@ -33,6 +33,8 @@ intel-microcode (carnil)
--
jackson-core
--
+jetty9/oldstable
+--
jetty12/stable
--
libreswan/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c137a717a4a77ee3af11551649650d92f6dfd316
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c137a717a4a77ee3af11551649650d92f6dfd316
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
