Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
243163bf by Thorsten Alteholz at 2025-11-16T00:38:09+01:00
mark CVE-2025-12748 as postponed for Bullseye
- - - - -
49347b5b by Thorsten Alteholz at 2025-11-16T00:47:46+01:00
mark CVE-2025-60876 as postponed for Bullseye
- - - - -
737d3f9f by Thorsten Alteholz at 2025-11-16T00:59:35+01:00
mark CVE-2025-12863 as postponed for Bullseye
- - - - -
d188213a by Thorsten Alteholz at 2025-11-16T01:24:20+01:00
add ceph
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1794,6 +1794,7 @@ CVE-2025-12748 (A flaw was discovered in libvirt in the
XML file processing. Mor
- libvirt <unfixed> (bug #1120584)
[trixie] - libvirt <no-dsa> (Minor issue; requires authenticated user)
[bookworm] - libvirt <no-dsa> (Minor issue; requires authenticated user)
+ [bullseye] - libvirt <postponed> (Minor issue; requires authenticated
user)
NOTE: https://gitlab.com/libvirt/libvirt/-/issues/825
NOTE:
https://lists.libvirt.org/archives/list/[email protected]/thread/LTGHU3S4JEMCF5KJNJGWWZ7F2CS6L5SG/
CVE-2025-12539 (The TNC Toolbox: Web Performance plugin for WordPress is
vulnerable to ...)
@@ -2230,6 +2231,7 @@ CVE-2025-63147 (Tenda AX3 V16.03.12.10_CN was discovered
to contain a stack over
NOT-FOR-US: Tenda
CVE-2025-60876 (BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and
other C0 ...)
- busybox <unfixed>
+ [bullseye] - busybox <postponed> (Minor issue, revisit when fixed
upstream)
NOTE:
https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092
TODO: check details
CVE-2025-56503 (An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows
authenticate ...)
@@ -2470,6 +2472,7 @@ CVE-2025-12875 (A weakness has been identified in mruby
3.4.0. This vulnerabilit
NOTE: Fixed by:
https://github.com/mruby/mruby/commit/93619f06dd378db6766666b30c08978311c7ec94
CVE-2025-12863 (A flaw was found in the xmlSetTreeDoc() function of the
libxml2 XML pa ...)
- libxml2 2.15.1+dfsg-0.4 (bug #1120364)
+ [bullseye] - libxml2 <postponed> (Minor issue, revisit when merged
upstream)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/349
CVE-2025-12621 (The Flexible Refund and Return Order for WooCommerce plugin
for WordPr ...)
=====================================
data/dla-needed.txt
=====================================
@@ -59,6 +59,9 @@ ca-certificates
calibre (Chris Lamb)
NOTE: 20251113: Added by Front-Desk (ta)
--
+ceph
+ NOTE: 20251116: Added by Front-Desk (ta)
+--
ckeditor
NOTE: 20241002: Added by Front-Desk (Beuc)
NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2ca17fd71f0e1eef4e31e4cbe24badfb7e3f7420...d188213acfe4d3b5b4c29419375ae2988af12f14
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2ca17fd71f0e1eef4e31e4cbe24badfb7e3f7420...d188213acfe4d3b5b4c29419375ae2988af12f14
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
