Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2d31e962 by Moritz Muehlenhoff at 2025-12-04T17:14:53+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -116,6 +116,8 @@ CVE-2025-50360 (A heap buffer overflow in compiler.c and
compiler.h in Pepper la
TODO: check
CVE-2025-39665 (User enumeration in Nagvis' Checkmk MultisiteAuth before
version 1.9.4 ...)
- nagvis 1:1.9.48-1
+ [trixie] - nagvis <no-dsa> (Minor issue)
+ [bookworm] - nagvis <no-dsa> (Minor issue)
NOTE: https://github.com/NagVis/nagvis/pull/411
NOTE: Fixed by:
https://github.com/NagVis/nagvis/commit/1a3d3ed21fb974da952ce2df13f20c2884626ebe
(nagvis-1.9.48)
CVE-2025-34319 (TOTOLINK N300RT wireless router firmware versions prior
toV3.4.0-B2025 ...)
@@ -198,7 +200,11 @@ CVE-2025-12084 (When building nested elements using
xml.dom.minidom methods such
- python3.9 <removed>
- python2.7 <removed>
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
- jython <unfixed>
+ [trixie] - jython <no-dsa> (Minor issue)
+ [bookworm] - jython <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/pull/142146
NOTE: https://github.com/python/cpython/issues/142145
NOTE: Fixed by:
https://github.com/python/cpython/commit/08d8e18ad81cd45bc4a27d6da478b51ea49486e4
(main)
@@ -237,13 +243,15 @@ CVE-2025-61940 (NMIS/BioDose V22.02 and previous versions
rely on a common SQL S
CVE-2025-55181 (Sending an HTTP request/response body with greater than 2^31
bytes tri ...)
NOT-FOR-US: Meta software not packaged in Debian
CVE-2025-13946 (MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and
4.4.0 t ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (unimportant)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-08.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20884
+ NOTE: Hang in CLI tool, no security impact
CVE-2025-13945 (HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows
denial of se ...)
- - wireshark <unfixed>
+ - wireshark <unfixed> (unimportant)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-07.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20860
+ NOTE: Hang in CLI tool, no security impact
CVE-2025-13646 (The Modula Image Gallery plugin for WordPress is vulnerable to
arbitra ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13645 (The Modula Image Gallery plugin for WordPress is vulnerable to
arbitra ...)
@@ -322,6 +330,7 @@ CVE-2025-61727 (An excluded subdomain constraint in a
certificate chain does not
- golang-1.25 <unfixed> (bug #1121847)
- golang-1.24 <unfixed> (bug #1121848)
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
NOTE: https://github.com/golang/go/issues/76442
@@ -331,6 +340,7 @@ CVE-2025-61729 (Within HostnameError.Error(), when
constructing an error string,
- golang-1.25 <unfixed> (bug #1121847)
- golang-1.24 <unfixed> (bug #1121848)
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
NOTE: https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
NOTE: https://go-review.googlesource.com/c/go/+/725920
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d31e96286b65fca09ea01dee552b36e93a97b09
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2d31e96286b65fca09ea01dee552b36e93a97b09
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
