Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef58f973 by Moritz Muehlenhoff at 2025-12-06T16:39:00+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -871,18 +871,26 @@ CVE-2025-40216 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b (6.16-rc4)
CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo
vulnerability in ...)
- apache2 2.4.66-1 (bug #1121926)
+ [trixie] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
- apache2 2.4.66-1 (bug #1121926)
+ [trixie] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache
HTTP Serv ...)
- apache2 <not-affected> (Only affects Apache on Windows)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-59775
CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side
Includes (SSI) ...)
- apache2 2.4.66-1 (bug #1121926)
+ [trixie] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
CVE-2025-55753 (An integer overflow in the case of failed ACME certificate
renewal lea ...)
- apache2 2.4.66-1 (bug #1121926)
+ [trixie] - apache2 <no-dsa> (Minor issue)
+ [bookworm] - apache2 <no-dsa> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
CVE-2025-40215 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.16.3-1
@@ -1087,7 +1095,9 @@ CVE-2025-12358 (The ShopEngine Elementor WooCommerce
Builder Addon plugin for Wo
CVE-2025-12084 (When building nested elements using xml.dom.minidom methods
such as ap ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- python2.7 <removed>
- pypy3 <unfixed>
@@ -1749,7 +1759,9 @@ CVE-2025-20085 (A denial of service vulnerability exists
in the Modbus RTU over
CVE-2025-13837 (When loading a plist file, the plistlib module reads data in
size spec ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
NOTE: https://github.com/python/cpython/issues/119342
NOTE: https://github.com/python/cpython/pull/119343
@@ -1759,7 +1771,9 @@ CVE-2025-13837 (When loading a plist file, the plistlib
module reads data in siz
CVE-2025-13836 (When reading an HTTP response from a server, if no read amount
is spec ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
NOTE: https://github.com/python/cpython/issues/119451
NOTE: https://github.com/python/cpython/pull/119454
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef58f9738dcc57be49f0cccc1c273b956e244296
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef58f9738dcc57be49f0cccc1c273b956e244296
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
