Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1ac7685a by Salvatore Bonaccorso at 2025-11-01T09:22:00+01:00 Add CVE-2025-62875/opensmtpd - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,12 @@ +CVE-2025-62875 [Denial-of-Service via UNIX Domain Socket] + - opensmtpd <unfixed> + [trixie] - opensmtpd <no-dsa> (Minor issue) + [bookworm] - opensmtpd <no-dsa> (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2025/10/31/3 + NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/653abf00f5283a2d3247eb9aabf8987d1b2f0510 (7.8.0p0) + NOTE: 270e23a6eb upstream (7.7.0p0) made major changes to the message parsing code + NOTE: including the call to fatal(), but it is not excluded that earlier versions + NOTE: are affected by (a variant of this issue) as well. CVE-2025-6990 (The kallyas theme for WordPress is vulnerable to Remote Code Execution ...) NOT-FOR-US: WordPress plugin CVE-2025-6988 (The kallyas theme for WordPress is vulnerable to Stored Cross-Site Scr ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ac7685ac5f1191e7541aa258cfccf6085f48b6b -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ac7685ac5f1191e7541aa258cfccf6085f48b6b You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
