trixie triage

Moritz Muehlenhoff (@jmm) Tue, 11 Nov 2025 07:22:17 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
23ef4cdb by Moritz Muehlenhoff at 2025-11-11T16:21:39+01:00
bookworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28478,10 +28478,7 @@ CVE-2025-52352 (Aikaan IoT management platform 
v3.25.0325-5-g2e9c59796 provides
 CVE-2025-52351 (Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a 
newly g ...)
        NOT-FOR-US: Aikaan IoT management platform
 CVE-2025-52194 (A buffer overflow vulnerability exists in libsndfile version 
1.2.2 and ...)
-       - libsndfile <unfixed> (bug #1111876)
-       [trixie] - libsndfile <no-dsa> (Minor issue)
-       [bookworm] - libsndfile <no-dsa> (Minor issue)
-       [bullseye] - libsndfile <postponed> (Minor issue, possibly not-affected)
+       NOTE: Not reproducible report against libsndfile, was also filed as bug 
#1111876
        NOTE: https://github.com/libsndfile/libsndfile/issues/1082
 CVE-2025-51989 (HTML injection vulnerability in the registration interface in 
Evolutio ...)
        NOT-FOR-US: HRmaster
@@ -37963,7 +37960,7 @@ CVE-2025-30477 (Dell PowerScale OneFS, versions prior 
to 9.11.0.0, contains a us
 CVE-2025-30192 (An attacker spoofing answers to ECS enabled requests sent out 
by the R ...)
        [experimental] - pdns-recursor 5.2.4-1
        - pdns-recursor 5.2.4-2 (bug #1109808)
-       [bookworm] - pdns-recursor <no-dsa> (Minor issue; can be fixed via 
point release update)
+       [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
        [bullseye] - pdns-recursor <end-of-life> (No longer supported with 
security updates in Bullseye)
        NOTE: 
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html
 CVE-2025-2301 (Authorization Bypass Through User-Controlled Key vulnerability 
in Akbi ...)
@@ -38166,8 +38163,8 @@ CVE-2025-53770 (Deserialization of untrusted data in 
on-premises Microsoft Share
        NOT-FOR-US: Microsoft
 CVE-2025-XXXX [exposes .zip passwords while (un)archiving]
        - krusader <unfixed> (bug #1108942)
-       [trixie] - krusader <no-dsa> (Minor issue, revisit when fixed upstream)
-       [bookworm] - krusader <no-dsa> (Minor issue, revisit when fixed 
upstream)
+       [trixie] - krusader <postponed> (Minor issue, revisit when fixed 
upstream)
+       [bookworm] - krusader <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - krusader <postponed> (Minor issue)
 CVE-2025-7853 (A vulnerability was found in Tenda FH451 1.0.0.9. It has been 
rated as ...)
        NOT-FOR-US: Tenda
@@ -315636,11 +315633,7 @@ CVE-2022-33065 (Multiple signed integers overflow in 
function au_read_header in
        NOTE: https://github.com/libsndfile/libsndfile/issues/789
        NOTE: 
https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c
 CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c 
in Libsnd ...)
-       - libsndfile <unfixed> (bug #1051890)
-       [trixie] - libsndfile <postponed> (Minor issue, revisit when fixed 
upstream)
-       [bookworm] - libsndfile <postponed> (Minor issue, revisit when fixed 
upstream)
-       [bullseye] - libsndfile <no-dsa> (Minor issue)
-       [buster] - libsndfile <no-dsa> (Minor issue)
+       NOTE: Non issue in libsndfile, was also filed as bug #1051890
        NOTE: https://github.com/libsndfile/libsndfile/issues/832
        NOTE: Upstream disputes issue as possible false-positive:
        NOTE: 
https://github.com/libsndfile/libsndfile/issues/832#issuecomment-1702253852 ff
@@ -382568,7 +382561,7 @@ CVE-2021-3618 (ALPACA is an application layer 
protocol content confusion attack,
        [bullseye] - nginx 1.18.0-6.1+deb11u2
        [stretch] - nginx <no-dsa> (Minor issue)
        - vsftpd 3.0.5-0.1 (bug #991329)
-       [bookworm] - vsftpd <no-dsa> (Minor issue)
+       [bookworm] - vsftpd <ignored> (Minor issue)
        [bullseye] - vsftpd <no-dsa> (Minor issue)
        [buster] - vsftpd <no-dsa> (Minor issue)
        [stretch] - vsftpd <no-dsa> (Minor issue)
@@ -426361,7 +426354,7 @@ CVE-2020-29583 (Firmware version 4.60 of Zyxel USG 
devices contains an undocumen
        NOT-FOR-US: Zyxel
 CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was 
used for  ...)
        - kotlin 1.3.31+ds1-3 (bug #1001037)
-       [bookworm] - kotlin <no-dsa> (Minor issue)
+       [bookworm] - kotlin <ignored> (Minor issue)
        NOTE: https://youtrack.jetbrains.com/issue/KT-42181 (not public)
 CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a 
blank pa ...)
        NOT-FOR-US: spiped Docker images



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ef4cdb67f8a48e16e7f6ed06642ba61a6ee2fd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23ef4cdb67f8a48e16e7f6ed06642ba61a6ee2fd
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Reply via email to