Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c878cbfe by security tracker role at 2025-09-28T20:12:57+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2025-11117 (A vulnerability was determined in Tenda CH22 1.0.0.1. This
vulnerabili ...)
+ TODO: check
+CVE-2025-11116 (A vulnerability was found in code-projects Simple Scheduling
System 1. ...)
+ TODO: check
+CVE-2025-11115 (A vulnerability has been found in code-projects Simple
Scheduling Syst ...)
+ TODO: check
+CVE-2025-11114 (A flaw has been found in CodeAstro Online Leave Application
1.0. Affec ...)
+ TODO: check
+CVE-2025-11113 (A vulnerability was detected in CodeAstro Online Leave
Application 1.0 ...)
+ TODO: check
+CVE-2025-11112 (A security vulnerability has been detected in PHPGurukul
Employee Reco ...)
+ TODO: check
+CVE-2025-11111 (A weakness has been identified in Campcodes Advanced Online
Voting Man ...)
+ TODO: check
+CVE-2025-11110 (A security flaw has been discovered in Campcodes Online
Learning Manag ...)
+ TODO: check
+CVE-2025-11109 (A vulnerability was identified in Campcodes Computer Sales and
Invento ...)
+ TODO: check
+CVE-2025-11108 (A vulnerability was determined in code-projects Simple
Scheduling Syst ...)
+ TODO: check
+CVE-2025-11107 (A vulnerability was found in code-projects Simple Scheduling
System 1. ...)
+ TODO: check
+CVE-2025-11106 (A vulnerability has been found in code-projects Simple
Scheduling Syst ...)
+ TODO: check
+CVE-2025-11105 (A flaw has been found in code-projects Simple Scheduling
System 1.0. T ...)
+ TODO: check
+CVE-2025-11104 (A vulnerability was detected in CodeAstro Electricity Billing
System 1 ...)
+ TODO: check
+CVE-2025-11103 (A security vulnerability has been detected in Projectworlds
Online Tou ...)
+ TODO: check
CVE-2025-11065 [May Leak Sensitive Information in Logs]
- golang-github-go-viper-mapstructure <unfixed> (bug #1116584)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2391829
@@ -494,6 +524,7 @@ CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing
Stack-based Buffer Overflo
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/002b22c15028b18557bd0823a081af9ed5316679
NOTE: Building of optional Plug-In for Amiga IFF/ILBM not enabled.
CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer Overflow Remote
Code Execution Vulnerability]
+ {DSA-6014-1}
- gimp <unfixed> (bug #1116461)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -502,6 +533,7 @@ CVE-2025-10924 [ZDI-CAN-27836: GIMP FF File Parsing Integer
Overflow Remote Code
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d1864866ee051160d06417d82b45bb22b11f0d28
(GIMP_2_99_18)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/53b18653bca9404efeab953e75960b1cf7dedbed
CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing Integer Overflow Remote
Code Execution Vulnerability]
+ {DSA-6014-1}
- gimp <unfixed> (bug #1116460)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -510,11 +542,13 @@ CVE-2025-10923 [ZDI-CAN-27878: GIMP WBMP File Parsing
Integer Overflow Remote Co
NOTE: Introduced after:
https://gitlab.gnome.org/GNOME/gimp/-/commit/d1fac7bfa916495943472dfb12b1dd33307c65e8
(GIMP_2_99_12)
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/fb31ddf32298bb2f0f09b3ccc53464b8693a050e
CVE-2025-10922 [ZDI-CAN-27863: GIMP DCM File Parsing Heap-based Buffer
Overflow Remote Code Execution Vulnerability]
+ {DSA-6014-1}
- gimp <unfixed> (bug #1116459)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14811
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/merge_requests/2444
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/0f309f9a8d82f43fa01383bc5a5c41d28727d9e3
CVE-2025-10920 [ZDI-CAN-27684: GIMP ICNS File Parsing Out-Of-Bounds Write
Remote Code Execution Vulnerability]
+ {DSA-6014-1}
- gimp <unfixed> (bug #1116458)
[bookworm] - gimp <not-affected> (Vulnerable code not present)
[bullseye] - gimp <not-affected> (Vulnerable code not present)
@@ -934,7 +968,7 @@ CVE-2025-59525 (Horilla is a free and open source Human
Resource Management Syst
CVE-2025-59524 (Horilla is a free and open source Human Resource Management
System (HR ...)
NOT-FOR-US: Horilla
CVE-2025-59343 (tar-fs provides filesystem bindings for tar-stream. Versions
prior to ...)
- {DLA-4313-1}
+ {DSA-6013-1 DLA-4313-1}
- node-tar-fs 3.0.9+~cs2.0.4-2 (bug #1116338)
NOTE:
https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v
NOTE:
https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09
(v3.1.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c878cbfe97992c28f0507a4c47ed22c7c1f4addc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c878cbfe97992c28f0507a4c47ed22c7c1f4addc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
