Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f3b8d539 by Utkarsh Gupta at 2025-12-07T19:02:44+05:30
Mark apache2 CVEs as postponed for bullseye
- - - - -
fa68a610 by Utkarsh Gupta at 2025-12-07T19:02:47+05:30
Mark CVE-2025-13654/duc as postponed for bullseye
- - - - -
30eb2d82 by Utkarsh Gupta at 2025-12-07T19:02:51+05:30
Mark CVE-2025-32900/kdeconnect as ignored for bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -352,6 +352,7 @@ CVE-2025-13654 (A stack buffer overflow vulnerability
exists in the buffer_get f
- duc 1.4.6-1 (bug #1122057)
[trixie] - duc <no-dsa> (Minor issue)
[bookworm] - duc <no-dsa> (Minor issue)
+ [bullseye] - duc <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/zevv/duc/commit/8638c4365ffd9e1966bdef8af6339dbee8c17e66
(1.4.6)
NOTE:
https://hackingbydoing.wixsite.com/hackingbydoing/post/stack-buffer-overflow-in-duc
CVE-2025-13620 (The Wp Social Login and Register Social Counter plugin for
WordPress i ...)
@@ -454,6 +455,7 @@ CVE-2025-32901 (In KDE Connect before 1.33.0 on Android,
malicious device IDs (s
CVE-2025-32900 (In the KDE Connect information-exchange protocol before
2025-04-18, a ...)
- kdeconnect 25.04.0-1
[bookworm] - kdeconnect <ignored> (Minor issue, design limitation of
protocol version prior to 8)
+ [bullseye] - kdeconnect <ignored> (Minor issue, design limitation of
protocol version prior to 8)
- gnome-shell-extension-gsconnect 62-1
[bookworm] - gnome-shell-extension-gsconnect <ignored> (Minor issue,
design limitation of protocol version prior to 8)
NOTE: https://kde.org/info/security/advisory-20250418-2.txt
@@ -991,11 +993,13 @@ CVE-2025-66200 (mod_userdir+suexec bypass via
AllowOverride FileInfo vulnerabili
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <postponed> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <postponed> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache
HTTP Serv ...)
- apache2 <not-affected> (Only affects Apache on Windows)
@@ -1004,11 +1008,13 @@ CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier
with Server Side Includes
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <postponed> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
CVE-2025-55753 (An integer overflow in the case of failed ACME certificate
renewal lea ...)
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 <no-dsa> (Minor issue)
[bookworm] - apache2 <no-dsa> (Minor issue)
+ [bullseye] - apache2 <postponed> (Minor issue)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-55753
CVE-2025-40215 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
- linux 6.16.3-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36b37246ac34ff2a60fa77eef22f870675c52698...30eb2d824b5483205d35fdc8c212dc848196bc7c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36b37246ac34ff2a60fa77eef22f870675c52698...30eb2d824b5483205d35fdc8c212dc848196bc7c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
