Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a6711d0 by Emilio Pozuelo Monfort at 2025-12-18T18:22:00+01:00
lts: CVE-2025-41066/php-horde-groupware no-dsa
- - - - -
b84ee9bb by Emilio Pozuelo Monfort at 2025-12-18T18:22:02+01:00
lts: mark CVE-2025-68463/python-biopython as no-dsa
- - - - -
e0691f61 by Emilio Pozuelo Monfort at 2025-12-18T18:22:03+01:00
lts: triage ckermit issue as postponed
- - - - -
25ca4187 by Emilio Pozuelo Monfort at 2025-12-18T18:22:04+01:00
lts: lz4-java issues no-dsa on bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,6 +18,7 @@ CVE-2025-68463 (Bio.Entrez in Biopython through 186 allows
doctype XXE.)
- python-biopython <unfixed>
[trixie] - python-biopython <no-dsa> (Minor issue)
[bookworm] - python-biopython <no-dsa> (Minor issue)
+ [bullseye] - python-biopython <no-dsa> (Minor issue)
NOTE: https://github.com/biopython/biopython/issues/5109
CVE-2025-68459 (RG - AP180, Indoor Wall Plate Wireless AP AP180 series
provided by Rui ...)
NOT-FOR-US: RG - AP180, Indoor Wall Plate Wireless AP AP180 series
@@ -2125,6 +2126,7 @@ CVE-2025-XXXX [Malicious remote can overwrite and
exfiltrate local files]
- ckermit 416~beta12-5 (bug #1123025)
[trixie] - ckermit <no-dsa> (Minor issue; documented; can be fixed via
point release)
[bookworm] - ckermit <no-dsa> (Minor issue; documented; can be fixed
via point release)
+ [bullseye] - ckermit <postponed> (Minor issue; documented)
CVE-2025-67809 (An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and
10.1. A ...)
NOT-FOR-US: Zimbra
CVE-2025-66963 (An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local
attacker to obt ...)
@@ -7033,6 +7035,7 @@ CVE-2025-66566 (yawkat LZ4 Java provides LZ4 compression
for Java. Insufficient
- lz4-java <unfixed> (bug #1122026)
[trixie] - lz4-java <no-dsa> (Minor issue)
[bookworm] - lz4-java <no-dsa> (Minor issue)
+ [bullseye] - lz4-java <no-dsa> (Minor issue)
NOTE:
https://github.com/yawkat/lz4-java/security/advisories/GHSA-cmp6-m4wj-q63q
NOTE: Fixed by:
https://github.com/yawkat/lz4-java/commit/33d180cb70c4d93c80fb0dc3ab3002f457e93840
(v1.10.1)
CVE-2025-66562 (TUUI is a desktop MCP client designed as a tool unitary
utility integr ...)
@@ -8295,6 +8298,7 @@ CVE-2025-41086 (Vulnerability in the access control
system of the GAMS licensing
CVE-2025-41066 (Horde Groupware v5.2.22 has a user enumeration vulnerability
that allo ...)
- php-horde-groupware <unfixed> (bug #1123000)
[bookworm] - php-horde-groupware <no-dsa> (Minor issue)
+ [bullseye] - php-horde-groupware <no-dsa> (Minor issue)
NOTE:
https://www.incibe.es/en/incibe-cert/notices/aviso/disclosure-sensitive-information-horde-groupware
CVE-2025-41015 (User Enumeration Vulnerability in TCMAN GIM v11 version
20250304. This ...)
NOT-FOR-US: TCMAN GIM
@@ -9009,6 +9013,7 @@ CVE-2025-12183 (Out-of-bounds memory operations in
org.lz4:lz4-java 1.8.0 and ea
- lz4-java <unfixed> (bug #1122026)
[trixie] - lz4-java <no-dsa> (Minor issue)
[bookworm] - lz4-java <no-dsa> (Minor issue)
+ [bullseye] - lz4-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/12/01/5
NOTE: Releases 1.8.1, 1.9.0, and 1.10.0 of yawkat LZ4 Java contain
multiple sparsely
NOTE: documented patches to address this CVE.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00ccf65260d0d149db82d69e3eae4fd383404223...25ca41875ddb729392726025d54345c438308fc0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/00ccf65260d0d149db82d69e3eae4fd383404223...25ca41875ddb729392726025d54345c438308fc0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
