Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
37442f92 by Moritz Muehlenhoff at 2025-09-14T20:53:37+02:00
bookworm/trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1830,6 +1830,8 @@ CVE-2025-40928 (JSON::XS before version 4.04 for Perl has
an integer buffer over
NOTE:
https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch
CVE-2025-58782 (Deserialization of Untrusted Data vulnerability in Apache
Jackrabbit C ...)
- jackrabbit <unfixed> (bug #1114861)
+ [trixie] - jackrabbit <no-dsa> (Minor issue)
+ [bookworm] - jackrabbit <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/06/3
NOTE: https://issues.apache.org/jira/browse/JCR-5135
NOTE:
https://github.com/apache/jackrabbit/commit/7a319093c9864111bb86c9895148e580e0f8259a
(jackrabbit-2.23.2-beta)
@@ -22976,12 +22978,14 @@ CVE-2025-53076 (Improper Input Validation
vulnerability in Samsung Open Source r
NOTE: Fxied by:
https://github.com/Samsung/rlottie/commit/36ddb42d78d1b13c1b1d7e1699aef8a9f339ab6f
CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source
rLottie ...)
- rlottie <unfixed> (bug #1109341)
+ [trixie] - rlottie <no-dsa> (Minor issue)
[bookworm] - rlottie <no-dsa> (Minor issue)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE:
https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source
rLottie allows ...)
- rlottie <unfixed> (bug #1109341)
+ [trixie] - rlottie <no-dsa> (Minor issue)
[bookworm] - rlottie <no-dsa> (Minor issue)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
@@ -23012,6 +23016,7 @@ CVE-2025-38087 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/b160766e26d4e2e2d6fe2294e0b02f92baefcec5 (6.16-rc3)
CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie
allows Rem ...)
- rlottie <unfixed> (bug #1109341)
+ [trixie] - rlottie <no-dsa> (Minor issue)
[bookworm] - rlottie <no-dsa> (Minor issue)
[bullseye] - rlottie <postponed> (Minor issue)
NOTE: https://github.com/Samsung/rlottie/pull/571
=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ mbedtls/oldstable
--
netty
--
+node-sha.js (jmm)
+--
opennds/oldstable
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37442f920a959618b2b050698c8b048eeffa23ec
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37442f920a959618b2b050698c8b048eeffa23ec
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
