trixie triage

Moritz Muehlenhoff (@jmm) Sat, 13 Dec 2025 11:15:08 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7258bea8 by Moritz Muehlenhoff at 2025-12-13T20:14:15+01:00
bookworm/trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,12 +35,11 @@ CVE-2025-67863
 CVE-2025-67750 (Lightning Flow Scanner provides a A CLI plugin, VS Code 
Extension and  ...)
        NOT-FOR-US: Lightning Flow Scanner
 CVE-2025-67749 (PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. 
In versi ...)
-       - pcsx2 <unfixed> (bug #1122861)
-       [trixie] - pcsx2 <no-dsa> (Minor issue)
-       [bookworm] - pcsx2 <no-dsa> (Minor issue)
+       - pcsx2 <unfixed> (bug #1122861; unimportant)
        NOTE: 
https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w
        NOTE: https://github.com/PCSX2/pcsx2/pull/13693
        NOTE: Fixed by: 
https://github.com/PCSX2/pcsx2/commit/8164f2b2db6993170aced27d171bdc4e1f2eb5c8 
(v2.5.378)
+       NOTE: Crash in CLI tool, no security impact
 CVE-2025-67721 (Aircompressor is a library with ports of the Snappy, LZO, LZ4, 
and Zst ...)
        NOT-FOR-US: Aircompressor
 CVE-2025-67634 (The CISA Software Acquisition Guide Supplier Response Web Tool 
before  ...)
@@ -1321,8 +1320,10 @@ CVE-2025-65814 (A lack of security checks in the file 
import process of RHOPHI A
        NOT-FOR-US: RHOPHI Analytics LLP Office App-Edit Word
 CVE-2025-65807 (An issue in sd command v1.0.0 and before allows attackers to 
escalate  ...)
        - rust-sd <unfixed>
+       [trixie] - rust-sd <no-dsa> (Minor issue)
+       [bookworm] - rust-sd <no-dsa> (Minor issue)
        NOTE: https://gist.github.com/faabbi/827f10e144fdd342e13a3dd838902e83
-       TODO: check details and impact/severity
+       NOTE: https://github.com/chmln/sd/issues/323
 CVE-2025-65803 (An integer overflow in the psdParser::ReadImageData function 
of FreeIm ...)
        - freeimage <unfixed> (bug #1122826)
        [trixie] - freeimage <postponed> (Minor issue, revisit when fixed 
upstream)
@@ -2813,17 +2814,23 @@ CVE-2025-14309 (NULL Pointer Dereference vulnerability 
in ravynsoft ravynos.This
        NOT-FOR-US: ravynos
 CVE-2025-14308 (An integer overflow vulnerability exists in the write method 
of the Bu ...)
        - robocode <unfixed> (bug #1122289)
+       [trixie] - robocode <no-dsa> (Minor issue)
+       [bookworm] - robocode <no-dsa> (Minor issue)
        NOTE: https://github.com/robo-code/robocode/pull/70
        NOTE: Fixed by: 
https://github.com/robo-code/robocode/commit/5ca52e3af7e35cd0a7309d573595dcb78cce7fa7
 (VER_1_9_5_6)
        NOTE: Fixed by: 
https://github.com/robo-code/robocode/commit/9f616173e5ed3b7b6c02c2b230b1014822bee363
 (VER_1_9_5_6)
        NOTE: Fixed by: 
https://github.com/robo-code/robocode/commit/9787e2cc90942d94ae341cf5562e42495443084b
 (VER_1_9_5_6)
 CVE-2025-14307 (An insecure temporary file creation vulnerability exists in 
the AutoEx ...)
        - robocode <unfixed> (bug #1122289)
+       [trixie] - robocode <no-dsa> (Minor issue)
+       [bookworm] - robocode <no-dsa> (Minor issue)
        NOTE: https://github.com/robo-code/robocode/pull/68
        NOTE: Fixed by: 
https://github.com/robo-code/robocode/commit/964b10f74064d04a3ea05a52b74ed86f485a13d5
 (VER_1_9_5_6)
        NOTE: Fixed by: 
https://github.com/robo-code/robocode/commit/1638298ac872d7a92daf02de758f35f8012eae96
 (VER_1_9_5_6)
 CVE-2025-14306 (A directory traversal vulnerability exists in the CacheCleaner 
compone ...)
        - robocode <unfixed> (bug #1122289)
+       [trixie] - robocode <no-dsa> (Minor issue)
+       [bookworm] - robocode <no-dsa> (Minor issue)
        NOTE: https://github.com/robo-code/robocode/pull/67
        NOTE: Fixed by: 
https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f
 (VER_1_9_5_6)
 CVE-2025-14286 (A vulnerability was determined in Tenda AC9 15.03.05.14_multi. 
Affecte ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -15,6 +15,8 @@ If needed, specify the release by adding a slash after the 
name of the source pa
 amd64-microcode (carnil)
   Coordinating with maintainer DSA/bookworm-pu and sync with mitgations in 
src:linux
 --
+c-ares/stable
+--
 cpp-httplib
   Maintainer preparing updates, waiting for feedback on bookworm status
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7258bea870551dc5be590b1a99f98a3a0ac33aa5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7258bea870551dc5be590b1a99f98a3a0ac33aa5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Reply via email to