[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Wed, 29 Oct 2025 01:13:22 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2eff805d by security tracker role at 2025-10-29T08:13:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,56 @@
-CVE-2025-62727
+CVE-2025-9544 (The Doppler Forms WordPress plugin through 2.5.1 registers an 
AJAX act ...)
+       TODO: check
+CVE-2025-64296 (Missing Authorization vulnerability in Facebook Facebook for 
WooCommer ...)
+       TODO: check
+CVE-2025-64162
+       REJECTED
+CVE-2025-64161
+       REJECTED
+CVE-2025-64160
+       REJECTED
+CVE-2025-64159
+       REJECTED
+CVE-2025-64158
+       REJECTED
+CVE-2025-64095 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
+       TODO: check
+CVE-2025-64094 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
+       TODO: check
+CVE-2025-62802 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
+       TODO: check
+CVE-2025-62801 (FastMCP is the standard framework for building MCP 
applications. Versi ...)
+       TODO: check
+CVE-2025-62800 (FastMCP is the standard framework for building MCP 
applications. Versi ...)
+       TODO: check
+CVE-2025-62798 (Sharp is a content management framework built for Laravel as a 
package ...)
+       TODO: check
+CVE-2025-62796 (PrivateBin is an online pastebin where the server has zero 
knowledge o ...)
+       TODO: check
+CVE-2025-62794 (GitHub Workflow Updater is a VS Code extension that 
automatically pins ...)
+       TODO: check
+CVE-2025-62776 (The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an 
issue wit ...)
+       TODO: check
+CVE-2025-62368 (Taiga is an open source project management platform. In 
versions 6.8.3 ...)
+       TODO: check
+CVE-2025-61598 (Discourse is an open source discussion platform. Version 
before 3.6.2  ...)
+       TODO: check
+CVE-2025-57931 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro 
Popup box a ...)
+       TODO: check
+CVE-2025-4665 (WordPress plugin Contact Form CFDB7 versions up to and 
including 1.3.2 ...)
+       TODO: check
+CVE-2025-49042 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
+       TODO: check
+CVE-2025-43017 (HP ThinPro 8.1 System management application failed to verify 
user's t ...)
+       TODO: check
+CVE-2025-11705 (The Anti-Malware Security and Brute-Force Firewall plugin for 
WordPres ...)
+       TODO: check
+CVE-2025-11375 (Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) event 
endpoin ...)
+       TODO: check
+CVE-2025-11374 (Consul and Consul Enterprise\u2019s (\u201cConsul\u201d) 
key/value end ...)
+       TODO: check
+CVE-2023-7320 (The WooCommerce plugin for WordPress is vulnerable to Sensitive 
Inform ...)
+       TODO: check
+CVE-2025-62727 (Starlette is a lightweight ASGI framework/toolkit. Prior to 
0.49.1 , a ...)
        - starlette <unfixed>
        NOTE: 
https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8
        NOTE: Fixed by: 
https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5
 (0.49.1)
@@ -362,6 +414,7 @@ CVE-2025-40025 (In the Linux kernel, the following 
vulnerability has been resolv
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/c18ecd99e0c707ef8f83cace861cbc3162f4fdf1 (6.18-rc1)
 CVE-2025-62231
+       {DSA-6044-1}
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -370,6 +423,7 @@ CVE-2025-62231
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/475d9f49acd0e55bc0b089ed77f732ad18585470
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa
 (xorg-server-21.1.19)
 CVE-2025-62230
+       {DSA-6044-1}
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -380,6 +434,7 @@ CVE-2025-62230
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175
 (xorg-server-21.1.19)
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839
 (xorg-server-21.1.19)
 CVE-2025-62229
+       {DSA-6044-1}
        - xorg-server <unfixed>
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
@@ -1491,7 +1546,8 @@ CVE-2025-6978 (Diagnostics command injection 
vulnerability)
        NOT-FOR-US: Arista Networks
 CVE-2025-62820 (Slack Nebula before 1.9.7 mishandles CIDR in some 
configurations and t ...)
        NOT-FOR-US: Slack Nebula
-CVE-2025-62813 (LZ4 through 1.10.0 allows attackers to cause a denial of 
service (appl ...)
+CVE-2025-62813
+       REJECTED
        - lz4 1.10.0-5 (bug #1118757)
        [trixie] - lz4 <no-dsa> (Minor issue)
        [bookworm] - lz4 <no-dsa> (Minor issue)
@@ -1536,6 +1592,7 @@ CVE-2025-62707 (pypdf is a free and open-source 
pure-python PDF library. Prior t
        NOTE: Introduced with: 
https://github.com/py-pdf/pypdf/commit/23a81baad19e14ecaaa1949e52edd531b1c49efd 
(4.3.0)
        NOTE: Fixed by: 
https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8 
(6.1.3)
 CVE-2025-62706 (Authlib is a Python library which builds OAuth and OpenID 
Connect serv ...)
