bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 21 Dec 2025 04:57:47 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d7c43e95 by Moritz Muehlenhoff at 2025-12-21T13:56:56+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -180,6 +180,8 @@ CVE-2025-53922 (Galette is a membership management web 
application for non profi
        - galette <removed>
 CVE-2025-50681 (igmpproxy 0.4 before commit 2b30c36 allows remote attackers to 
cause a ...)
        - igmpproxy <unfixed> (bug #1123741)
+       [trixie] - igmpproxy <no-dsa> (Minor issue)
+       [bookworm] - igmpproxy <no-dsa> (Minor issue)
        NOTE: https://github.com/pali/igmpproxy/issues/97
        NOTE: Fixed by: 
https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c
 CVE-2025-34433 (AVideo versions 14.3.1 prior to 20.1 contain an 
unauthenticated remote ...)
@@ -232,6 +234,7 @@ CVE-2025-14950 (A weakness has been identified in 
code-projects Scholars Trackin
        NOT-FOR-US: code-projects
 CVE-2025-14946 (A flaw was found in libnbd. A malicious actor could exploit 
this by co ...)
        - libnbd 1.22.5-1
+       [trixie] - libnbd <no-dsa> (Minor issue)
        [bookworm] - libnbd <not-affected> (Vulnerable code introduced later)
        NOTE: https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security
        NOTE: 
https://lists.libguestfs.org/archives/list/[email protected]/thread/YZMBF3SJRWTRVT5L3KWSNHITFTRMQNTT/
@@ -392,6 +395,8 @@ CVE-2025-62000 (BullWall Ransomware Containment does not 
entirely inspect a file
        NOT-FOR-US: BullWall
 CVE-2025-59529 (Avahi is a system which facilitates service discovery on a 
local netwo ...)
        - avahi <unfixed> (bug #1123671)
+       [trixie] - avahi <postponed> (Minor issue, revisit when fixed upstream)
+       [bookworm] - avahi <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: 
https://github.com/avahi/avahi/security/advisories/GHSA-73wf-3xmj-x82q
        NOTE: https://github.com/avahi/avahi/pull/808
 CVE-2025-53710 (Due to a product misconfiguration in certain deployment types, 
it was  ...)
@@ -481,6 +486,8 @@ CVE-2025-7047 (Missing Authorization vulnerability in 
Utarit Informatics Service
        NOT-FOR-US: SoliClub
 CVE-2025-68469 (ImageMagick is free and open-source software used for editing 
and mani ...)
        - imagemagick 8:6.9.12.98+dfsg1-2
+       [trixie] - imagemagick <no-dsa> (Minor issue)
+       [bookworm] - imagemagick <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fff3-4rp7-px97
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790
 (7.1.1-13)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/ac1f7ca1d88e14d30e5ae9bd30aad150bdbec20e
 (7.1.1-13)
@@ -9729,6 +9736,8 @@ CVE-2025-66036 (Retro is an online platform providing 
items of vintage collectio
        NOT-FOR-US: Retro
 CVE-2025-66034 (fontTools is a library for manipulating fonts, written in 
Python. In v ...)
        - fonttools <unfixed> (bug #1121605)
+       [trixie] - fonttools <no-dsa> (Minor issue)
+       [bookworm] - fonttools <no-dsa> (Minor issue)
        NOTE: 
https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv
        NOTE: Fixed by: 
https://github.com/fonttools/fonttools/commit/a696d5ba93270d5954f98e7cab5ddca8a02c1e32
 (4.61.0)
 CVE-2025-66027 (Rallly is an open-source scheduling and collaboration tool. 
Prior to v ...)
@@ -221413,13 +221422,10 @@ CVE-2023-37520 (UnauthenticatedStored Cross-Site 
Scripting (XSS) vulnerability i
 CVE-2023-37519 (Unauthenticated Stored Cross-Site Scripting (XSS) 
vulnerability. This  ...)
        NOT-FOR-US: HCL
 CVE-2023-42465 (Sudo before 1.9.15 might allow row hammer attacks (for 
authentication  ...)
-       - sudo 1.9.15p2-2
-       [bookworm] - sudo <no-dsa> (Minor issue)
-       [bullseye] - sudo <no-dsa> (Minor issue)
-       [buster] - sudo <no-dsa> (Minor issue)
+       - sudo 1.9.15p2-2 (unimportant)
        NOTE: https://www.openwall.com/lists/oss-security/2023/12/21/9
        NOTE: 
https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f
 (SUDO_1_9_15p1)
-       NOTE: it is more an hardening against hardware bug (rowhammer) than a 
security fix per se
+       NOTE: Hardening against a hardware bug (rowhammer), not a security fix 
per se
        NOTE: part of the code in the fix commit are not built because debian 
use PAM: plugins/sudoers/auth/sudo_auth.[ch]
        NOTE: plugins/sudoers/lookup.c part was added in version 1.9.15
        NOTE: plugins/sudoers/match.c, part was added in 1.8.21



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7c43e958ba7f8a5a79de0edb72fe638af318682

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7c43e958ba7f8a5a79de0edb72fe638af318682
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to