Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e333449b by Salvatore Bonaccorso at 2025-11-15T14:02:58+01:00
Mark CVE-2025-13033 as no-dsa for trixie and bookworm
- - - - -
02a1ffdc by Salvatore Bonaccorso at 2025-11-15T14:03:44+01:00
Track proposed node-nodemailer update via trixie-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -170,6 +170,8 @@ CVE-2025-13168 (A weakness has been identified in ury-erp
ury up to 0.2.0. This
NOT-FOR-US: ury-erp ury
CVE-2025-13033 (A vulnerability was identified in the email parsing library
due to imp ...)
- node-nodemailer 7.0.9+~7.0.2-1
+ [trixie] - node-nodemailer <no-dsa> (Minor issue)
+ [bookworm] - node-nodemailer <no-dsa> (Minor issue)
NOTE:
https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87
NOTE: Fixed by:
https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626
(v7.0.7)
CVE-2025-12897
=====================================
data/next-point-update.txt
=====================================
@@ -12,3 +12,5 @@ CVE-2025-64500
[trixie] - symfony 6.4.21+dfsg-2+deb13u1
CVE-2025-54119
[trixie] - libphp-adodb 5.22.9-0.1+deb13u1
+CVE-2025-13033
+ [trixie] - node-nodemailer 6.10.0+~6.4.17-1+deb13u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/903f518e106e323b8a6859fea0c5c3226a532f65...02a1ffdcb4da5938fc1eddf11e7c56e335367765
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/903f518e106e323b8a6859fea0c5c3226a532f65...02a1ffdcb4da5938fc1eddf11e7c56e335367765
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
