Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f6227a6b by Moritz Muehlenhoff at 2025-10-06T10:17:32+02:00
bookworm/trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -142,14 +142,20 @@ CVE-2025-11278 (A security vulnerability has been
detected in AllStarLink Superm
NOT-FOR-US: AllStarLink Supermon
CVE-2025-11277 (A weakness has been identified in Open Asset Import Library
Assimp 6.0 ...)
- assimp <unfixed>
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/6358
CVE-2025-11276 (A security flaw has been discovered in Rebuild up to 4.1.3.
Affected b ...)
NOT-FOR-US: Rebuild
CVE-2025-11275 (A vulnerability was identified in Open Asset Import Library
Assimp 6.0 ...)
- assimp <unfixed>
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/6357
CVE-2025-11274 (A vulnerability was determined in Open Asset Import Library
Assimp 6.0 ...)
- assimp <unfixed>
+ [trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
+ [bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/6356
CVE-2025-11273 (A vulnerability was found in LaChatterie Verger up to 1.2.10.
This imp ...)
NOT-FOR-US: LaChatterie Verger
@@ -1655,6 +1661,8 @@ CVE-2025-59148 (Suricata is a network IDS, IPS and NSM
engine developed by the O
NOTE: https://redmine.openinfosecfoundation.org/issues/7838
CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine developed by the
OISF (O ...)
- suricata 1:8.0.1-1
+ [trixie] - suricata <no-dsa> (Minor issue)
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
NOTE:
https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b
(suricata-8.0.1)
NOTE:
https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e
(suricata-7.0.12)
@@ -1695,6 +1703,8 @@ CVE-2025-43826 (Stored cross-site scripting (XSS)
vulnerabilities in Web Content
NOT-FOR-US: Liferay
CVE-2025-43718 (Poppler 24.06.1 through 25.x before 25.04.0 allows stack
consumption a ...)
- poppler 25.03.0-10 (bug #1117046)
+ [trixie] - poppler <no-dsa> (Minor issue)
+ [bookworm] - poppler <no-dsa> (Minor issue)
[bullseye] - poppler <postponed> (minor issue)
NOTE: Fixed by:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/f54b815672117c250420787c8c006de98e8c7408
(poppler-25.04.0)
CVE-2025-41421 (Improper handling of symbolic links in the TeamViewer Full
Client and ...)
@@ -2818,6 +2828,8 @@ CVE-2025-59937 (go-mail is a comprehensive library for
sending mails with Go. In
NOT-FOR-US: go-mail
CVE-2025-59933 (libvips is a demand-driven, horizontally threaded image
processing lib ...)
- vips <unfixed> (bug #1117049)
+ [trixie] - vips <no-dsa> (Minor issue)
+ [bookworm] - vips <no-dsa> (Minor issue)
[bullseye] - vips <postponed> (minor issue; low impact, workaround
exists)
NOTE:
https://github.com/libvips/libvips/security/advisories/GHSA-q8px-4w5q-c2r4
NOTE:
https://github.com/libvips/libvips/commit/a58bfae9223a5466cc81ba9fe6dfb08233cf17d1
(v8.17.2)
@@ -3126,6 +3138,7 @@ CVE-2025-11103 (A security vulnerability has been
detected in Projectworlds Onli
NOT-FOR-US: Projectworlds Online Tours and Travels
CVE-2025-11065 [May Leak Sensitive Information in Logs]
- golang-github-go-viper-mapstructure <unfixed> (bug #1116584)
+ [trixie] - golang-github-go-viper-mapstructure <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2391829
NOTE:
https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm
NOTE:
https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c
(v2.4.0)
@@ -3476,6 +3489,7 @@ CVE-2025-59843 (Flag Forge is a Capture The Flag (CTF)
platform. From versions 2
NOT-FOR-US: Flag Forge
CVE-2025-59842 (jupyterlab is an extensible environment for interactive and
reproducib ...)
- jupyterlab <unfixed>
+ [trixie] - jupyterlab <no-dsa> (Minor issue)
NOTE:
https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm
NOTE:
https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
CVE-2025-59362 (Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs.
This oc ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -64,6 +64,8 @@ python-django
python-internetarchive
Antoine followed up on #1114635, prepared debdiffs for review
--
+redis
+--
rtpengine
Victor Seva prepared a debdiff for trixie-security for review,
bookworm-security debdiff missing
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6227a6b74f88b7f8d855d86239c4e747819cf26
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6227a6b74f88b7f8d855d86239c4e747819cf26
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