+       {DLA-4352-1}
        - python-authlib 1.6.5-1
        NOTE: 
https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m
        NOTE: Fixed by: 
https://github.com/authlib/authlib/commit/4b5b5703394608124cd39e547cc7829feda05a13
 (v1.6.5)
@@ -1714,7 +1771,7 @@ CVE-2025-11447 (GitLab has remediated an issue in GitLab 
CE/EE affecting all ver
        - gitlab <unfixed>
 CVE-2025-10497 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
        - gitlab <not-affected> (Vulnerable code not present)
-CVE-2025-11702
+CVE-2025-11702 (GitLab has remediated an issue in EE affecting all versions 
from 17.1  ...)
        - gitlab <not-affected> (Specific to EE)
 CVE-2025-59024
        - pdns-recursor 5.3.1-1 (bug #1118751)
@@ -3738,7 +3795,7 @@ CVE-2025-52583 (Reflected cross-site scripting (XSS) 
vulnerability in desknet's
        NOT-FOR-US: desknet
 CVE-2025-46752 (A insertion of sensitive information into log file in Fortinet 
FortiDL ...)
        NOT-FOR-US: Fortinet
-CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.10, 10.11.x <= 10.11.2 fail 
to prop ...)
+CVE-2025-41443 (Mattermost versions 10.5.x <= 10.5.12, 10.11.x <= 10.11.2 fail 
to prop ...)
        - mattermost-server <itp> (bug #823556)
 CVE-2025-41410 (Mattermost versions 10.10.x <= 10.10.2, 10.5.x <= 10.5.10, 
10.11.x <=  ...)
        - mattermost-server <itp> (bug #823556)
@@ -5666,6 +5723,7 @@ CVE-2025-61921 (Sinatra is a domain-specific language for 
creating web applicati
        NOTE: https://github.com/sinatra/sinatra/pull/2121
        NOTE: https://bugs.ruby-lang.org/issues/19104
 CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID 
Connect serv ...)
+       {DLA-4352-1}
        - python-authlib 1.6.5-1
        NOTE: 
https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
        NOTE: 
https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e
 (v1.6.5)
@@ -12797,6 +12855,7 @@ CVE-2025-59432 (SCRAM (Salted Challenge Response 
Authentication Mechanism) is pa
 CVE-2025-59430 (Mesh Connect JS SDK contains JS libraries for integrating with 
Mesh Co ...)
        NOT-FOR-US: Node @meshconnect/web-link-sdk
 CVE-2025-59420 (Authlib is a Python library which builds OAuth and OpenID 
Connect serv ...)
+       {DLA-4352-1}
        - python-authlib 1.6.4-1
        NOTE: 
https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32
        NOTE: 
https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df
 (v1.6.4)
@@ -30389,7 +30448,7 @@ CVE-2025-8517 (A vulnerability was detected in givanz 
Vvveb 1.0.6.1. Impacted is
        NOT-FOR-US: givanz Vvveb
 CVE-2025-8516 (A vulnerability was found in Kingdee Cloud-Starry-Sky 
Enterprise Editi ...)
        NOT-FOR-US: Kingdee Cloud-Starry-Sky Enterprise Edition
-CVE-2025-8515 (A vulnerability was found in Intelbras InControl 2.21.60.9 and 
classif ...)
+CVE-2025-8515 (A weakness has been identified in Intelbras InControl 
2.21.60.9. This  ...)
        NOT-FOR-US: Intelbras
 CVE-2025-8341 (Grafana is an open-source platform for monitoring and 
observability. T ...)
        NOT-FOR-US: Grafana plugin
@@ -154212,6 +154271,7 @@ CVE-2024-37570 (On Mitel 6869i 4.5.0.41 devices, the 
Manual Firmware Update (upg
 CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 
5.x throug ...)
        NOT-FOR-US: Mitel
 CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with 
asymmetric p ...)
+       {DLA-4352-1}
        - python-authlib 1.3.1-1
        [bookworm] - python-authlib <no-dsa> (Minor issue)
        NOTE: https://github.com/lepture/authlib/issues/654



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eff805da41e7ad0ea02e605c420c41850ed4390

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2eff805da41e7ad0ea02e605c420c41850ed4390
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to