Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a517570 by Moritz Muehlenhoff at 2025-12-19T11:53:55+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -192,6 +192,8 @@ CVE-2025-11774 (Improper Neutralization of Special Elements
used in an OS Comman
NOT-FOR-US: Mitsubishi
CVE-2025-14876
- qemu <unfixed>
+ [trixie] - qemu <no-dsa> (Minor issue)
+ [bookworm] - qemu <no-dsa> (Minor issue)
NOTE:
https://lore.kernel.org/qemu-devel/[email protected]/T/#u
NOTE: Introduced with:
https://gitlab.com/qemu-project/qemu/-/commit/0e660a6f90abf8b517d7317595bcc8e8da31f2a1
(v7.1.0-rc0)
CVE-2025-9787 (Zohocorp ManageEngine Applications Manager versions 177400 and
below a ...)
@@ -340,6 +342,8 @@ CVE-2025-14877 (A vulnerability was identified in Campcodes
Supplier Management
NOT-FOR-US: Campcodes
CVE-2025-14874 (A flaw was found in Nodemailer. This vulnerability allows a
denial of ...)
- node-nodemailer <unfixed>
+ [trixie] - node-nodemailer <no-dsa> (Minor issue)
+ [bookworm] - node-nodemailer <no-dsa> (Minor issue)
NOTE:
https://github.com/nodemailer/nodemailer/security/advisories/GHSA-rcmh-qjqh-p98v
NOTE: Fixed by:
https://github.com/nodemailer/nodemailer/commit/b61b9c0cfd682b6f647754ca338373b68336a150
(v7.0.11)
CVE-2025-14861 (Memory safety bugs present in Firefox 146. Some of these bugs
showed e ...)
@@ -6819,6 +6823,7 @@ CVE-2025-12956 (A reflected Cross-site Scripting (XSS)
vulnerability affecting E
CVE-2025-59030 (An attacker can trigger the removal of cached records by
sending a NOT ...)
{DSA-6077-1}
- pdns-recursor 5.3.3-1 (bug #1122197)
+ [bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html
CVE-2025-59029 (An attacker can trigger an assertion failure by requesting
crafted DNS ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,10 @@ netty
opennds/oldstable
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
+php8.2/oldstable (jmm)
+--
+php8.4/stable (jmm)
+--
php-laravel-framework/oldstable
--
python-django
@@ -59,7 +63,7 @@ python-urllib3
--
python-tornado
--
-rails
+rails (jmm)
--
roundcube (carnil)
Maintainer is taking care of preparing updates
@@ -82,6 +86,8 @@ tomcat10/oldstable (apo)
--
tomcat11/stable (apo)
--
+usbmuxd (corsac)
+--
wordpress/stable
Utkarsh Gupta is preparing an update based on 6.8.3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a517570bedaac79eafdd03c5f8c47ac81dfa63d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a517570bedaac79eafdd03c5f8c47ac81dfa63d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
