Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ce4428c by Moritz Mühlenhoff at 2025-10-15T21:39:54+02:00
ruby-rack DSA
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1417,11 +1417,15 @@ CVE-2025-61930 (Emlog is an open source website
building system. Emlog Pro versi
NOT-FOR-US: Emlog
CVE-2025-61912 (python-ldap is a lightweight directory access protocol (LDAP)
client A ...)
- python-ldap <unfixed> (bug #1117859)
+ [trixie] - python-ldap <no-dsa> (Minor issue)
+ [bookworm] - python-ldap <no-dsa> (Minor issue)
NOTE:
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6
NOTE:
https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f
(main)
NOTE:
https://github.com/python-ldap/python-ldap/commit/9f5b2effbafdf7af0e7064a7aa42d2739d373bd7
(python-ldap-3.4.5)
CVE-2025-61911 (python-ldap is a lightweight directory access protocol (LDAP)
client A ...)
- python-ldap <unfixed> (bug #1117858)
+ [trixie] - python-ldap <no-dsa> (Minor issue)
+ [bookworm] - python-ldap <no-dsa> (Minor issue)
NOTE:
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r7r6-cc7p-4v5m
NOTE:
https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a
(main)
NOTE:
https://github.com/python-ldap/python-ldap/commit/464fddacd63092d6e01c62a38316a713c30ca98a
(python-ldap-3.4.5)
@@ -1514,6 +1518,8 @@ CVE-2025-61925 (Astro is a web framework. Prior to
version 5.14.2, Astro reflect
NOT-FOR-US: Astro web framework
CVE-2025-61921 (Sinatra is a domain-specific language for creating web
applications in ...)
- ruby-sinatra <unfixed>
+ [trixie] - ruby-sinatra <no-dsa> (Minor issue)
+ [bookworm] - ruby-sinatra <no-dsa> (Minor issue)
NOTE:
https://github.com/sinatra/sinatra/security/advisories/GHSA-mr3q-g2mv-mr4q
NOTE: https://github.com/sinatra/sinatra/issues/2120
NOTE: https://github.com/sinatra/sinatra/pull/1823
@@ -2192,6 +2198,8 @@ CVE-2025-11573 (An infinite loop issue in
Amazon.IonDotnet library versions <v1.
NOT-FOR-US: Amazon
CVE-2025-11561 (A flaw was found in the integration of Active Directory and
the System ...)
- sssd <unfixed> (bug #1117935)
+ [trixie] - sssd <no-dsa> (Minor issue)
+ [bookworm] - sssd <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2402727
NOTE: https://blog.async.sg/kerberos-ldr
NOTE: https://github.com/SSSD/sssd/issues/8021
@@ -2523,6 +2531,8 @@ CVE-2025-8291 (The 'zipfile' module would not check the
validity of the ZIP64 En
[bookworm] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/
NOTE: https://github.com/python/cpython/issues/139700
NOTE: https://github.com/python/cpython/pull/139702
=====================================
data/dsa-needed.txt
=====================================
@@ -67,11 +67,13 @@ python-internetarchive
rtpengine
Victor Seva prepared a debdiff for trixie-security for review,
bookworm-security debdiff missing
--
-ruby-rack/oldstable
+ruby-rack
--
ruby-saml/oldstable
Utkarsh Gupta might work on an update
--
+samba
+--
sogo/oldstable
--
sympa/oldstable
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce4428c100e1dacafe4711bd636ae24ed7b8872
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce4428c100e1dacafe4711bd636ae24ed7b8872
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
