rhino as postponed

Emilio Pozuelo Monfort (@pochu) Tue, 16 Dec 2025 02:47:15 -0800


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
08857440 by Emilio Pozuelo Monfort at 2025-12-16T11:46:51+01:00
lts: triage CVE-2025-66453/rhino as postponed

- - - - -
167f2161 by Emilio Pozuelo Monfort at 2025-12-16T11:46:51+01:00
lts: triage CVE-2025-67899/uriparser as postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -139,6 +139,7 @@ CVE-2025-67899 (uriparser through 0.9.9 allows unbounded 
recursion and stack con
        - uriparser <unfixed>
        [trixie] - uriparser <no-dsa> (Minor issue)
        [bookworm] - uriparser <no-dsa> (Minor issue)
+       [bullseye] - uriparser <postponed> (Minor issue)
        NOTE: https://github.com/uriparser/uriparser/issues/282
        NOTE: https://github.com/uriparser/uriparser/pull/284
 CVE-2025-67898 (MJML through 4.18.0 allows mj-include directory traversal to 
test file ...)
@@ -5724,6 +5725,7 @@ CVE-2025-66478
        REJECTED
 CVE-2025-66453 (Rhino is an open-source implementation of JavaScript written 
entirely  ...)
        - rhino <unfixed> (bug #1121953)
+       [bullseye] - rhino <postponed> (Minor issue)
        NOTE: 
https://github.com/mozilla/rhino/security/advisories/GHSA-3w8q-xq97-5j7x
        NOTE: Fixed by: 
https://github.com/mozilla/rhino/commit/b333c3ec7a86409d62b0aab315129584fe18cb9e
 (Rhino1_7_15_1_Release)
        NOTE: Fixed by: 
https://github.com/mozilla/rhino/commit/2bcf4c43deace35f1f57d86377c6767b0608986e
 (Rhino1_7_14_1_Release)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d6ed73a3bfa9c942969f0a7a1a10dbf169d81d2...167f216126ec73f141320096758aecfd69bff53b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2d6ed73a3bfa9c942969f0a7a1a10dbf169d81d2...167f216126ec73f141320096758aecfd69bff53b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: lts: triage CVE-2025-66453/rhino as postponed

Reply via email to