[Git][security-tracker-team/security-tracker][master] 2 commits: lts: add info that CVE-2025-65187/civicrm is not fixed in 6.7.0 through 6.9.0

Mon, 15 Dec 2025 02:33:38 -0800 


Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
7113a047 by Daniel Leidert at 2025-12-15T11:30:25+01:00
lts: add info that CVE-2025-65187/civicrm is not fixed in 6.7.0 through 6.9.0

Upstream verified that they are actively working on this issue and will likely
address it with the next release. We (LTS) should revisit it then.

- - - - -
49ae4ce1 by Daniel Leidert at 2025-12-15T11:31:48+01:00
dla: add roundcube

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5835,6 +5835,7 @@ CVE-2025-65215 (Sourcecodester Web-based Pharmacy Product 
Management System v1.0
        NOT-FOR-US: SourceCodester
 CVE-2025-65187 (A Stored Cross Site Scripting vulnerability exists in CiviCRM 
before v ...)
        - civicrm <removed>
+       NOTE: Vulnerability still open in release 6.9.0. Revisit when fixed 
upstream.
 CVE-2025-65186 (Grav CMS 1.7.49 is vulnerable to Cross Site Scripting (XSS). 
The page  ...)
        NOT-FOR-US: Grav CMS
 CVE-2025-65105 (Apptainer is an open source container platform. In Apptainer 
versions  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -380,6 +380,10 @@ rails (rouca)
   NOTE: 20251120: Import old security release and fix. Will likely do a 
partial release due to number of CVEs (rouca)
   NOTE: 20251125: Do a partial release. Need to fix bookworm first (rouca)
 --
+roundcube
+  NOTE: 20251215: Added by Front-Desk (dleidert)
+  NOTE: 20251215: Follow DSA (dleidert/front-desk)
+--
 runc
   NOTE: 20251105: Added by Front-Desk (Beuc)
   NOTE: 20251105: 3 high-severity container breakouts. Used by docker.io.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0721b68fd07ddd6ed1bc29c6ddd0e2f431b8ab37...49ae4ce1f18698175d132bd03496f055ae8f458f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0721b68fd07ddd6ed1bc29c6ddd0e2f431b8ab37...49ae4ce1f18698175d132bd03496f055ae8f458f
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to