bookworm triage

Moritz Muehlenhoff (@jmm) Thu, 18 Dec 2025 01:32:41 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
1579c88e by Moritz Muehlenhoff at 2025-12-18T10:31:34+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,6 +4,8 @@ CVE-2025-6324 (Improper Neutralization of Input During Web Page 
Generation ('Cro
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-68463 (Bio.Entrez in Biopython through 186 allows doctype XXE.)
        - python-biopython <unfixed>
+       [trixie] - python-biopython <no-dsa> (Minor issue)
+       [bookworm] - python-biopython <no-dsa> (Minor issue)
        NOTE: https://github.com/biopython/biopython/issues/5109
 CVE-2025-68459 (RG - AP180, Indoor Wall Plate Wireless AP AP180 series 
provided by Rui ...)
        NOT-FOR-US: RG - AP180, Indoor Wall Plate Wireless AP AP180 series
@@ -546,6 +548,8 @@ CVE-2025-14856 (A security vulnerability has been detected 
in y_project RuoYi up
        NOT-FOR-US: RuoYi
 CVE-2025-14841 (A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted 
element ...)
        - dcmtk <unfixed>
+       [trixie] - dcmtk <no-dsa> (Minor issue)
+       [bookworm] - dcmtk <no-dsa> (Minor issue)
        NOTE: https://support.dcmtk.org/redmine/issues/1183
        NOTE: Fixed by: 
https://github.com/DCMTK/dcmtk/commit/ffb1a4a37d2c876e3feeb31df4930f2aed7fa030 
(DCMTK-3.7.0)
 CVE-2025-14837 (A vulnerability has been found in ZZCMS 2025. Affected by this 
issue i ...)
@@ -17943,8 +17947,12 @@ CVE-2025-62777 (Use of Hard-Coded Credentials issue 
exists in MZK-DP300N version
        NOT-FOR-US: MZK-DP300N
 CVE-2025-62725 (Docker Compose trusts the path information embedded in remote 
OCI comp ...)
        - docker-compose <unfixed> (bug #1119298)
+       [trixie] - docker-compose <not-affected> (Vulnerable code introduced 
later)
+       [bookworm] - docker-compose <not-affected> (Vulnerable code introduced 
later)
        [bullseye] - docker-compose <not-affected> (Vulnerable code was 
introduced later)
        NOTE: 
https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q
+       NOTE: Introduced in: 
https://github.com/docker/compose/commit/66a47169d51ef4be5e230dda982661248b20f60a
 (v2.34.0)
+       NOTE: Introduced in: 
https://github.com/docker/compose/commit/840288895e673fcccd56a7830dee30d8a75523ef
 (v2.33.0)
        NOTE: Fixed by: 
https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176
 (v2.40.2)
 CVE-2025-62594 (ImageMagick is a software suite to create, edit, compose, or 
convert b ...)
        - imagemagick 8:7.1.2.8+dfsg1-1 (bug #1119296)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1579c88e9639927587c527a99e22e2f0d0b65be7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1579c88e9639927587c527a99e22e2f0d0b65be7
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to