[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 21 Sep 2025 13:12:48 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
93595c75 by security tracker role at 2025-09-21T20:12:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2025-6544 (A deserialization vulnerability exists in h2oai/h2o-3 versions 
<= 3.46 ...)
+       TODO: check
+CVE-2025-53692 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
+       TODO: check
+CVE-2025-10769 (A vulnerability has been found in h2oai h2o-3 up to 3.46.08. 
This affe ...)
+       TODO: check
+CVE-2025-10768 (A flaw has been found in h2oai h2o-3 up to 3.46.08. The 
impacted eleme ...)
+       TODO: check
 CVE-2025-10766 (A weakness has been identified in SeriaWei ZKEACMS up to 4.3. 
This iss ...)
        NOT-FOR-US: SeriaWei ZKEACMS
 CVE-2025-10765 (A security flaw has been discovered in SeriaWei ZKEACMS up to 
4.3. Thi ...)
@@ -4219,6 +4227,7 @@ CVE-2025-39792 (In the Linux kernel, the following 
vulnerability has been resolv
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/2df7168717b7d2d32bcf017c68be16e4aae9dd13 (6.17-rc1)
 CVE-2025-10256
+       {DSA-6007-1}
        - ffmpeg 7:7.1.2-1
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        [bullseye] - ffmpeg <postponed> (Minor issue)
@@ -21132,7 +21141,7 @@ CVE-2025-53644 (OpenCV is an Open Source Computer 
Vision Library. Versions prior
 CVE-2024-6234
        NOT-FOR-US: Ansible Automation Platform
 CVE-2025-7700 [NULL Pointer Dereference in FFmpeg ALS Decoder 
(libavcodec/alsdec.c)]
-       {DSA-5985-1}
+       {DSA-6007-1 DSA-5985-1}
        - ffmpeg 7:7.1.2-1
        [bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 4.3 branch)
        NOTE: Introduced with: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/object/dcfd24b10c7eaec4b7b1ec2c4abb46808721a71d
@@ -31521,6 +31530,7 @@ CVE-2025-49175 (A flaw was found in the X Rendering 
extension's handling of anim
        [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0885e0b26225c90534642fe911632ec0779eebee
 CVE-2025-6020 (A flaw was found in linux-pam. The module pam_namespace may use 
access ...)
+       {DLA-4306-1}
        [experimental] - pam 1.7.0-4
        - pam 1.7.0-5 (bug #1107919)
        [bookworm] - pam <no-dsa> (Can be fixed via point release)
@@ -38089,6 +38099,7 @@ CVE-2025-48064 (GitHub Desktop is an open-source, 
Electron-based GitHub app desi
 CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required 
rights we ...)
        NOT-FOR-US: XWiki
 CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and 
including 1 ...)
+       {DLA-4307-1}
        - jq 1.8.0-1 (bug #1106288)
        [trixie] - jq 1.7.1-6+deb13u1
        [bookworm] - jq 1.6-2.1+deb12u1
@@ -70487,6 +70498,7 @@ CVE-2025-1596 (A vulnerability was found in 
SourceCodester Best Church Managemen
 CVE-2025-1595 (A vulnerability has been found in Anhui Xufan Information 
Technology E ...)
        NOT-FOR-US: Anhui Xufan Information Technology EasyCVR
 CVE-2025-1594 (A vulnerability, which was classified as critical, was found in 
FFmpeg ...)
+       {DSA-6007-1}
        - ffmpeg 7:7.1.2-1
        [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        [bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed 
upstream)
@@ -168261,7 +168273,7 @@ CVE-2024-2773 (A vulnerability classified as 
problematic has been found in Campc
        NOT-FOR-US: Campcodes Online Marriage Registration System
 CVE-2024-2770 (A vulnerability was found in Campcodes Complete Online Beauty 
Parlor M ...)
        NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System
-CVE-2024-2769 (A vulnerability was found in Campcodes Complete Online Beauty 
Parlor M ...)
+CVE-2024-2769 (A vulnerability was detected in Campcodes Complete Online 
Beauty Parlo ...)
        NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System
 CVE-2024-2768 (A vulnerability was found in Campcodes Complete Online Beauty 
Parlor M ...)
        NOT-FOR-US: Campcodes Complete Online Beauty Parlor Management System
@@ -183700,6 +183712,7 @@ CVE-2021-4435 (An untrusted search path vulnerability 
was found in Yarn. When a
 CVE-2021-4433 (A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It 
has be ...)
        NOT-FOR-US: Karjasoft Sami HTTP Server
 CVE-2024-22365 (linux-pam (aka Linux PAM) before 1.6.0 allows attackers to 
cause a den ...)
+       {DLA-4306-1}
        [experimental] - pam 1.5.3-2
        - pam 1.5.3-4 (bug #1061097)
        [bookworm] - pam <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93595c752dbddcde9b4d954138753a22ccf24e2e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93595c752dbddcde9b4d954138753a22ccf24e2e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to