Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bbb92bcc by security tracker role at 2025-12-04T08:12:54+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,22 @@
-CVE-2025-66293 [Out-of-bounds read in png_image_read_composite]
+CVE-2025-66404 (MCP Server Kubernetes is an MCP Server that can connect to a
Kubernete ...)
+ TODO: check
+CVE-2025-65868 (XML external entity (XXE) injection in eyoucms v1.7.1 allows
remote at ...)
+ TODO: check
+CVE-2025-64055 (An issue was discovered in Fanvil x210 V2 2.12.20 allowing
unauthentic ...)
+ TODO: check
+CVE-2025-62173 (## Summary Authenticated SQL Injection Vulnerability in
Endpoint Modu ...)
+ TODO: check
+CVE-2025-13513 (The Clik stats plugin for WordPress is vulnerable to Reflected
Cross-S ...)
+ TODO: check
+CVE-2025-12826 (The Custom Post Type UI plugin for WordPress is vulnerable to
authoriz ...)
+ TODO: check
+CVE-2025-12782 (The Beaver Builder \u2013 WordPress Page Builder plugin for
WordPress ...)
+ TODO: check
+CVE-2025-11727 (The Omnichannel for WooCommerce: Google, Amazon, eBay &
Walmart Integr ...)
+ TODO: check
+CVE-2025-11379 (The WebP Express plugin for WordPress is vulnerable to
information exp ...)
+ TODO: check
+CVE-2025-66293 (LIBPNG is a reference library for use in applications that
read, creat ...)
- libpng1.6 1.6.52-1 (bug #1121877)
NOTE:
https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1
(v1.6.52)
@@ -3136,6 +3154,7 @@ CVE-2025-12106 (Insufficient argument validation in
OpenVPN 2.7_alpha1 through 2
- openvpn <not-affected> (Vulnerable code only in 2.7 upstream)
NOTE:
https://community.openvpn.net/Security%20Announcements/CVE-2025-12106
CVE-2025-13086 (Improper validation of source IP addresses in OpenVPN version
2.6.0 th ...)
+ {DSA-6069-1}
[experimental] - openvpn 2.7.0~rc2-1
- openvpn 2.7.0~rc2-2 (bug #1121086)
[bullseye] - openvpn <not-affected> (Vulnerable code not present)
@@ -7681,6 +7700,7 @@ CVE-2025-43445 (An out-of-bounds read was addressed with
improved input validati
CVE-2025-43444 (A permissions issue was addressed with additional
restrictions. This i ...)
NOT-FOR-US: Apple
CVE-2025-43443 (This issue was addressed with improved checks. This issue is
fixed in ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7692,6 +7712,7 @@ CVE-2025-43442 (A permissions issue was addressed with
additional restrictions.
CVE-2025-43441 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43440 (This issue was addressed with improved checks This issue is
fixed in S ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7707,6 +7728,7 @@ CVE-2025-43436 (A permissions issue was addressed with
additional restrictions.
CVE-2025-43435 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43434 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7716,6 +7738,7 @@ CVE-2025-43434 (A use-after-free issue was addressed with
improved memory manage
CVE-2025-43433 (The issue was addressed with improved memory handling. This
issue is f ...)
NOT-FOR-US: Apple
CVE-2025-43432 (A use-after-free issue was addressed with improved memory
management. ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7723,6 +7746,7 @@ CVE-2025-43432 (A use-after-free issue was addressed with
improved memory manage
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43431 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7730,6 +7754,7 @@ CVE-2025-43431 (The issue was addressed with improved
memory handling. This issu
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43430 (This issue was addressed through improved state management.
This issue ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7737,6 +7762,7 @@ CVE-2025-43430 (This issue was addressed through improved
state management. This
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43429 (A buffer overflow was addressed with improved bounds checking.
This is ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7744,6 +7770,7 @@ CVE-2025-43429 (A buffer overflow was addressed with
improved bounds checking. T
[bullseye] - wpewebkit <end-of-life> (see #1035997)
NOTE: https://webkitgtk.org/security/WSA-2025-0008.html
CVE-2025-43427 (This issue was addressed through improved state management.
This issue ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7753,6 +7780,7 @@ CVE-2025-43427 (This issue was addressed through improved
state management. This
CVE-2025-43426 (A logging issue was addressed with improved data redaction.
This issue ...)
NOT-FOR-US: Apple
CVE-2025-43425 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
@@ -7808,6 +7836,7 @@ CVE-2025-43395 (This issue was addressed with improved
handling of symlinks. Thi
CVE-2025-43394 (This issue was addressed with improved handling of symlinks.
This issu ...)
NOT-FOR-US: Apple
CVE-2025-43392 (The issue was addressed with improved handling of caches. This
issue i ...)
+ {DSA-6070-1 DLA-4394-1}
- webkit2gtk 2.50.2-1
- wpewebkit 2.50.2-1
[trixie] - wpewebkit <ignored> (wpewebkit not covered by security
support in Trixie)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb92bccab860441ceecaed1a5b05c59f8d206d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bbb92bccab860441ceecaed1a5b05c59f8d206d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
