Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c79722e4 by Moritz Muehlenhoff at 2025-11-03T13:10:47+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -69,13 +69,19 @@ CVE-2025-12599 (Multiple Devices are Sharing the Same
Secrets for SDKSocket (TCP
NOT-FOR-US: Azure Access Technology
CVE-2025-45663 [Disclosure of uninitialized memory in _dom_event_initialise]
- netsurf <unfixed> (bug #1119918)
+ [trixie] - netsurf <no-dsa> (Minor issue)
+ [bookworm] - netsurf <no-dsa> (Minor issue)
NOTE:
https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-45663
NOTE:
https://github.com/netsurf-browser/libdom/commit/9ea069f36e5de5f52d7155a71e2d536eb94de141
CVE-2025-29699 [Use-after-free in _dom_node_set_text_content]
- netsurf <unfixed> (bug #1119918)
+ [trixie] - netsurf <no-dsa> (Minor issue)
+ [bookworm] - netsurf <no-dsa> (Minor issue)
NOTE:
https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2025-29699
CVE-2024-51317 [Use-after-free in _dom_node_normalize]
- netsurf <unfixed> (bug #1119918)
+ [trixie] - netsurf <no-dsa> (Minor issue)
+ [bookworm] - netsurf <no-dsa> (Minor issue)
NOTE:
https://github.com/Fysac/netsurf-disclosure/tree/main/CVE-2024-51317
NOTE:
https://github.com/netsurf-browser/libdom/commit/7d317df204d18f161f0a8ffed958ef60eb2692fe
CVE-2025-62875 [Denial-of-Service via UNIX Domain Socket]
@@ -166,14 +172,17 @@ CVE-2025-7846 (The WordPress User Extra Fields plugin for
WordPress is vulnerabl
CVE-2025-6520 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Abis Technology BAPSIS
CVE-2025-6176 (Scrapy versions up to 2.13.2 are vulnerable to a denial of
service (Do ...)
- - python-scrapy <unfixed>
+ - python-scrapy <unfixed> (unimportant)
NOTE: https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0
+ NOTE: Negligible security impact
CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled
a perf ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
- python3.11 <removed>
- python3.9 <removed>
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/issues/136065
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/
NOTE:
https://github.com/python/cpython/commit/f029e8db626ddc6e3a3beea4eff511a71aaceb5c
(main)
@@ -289,12 +298,18 @@ CVE-2025-58152 (FutureNet MA and IP-K series provided by
Century Systems Co., Lt
NOT-FOR-US: Century Systems
CVE-2025-57108 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a
heap use- ...)
- vtk9 <unfixed> (bug #1119823)
+ [trixie] - vtk9 <no-dsa> (Minor issue)
+ [bookworm] - vtk9 <no-dsa> (Minor issue)
NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19736
CVE-2025-57107 (Kitware VTK (Visualization Toolkit) through 9.5.0 contains a
heap buff ...)
- vtk9 <unfixed> (bug #1119822)
+ [trixie] - vtk9 <no-dsa> (Minor issue)
+ [bookworm] - vtk9 <no-dsa> (Minor issue)
NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19732
CVE-2025-57106 (Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable
to Buffe ...)
- vtk9 <unfixed> (bug #1119821)
+ [trixie] - vtk9 <no-dsa> (Minor issue)
+ [bookworm] - vtk9 <no-dsa> (Minor issue)
NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19733
NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19734
CVE-2025-54763 (FutureNet MA and IP-K series provided by Century Systems Co.,
Ltd. con ...)
@@ -655,6 +670,8 @@ CVE-2025-5342 (Zohocorp ManageEngine Exchange Reporter Plus
through 5721 are vul
NOT-FOR-US: Zoho
CVE-2025-57109 (Kitware VTK (Visualization Toolkit) 9.5.0 is vulnerable to
Heap Use-Af ...)
- vtk9 <unfixed> (bug #1119824)
+ [trixie] - vtk9 <no-dsa> (Minor issue)
+ [bookworm] - vtk9 <no-dsa> (Minor issue)
NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/19735
CVE-2025-56313 (A Reflected Cross-Site Scripting (XSS) vulnerability was
discovered in ...)
NOT-FOR-US: JATOS
@@ -36697,6 +36714,7 @@ CVE-2024-10029 (In Eclipse GlassFish version 7.0.15 is
possible to perform Refle
NOT-FOR-US: Eclipse
CVE-2025-40777 (If a `named` caching resolver is configured with
`serve-stale-enable` ...)
- bind9 1:9.20.11-1
+ [bookworm] - bind9 <postponed> (9.18 is affected, but no patches are
currently available for the open source version)
[bullseye] - bind9 <postponed> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2025-40777
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/9c7a63142dacb2e16c64719f57d1191298af4393
(v9.20.11)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c79722e446b0683d37853479420a16f086d4951c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c79722e446b0683d37853479420a16f086d4951c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
