bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 30 Nov 2025 06:34:44 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b9271ef2 by Moritz Muehlenhoff at 2025-11-30T15:34:06+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -109,6 +109,8 @@ CVE-2025-66384 (app/Controller/EventsController.php in MISP 
before 2.5.24 has in
        NOT-FOR-US: MISP
 CVE-2025-66382 (In libexpat through 2.7.3, a crafted file with an approximate 
size of  ...)
        - expat <unfixed> (bug #1121543)
+       [trixie] - expat <postponed> (Minor issue, revisit when fixed upstream)
+       [bookworm] - expat <postponed> (Minor issue, revisit when fixed 
upstream)
        [bullseye] - expat <postponed> (minor issue; DoS)
        NOTE: https://github.com/libexpat/libexpat/issues/1076
 CVE-2025-66372 (Mustang before 2.16.3 allows exfiltrating files via XXE 
attacks.)
@@ -247,6 +249,7 @@ CVE-2025-66314 (Improper Privilege Management vulnerability 
in ZTE ElasticNet UM
        NOT-FOR-US: ZTE
 CVE-2025-66040 (Spotipy is a Python library for the Spotify Web API. Prior to 
version  ...)
        - spotipy <unfixed> (bug #1121540)
+       [trixie] - spotipy <no-dsa> (Minor issue)
        NOTE: 
https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm
        NOTE: 
https://github.com/spotipy-dev/spotipy/commit/880b92d7243dcf2b83bf31dc365a858d8b5e6767
 (2.25.2)
 CVE-2025-66035 (Angular is a development platform for building mobile and 
desktop web  ...)
@@ -492,6 +495,8 @@ CVE-2025-13611 (GitLab has remediated an issue in GitLab 
CE/EE affecting all ver
        - gitlab <unfixed>
 CVE-2025-13601 (A heap-based buffer overflow problem was found in glib through 
an inco ...)
        - glib2.0 <unfixed> (bug #1121488)
+       [trixie] - glib2.0 <no-dsa> (Minor issue)
+       [bookworm] - glib2.0 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3827
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4915
@@ -2198,27 +2203,43 @@ CVE-2025-13086 [HMAC verification check: fix incorrect 
memcmp() call]
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/fa6a1824b0f37bff137204156a74ca28cf5b6f83
 (v2.6.16)
 CVE-2025-64438
        - fastdds <unfixed> (bug #1121096)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/0b0cb308eaeeb2175694aa0a0a723106824ce9a7
 (v3.4.1)
 CVE-2025-62799
        - fastdds <unfixed> (bug #1121097)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/d6dd58f4ecd28cd1c3bc4ef0467be9110fa94659
 (v3.4.1)
 CVE-2025-62599
        - fastdds <unfixed> (bug #1121094)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
 (v3.4.1)
 CVE-2025-62600
        - fastdds <unfixed> (bug #1121094)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
 (v3.4.1)
 CVE-2025-62601
        - fastdds <unfixed> (bug #1121094)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
 (v3.4.1)
 CVE-2025-62602
        - fastdds <unfixed> (bug #1121094)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
 (v3.4.1)
 CVE-2025-62603
        - fastdds <unfixed> (bug #1121094)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
 (v3.4.1)
 CVE-2025-64098
        - fastdds <unfixed> (bug #1121094)
+       [trixie] - fastdds <no-dsa> (Minor issue)
+       [bookworm] - fastdds <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/354218514d32beac963ff5c306f1cf159ee37c5f
 (v3.4.1)
 CVE-2025-9977 (Value provided in one of POST parameters sent during the 
process of lo ...)
        NOT-FOR-US: Times Software E-Payroll



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9271ef27416e7146e532b7443d1ae36cb6d5142

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9271ef27416e7146e532b7443d1ae36cb6d5142
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to