Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e0578d3e by Thorsten Alteholz at 2025-11-16T17:58:57+01:00
mark CVE-2025-47913 as postponed for Bullseye
- - - - -
b58a12ef by Thorsten Alteholz at 2025-11-16T18:02:42+01:00
add cups-filters
- - - - -
0c182b62 by Thorsten Alteholz at 2025-11-16T18:04:37+01:00
mark CVE-2025-13033 as postponed for Bullseye
- - - - -
7bbd4f98 by Thorsten Alteholz at 2025-11-16T18:09:54+01:00
mark CVE-2025-12818 and CVE-2025-12817 as postponed for Bullseye
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -224,6 +224,7 @@ CVE-2025-13033 (A vulnerability was identified in the email
parsing library due
- node-nodemailer 7.0.9+~7.0.2-1
[trixie] - node-nodemailer <no-dsa> (Minor issue)
[bookworm] - node-nodemailer <no-dsa> (Minor issue)
+ [bullseye] - node-nodemailer <postponed> (Minor issue)
NOTE:
https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87
NOTE: Fixed by:
https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626
(v7.0.7)
CVE-2025-12897
@@ -294,6 +295,7 @@ CVE-2025-4619 (A denial-of-service (DoS) vulnerability in
Palo Alto Networks PAN
NOT-FOR-US: Palo Alto Networks
CVE-2025-47913 (SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed
respons ...)
- golang-go.crypto 1:0.42.0-1
+ [bullseye] - golang-go.crypto <postponed> (Limited support, minor
issue, follow bookworm DSAs/point-releases)
NOTE: https://github.com/advisories/GHSA-hcg3-q754-cr77
NOTE: Fixed by:
https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22
(v0.35.0)
CVE-2025-47222 (Keyfactor SignServer before 7.3.1 has Incorrect Access
Control, issue ...)
@@ -700,6 +702,7 @@ CVE-2025-12818 (Integer wraparound in multiple PostgreSQL
libpq client library f
- postgresql-17 <unfixed>
- postgresql-15 <removed>
- postgresql-13 <removed>
+ [bullseye] - postgresql-13 <postponed> (Minor issue)
NOTE:
https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=600086f471a3bb57ff4953accf1d3f8d2efe0201
(master)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=7eb8fcad860e9a0548191dab7a87a5bead5f8e91
(REL_18_1)
@@ -711,6 +714,7 @@ CVE-2025-12817 (Missing authorization in PostgreSQL CREATE
STATISTICS command al
- postgresql-17 <unfixed>
- postgresql-15 <removed>
- postgresql-13 <removed>
+ [bullseye] - postgresql-13 <postponed> (Minor issue)
NOTE:
https://www.postgresql.org/about/news/postgresql-181-177-1611-1515-1420-and-1323-released-3171/
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=5e4fcbe531c668b4112beedde97aac79724074c5
(master)
NOTE: Fixed by:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=00eb646ea43410e5df77fed96f4a981e66811796
(REL_18_1)
=====================================
data/dla-needed.txt
=====================================
@@ -69,6 +69,9 @@ ckeditor
containerd
NOTE: 20251113: Added by Front-Desk (ta)
--
+cups-filters (Thorsten Alteholz)
+ NOTE: 20251116: Added by Front-Desk (ta)
+--
dnsdist
NOTE: 20250521: Added by Front-Desk (Beuc)
NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c761841351121a9cd7a022d925da3761bc7bd38...7bbd4f9824bab57a857ceefa67c8d7586be65612
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/3c761841351121a9cd7a022d925da3761bc7bd38...7bbd4f9824bab57a857ceefa67c8d7586be65612
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
