Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4d7cf024 by Moritz Muehlenhoff at 2025-10-13T19:51:17+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -326,9 +326,10 @@ CVE-2025-31718 (In modem, there is a possible system crash
due to improper input
CVE-2025-31717 (In modem, there is a possible system crash due to improper
input valid ...)
NOT-FOR-US: Unisoc
CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and
4.2.0 to ...)
- - wireshark 4.6.0-1 (bug #1117852)
+ - wireshark 4.6.0-1 (bug #1117852; unimportant)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20724
+ NOTE: Hang in CLI tool, no security impact
CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0.
This vul ...)
NOT-FOR-US: CodeAstro
CVE-2025-11592 (A vulnerability was detected in CodeAstro Gym Management
System 1.0. T ...)
@@ -457,6 +458,8 @@ CVE-2025-60268 (An arbitrary file upload vulnerability
exists in JeeWMS 20250820
NOT-FOR-US: JeeWMS
CVE-2025-59530 (quic-go is an implementation of the QUIC protocol in Go. In
versions p ...)
- golang-github-lucas-clemente-quic-go 0.54.1-1
+ [trixie] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
+ [bookworm] - golang-github-lucas-clemente-quic-go <no-dsa> (Minor issue)
NOTE:
https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw
NOTE: https://github.com/quic-go/quic-go/pull/5354
NOTE: Fixed by:
https://github.com/quic-go/quic-go/commit/ce7c9ea8834b9d2ed79efa9269467f02c0895d42
(v0.55.0)
@@ -1383,9 +1386,13 @@ CVE-2025-11340 (GitLab has remediated an issue in GitLab
EE affecting all versio
CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64
End of ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- jython <unfixed>
+ [trixie] - jython <no-dsa> (Minor issue)
+ [bookworm] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed>
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7cf0241d3733f8079689174df1abe4cc66f94c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d7cf0241d3733f8079689174df1abe4cc66f94c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
