bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 15 Dec 2025 07:08:22 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
078fdc61 by Moritz Muehlenhoff at 2025-12-15T16:07:24+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,6 +8,8 @@ CVE-2025-67900 (NXLog Agent before 6.11 can load a file 
specified by the OPENSSL
        NOT-FOR-US: NXLog Agent
 CVE-2025-67899 (uriparser through 0.9.9 allows unbounded recursion and stack 
consumpti ...)
        - uriparser <unfixed>
+       [trixie] - uriparser <no-dsa> (Minor issue)
+       [bookworm] - uriparser <no-dsa> (Minor issue)
        NOTE: https://github.com/uriparser/uriparser/issues/282
        NOTE: https://github.com/uriparser/uriparser/pull/284
 CVE-2025-67898 (MJML through 4.18.0 allows mj-include directory traversal to 
test file ...)
@@ -1190,7 +1192,11 @@ CVE-2025-14526 (A security flaw has been discovered in 
Tenda CH22 1.0.0.1. This
        NOT-FOR-US: Tenda
 CVE-2025-14523 (A flaw in libsoup\u2019s HTTP header handling allows multiple 
Host: he ...)
        - libsoup3 <unfixed> (bug #1122667)
+       [trixie] - libsoup3 <no-dsa> (Minor issue)
+       [bookworm] - libsoup3 <no-dsa> (Minor issue)
        - libsoup2.4 <removed>
+       [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+       [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/472
 CVE-2025-14522 (A vulnerability was detected in baowzh hfly up to 
638ff9abe9078bc977c1 ...)
        NOT-FOR-US: baowzh hfly
@@ -1347,6 +1353,7 @@ CVE-2025-67716 (The Auth0 Next.js SDK is a library for 
implementing user authent
        NOT-FOR-US: Next.js
 CVE-2025-67713 (Miniflux 2 is an open source feed reader. Versions 2.2.14 and 
below tr ...)
        - miniflux <unfixed> (bug #1122583)
+       [trixie] - miniflux <no-dsa> (Minor issue)
        NOTE: 
https://github.com/miniflux/v2/security/advisories/GHSA-wqv2-4wpg-8hc9
        NOTE: Fixed by: 
https://github.com/miniflux/v2/commit/76df99f3a3db234cf6b312be5e771485213d03c7 
(2.2.15)
 CVE-2025-67694
@@ -2892,6 +2899,8 @@ CVE-2024-47570 (An insertion of sensitive information 
into log file vulnerabilit
        NOT-FOR-US: Fortinet
 CVE-2024-38798 (EDK2 contains a vulnerability in BIOS where an attacker may 
cause \u20 ...)
        - edk2 <unfixed> (bug #1122288)
+       [trixie] - edk2 <no-dsa> (Minor issue)
+       [bookworm] - edk2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf
        NOTE: Fixed by: 
https://github.com/tianocore/edk2/commit/0cad130cb4885961da201bb9b08424b3fd3d2249
 (edk2-stable202511)
 CVE-2025-14333 (Memory safety bugs present in Firefox ESR 140.5, Thunderbird 
ESR 140.5 ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -73,5 +73,7 @@ tomcat10/oldstable (apo)
 --
 tomcat11/stable (apo)
 --
+wordpress/stable
+--
 zabbix/oldstable
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078fdc611135d8c18d0a3fceb4b466a3ee29449e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/078fdc611135d8c18d0a3fceb4b466a3ee29449e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to