Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d5061225 by Emilio Pozuelo Monfort at 2025-09-11T11:13:46+02:00
lts: CVE-2024-7883/llvm-toolchain-19 ignored
- - - - -
4bef222c by Emilio Pozuelo Monfort at 2025-09-11T11:15:33+02:00
lts: CVE-2025-9566/libpod no-dsa on bullseye
- - - - -
37b8c28d by Emilio Pozuelo Monfort at 2025-09-11T11:17:24+02:00
lts: CVE-2025-8277/libssh no-dsa on bullseye
The issue is very minor and only affects clients, not servers.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -456,6 +456,7 @@ CVE-2025-8277 (A flaw was found in libssh's handling of key
exchange (KEX) proce
- libssh <unfixed> (bug #1114859)
[trixie] - libssh <no-dsa> (Minor issue)
[bookworm] - libssh <no-dsa> (Minor issue)
+ [bullseye] - libssh <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2383888
NOTE: https://www.libssh.org/security/advisories/CVE-2025-8277.txt
CVE-2025-8008 (A security issue exists in the protected mode of EN4TR devices,
where ...)
@@ -1474,6 +1475,7 @@ CVE-2025-9566 (There's a vulnerability in podman where an
attacker may use the k
[trixie] - podman <no-dsa> (Minor issue)
- libpod <removed>
[bookworm] - libpod <no-dsa> (Minor issue)
+ [bullseye] - libpod <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2393152
NOTE: Fixed by:
https://github.com/containers/podman/commit/aaf8b9dc0cfec76444f7eda60660347646b90a13
(v5.6.1)
CVE-2025-9057 (The Biagiotti Core plugin for WordPress is vulnerable to Stored
Cross- ...)
@@ -98873,6 +98875,7 @@ CVE-2024-7883 (When using Arm Cortex-M Security
Extensions (CMSE), Secure stack
- llvm-toolchain-19 <unfixed> (bug #1104015)
[trixie] - llvm-toolchain-19 <ignored> (Minor issue, doesn't affect the
default build flags in Debian and no backport into release branch 19 planned)
[bookworm] - llvm-toolchain-19 <ignored> (Minor issue, doesn't affect
the default build flags in Debian and no backport into release branches planned)
+ [bullseye] - llvm-toolchain-19 <ignored> (Minor issue, doesn't affect
the default build flags in Debian and no backport into release branches planned)
- llvm-toolchain-21 <not-affected> (Fixed before initial release)
NOTE:
https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2322994
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bffab6a0f30c1fee1efa4fc6d8082f305076978...37b8c28d155de750734154ae18a2c1e3fe92637d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0bffab6a0f30c1fee1efa4fc6d8082f305076978...37b8c28d155de750734154ae18a2c1e3fe92637d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
