trixie triage

Moritz Muehlenhoff (@jmm) Sat, 18 Oct 2025 07:00:51 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e333d58b by Moritz Muehlenhoff at 2025-10-08T23:27:14+02:00
bookworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -896,6 +896,8 @@ CVE-2025-61766 (Bucket is a MediaWiki extension to store 
and retrieve structured
        TODO: check
 CVE-2025-61765 (python-socketio is a Python implementation of the Socket.IO 
realtime c ...)
        - python-socketio <unfixed>
+       [trixie] - python-socketio <no-dsa> (Minor issue)
+       [bookworm] - python-socketio <no-dsa> (Minor issue)
        NOTE: 
https://github.com/miguelgrinberg/python-socketio/security/advisories/GHSA-g8c6-8fjj-2r4m
        NOTE: 
https://github.com/miguelgrinberg/python-socketio/commit/53f6be094257ed81476b0e212c8cddd6d06ca39a
 (v5.14.0)
 CVE-2025-61687 (Flowise is a drag & drop user interface to build a customized 
large la ...)
@@ -42871,12 +42873,9 @@ CVE-2025-49113 (Roundcube Webmail before 1.5.10 and 
1.6.x before 1.6.11 allows r
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/7408f31379666124a39f9cb1018f62bc5e2dc695
 (1.5.10)
        NOTE: 
https://github.com/roundcube/roundcubemail/commit/c50a07d88ca38f018a0f4a0b008e9a1deb32637e
 (1.5.10)
 CVE-2025-49112 (setDeferredReply in networking.c in Valkey through 8.1.1 has 
an intege ...)
-       - redict 7.3.5+ds-1 (bug #1107212)
-       - redis <unfixed> (bug #1107211)
-       [trixie] - redis <postponed> (Minor issue; can be fixed along with next 
DSA)
-       [bookworm] - redis <postponed> (Minor issue; can be fixed along with 
next DSA)
-       [bullseye] - redis <not-affected> (Vulnerable code not present)
-       - valkey 8.1.1+dfsg1-2 (bug #1107210)
+       - redict 7.3.5+ds-1 (bug #1107212; unimportant)
+       - redis <unfixed> (bug #1107211; unimportant)
+       - valkey 8.1.1+dfsg1-2 (bug #1107210; unimportant)
        NOTE: https://github.com/redis/redis/issues/14199
        NOTE: https://github.com/valkey-io/valkey/pull/2101
        NOTE: Fixed by: 
https://github.com/valkey-io/valkey/commit/374718b2a365ca69f715d542709b7d71540b1387
@@ -74087,6 +74086,7 @@ CVE-2025-22881 (Delta Electronics CNCSoft-G2 lacks 
proper validation of the leng
        NOT-FOR-US: Delta Electronics
 CVE-2025-22869 (SSH servers which implement file transfer protocols are 
vulnerable to  ...)
        - golang-go.crypto 1:0.42.0-1 (bug #1098968)
+       [trixie] - golang-go.crypto <no-dsa> (Minor issue)
        [bookworm] - golang-go.crypto <no-dsa> (Minor issue)
        [bullseye] - golang-go.crypto <ignored> (Minor issue; DoS)
        NOTE: https://github.com/golang/go/issues/71931



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e333d58b484c7b3b9393c1de777eb4bfa7b6a0ba

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e333d58b484c7b3b9393c1de777eb4bfa7b6a0ba
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Reply via email to