Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad0d73ca by Thorsten Alteholz at 2025-11-16T23:45:46+01:00
mark CVE-2025-13120 as postponed for Bullseye
- - - - -
a4bd25da by Thorsten Alteholz at 2025-11-16T23:45:46+01:00
mark CVE-2025-64718 as postponed for Bullseye
- - - - -
8d834531 by Thorsten Alteholz at 2025-11-16T23:45:46+01:00
mark CVE-2025-59089 and CVE-2025-59088 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -393,6 +393,7 @@ CVE-2025-64718 (js-yaml is a JavaScript YAML parser and
dumper. In js-yaml 4.1.0
- node-js-yaml <unfixed> (bug #1120696)
[trixie] - node-js-yaml <no-dsa> (Minor issue)
[bookworm] - node-js-yaml <no-dsa> (Minor issue)
+ [bullseye] - node-js-yaml <postponed> (Minor issue)
NOTE:
https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m
NOTE: Fixed by:
https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879
(4.1.1)
CVE-2025-64717 (ZITADEL is an open source identity management platform.
Starting in ve ...)
@@ -606,6 +607,7 @@ CVE-2025-13120 (A vulnerability has been found in mruby up
to 3.4.0. This vulner
- mruby <unfixed> (bug #1120796)
[trixie] - mruby <no-dsa> (Minor issue)
[bookworm] - mruby <no-dsa> (Minor issue)
+ [bullseye] - mruby <postponed> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/6649
NOTE: Fixed by:
https://github.com/mruby/mruby/commit/eb398971bfb43c38db3e04528b68ac9a7ce509bc
CVE-2025-13119 (A flaw has been found in Fabian Ros/SourceCodester Simple
E-Banking Sy ...)
@@ -993,12 +995,14 @@ CVE-2025-59089 (If an attacker causes kdcproxy to connect
to an attacker-control
- python-kdcproxy <unfixed> (bug #1120702)
[trixie] - python-kdcproxy <no-dsa> (Minor issue)
[bookworm] - python-kdcproxy <no-dsa> (Minor issue)
+ [bullseye] - python-kdcproxy <postponed> (Minor issue)
NOTE: https://github.com/latchset/kdcproxy/pull/68
NOTE: Fixed by:
https://github.com/latchset/kdcproxy/commit/c7675365aa20be11f03247966336c7613cac84e1
CVE-2025-59088 (If kdcproxy receives a request for a realm which does not have
server ...)
- python-kdcproxy <unfixed> (bug #1120702)
[trixie] - python-kdcproxy <no-dsa> (Minor issue)
[bookworm] - python-kdcproxy <no-dsa> (Minor issue)
+ [bullseye] - python-kdcproxy <postponed> (Minor issue)
NOTE: https://github.com/latchset/kdcproxy/pull/68
NOTE: Fixed by:
https://github.com/latchset/kdcproxy/commit/1773f28eeea72ec6efcd433d3b66595c44d1253f
CVE-2025-64503 (cups-filters contains backends, filters, and other software
required t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad0560fbe6f04e14c3a440e62d9b3532b5e33705...8d83453171b1d83fe4cecbd1594d0f9df8bb884a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ad0560fbe6f04e14c3a440e62d9b3532b5e33705...8d83453171b1d83fe4cecbd1594d0f9df8bb884a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
