Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5e245a2c by Salvatore Bonaccorso at 2025-11-08T09:58:44+01:00
Add new allocated CVEs for chromium update released as DSA 5993-1
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,19 +53,29 @@ CVE-2025-60574 (A Local File Inclusion (LFI) vulnerability
has been identified i
CVE-2025-37736 (Improper Authorization in Elastic Cloud Enterprise can lead to
Privile ...)
NOT-FOR-US: Elastic Cloud Enterprise
CVE-2025-12911 (Inappropriate implementation in Permissions in Google Chrome
prior to ...)
- TODO: check
+ {DSA-5993-1}
+ - chromium 140.0.7339.80-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12910 (Inappropriate implementation in Passkeys in Google Chrome
prior to 140 ...)
- TODO: check
+ {DSA-5993-1}
+ - chromium 140.0.7339.80-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12909 (Insufficient policy enforcement in Devtools in Google Chrome
prior to ...)
- TODO: check
+ {DSA-5993-1}
+ - chromium 140.0.7339.80-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12908 (Insufficient validation of untrusted input in Downloads in
Google Chro ...)
- TODO: check
+ - chromium <not-affected> (Only affects Google Chrome on Android)
CVE-2025-12907 (Insufficient validation of untrusted input in Devtools in
Google Chrom ...)
- TODO: check
+ {DSA-5993-1}
+ - chromium 140.0.7339.80-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12906 (Inappropriate implementation in Permissions in Google Chrome
prior to ...)
- TODO: check
+ {DSA-5993-1}
+ - chromium 140.0.7339.80-1
+ [bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-12905 (Inappropriate implementation in Downloads in Google Chrome on
Windows ...)
- TODO: check
+ - chromium <not-affected> (Only affects Google Chrome on Windows)
CVE-2025-12902 (Improper resource management in firmware of some Solidigm DC
Products ...)
NOT-FOR-US: Solidigm DC
CVE-2025-12896 (Improper resource management in firmware of some Solidigm DC
Products ...)
=====================================
data/DSA/list
=====================================
@@ -216,7 +216,7 @@
[bookworm] - shibboleth-sp 3.4.1+dfsg-2+deb12u1
[trixie] - shibboleth-sp 3.5.0+dfsg-2+deb13u1
[05 Sep 2025] DSA-5993-1 chromium - security update
- {CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867}
+ {CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867 CVE-2025-12906
CVE-2025-12907 CVE-2025-12909 CVE-2025-12910 CVE-2025-12911}
[bookworm] - chromium 140.0.7339.80-1~deb12u1
[trixie] - chromium 140.0.7339.80-1~deb13u1
[30 Aug 2025] DSA-5992-1 firebird4.0 - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e245a2ca35b30c6aba397d8550a9cd1fbdc4664
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e245a2ca35b30c6aba397d8550a9cd1fbdc4664
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
