[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 21 Dec 2025 12:23:53 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7bcbf7ec by security tracker role at 2025-12-21T20:13:37+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-14995 (A vulnerability has been found in Tenda FH1201 1.2.0.14(408). 
Affected ...)
+       TODO: check
 CVE-2025-9343 (The ELEX WordPress HelpDesk & Customer Ticketing System plugin 
for Wor ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-68644 (Yealink RPS before 2025-06-27 allows unauthorized access to 
informatio ...)
@@ -1623,18 +1625,21 @@ CVE-2025-11009 (Cleartext Storage of Sensitive 
Information vulnerability in Mits
 CVE-2025-0852
        REJECTED
 CVE-2025-14180
+       {DSA-6088-1}
        - php8.4 <unfixed> (bug #1123574)
        - php8.2 <removed>
        - php7.4 <removed>
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj
        NOTE: Fixed by: 
https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 
(php-8.4.16)
 CVE-2025-14178
+       {DSA-6088-1}
        - php8.4 <unfixed> (bug #1123574)
        - php8.2 <removed>
        - php7.4 <removed>
        NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
        NOTE: Fixed by: 
https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8 
(php-8.4.16)
 CVE-2025-14177
+       {DSA-6088-1}
        - php8.4 <unfixed> (bug #1123574)
        - php8.2 <removed>
        - php7.4 <removed>
@@ -1647,9 +1652,11 @@ CVE-2025-68462 (Freedombox before 25.17.1 does not set 
proper permissions for th
        NOTE: Fixed by: 
https://salsa.debian.org/freedombox-team/freedombox/-/commit/8ba444990b4af6eec4b6b2b26482b107d7ff1229
 (v25.17.1)
        NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/2554 
(not public)
 CVE-2025-14766 (Out of bounds read and write in V8 in Google Chrome prior to 
143.0.749 ...)
+       {DSA-6089-1}
        - chromium 143.0.7499.169-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-14765 (Use after free in WebGPU in Google Chrome prior to 
143.0.7499.147 allo ...)
+       {DSA-6089-1}
        - chromium 143.0.7499.169-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2025-9460 (A maliciously crafted SLDPRT file, when parsed through certain 
Autodes ...)
@@ -30864,7 +30871,7 @@ CVE-2025-59534 (CryptoLib provides a software-only 
solution using the CCSDS Spac
 CVE-2025-59484 (The use of a broken or risky cryptographic algorithm was 
discovered in ...)
        NOT-FOR-US: Click Plus PLC
 CVE-2025-58674 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       {DSA-6075-1 DLA-4358-1}
+       {DSA-6091-1 DSA-6075-1 DLA-4358-1}
        - wordpress 6.8.3+dfsg1-1 (bug #1117047)
        NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
        NOTE: 
https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -30877,7 +30884,7 @@ CVE-2025-58319 (Delta Electronics CNCSoft-G2lacks 
proper validation of the user-
 CVE-2025-58317 (Delta Electronics CNCSoft-G2lacks proper validation of the 
user-suppli ...)
        NOT-FOR-US: Delta Electronics
 CVE-2025-58246 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Wor ...)
-       {DSA-6075-1 DLA-4358-1}
+       {DSA-6091-1 DSA-6075-1 DLA-4358-1}
        - wordpress 6.8.3+dfsg1-1 (bug #1117047)
        NOTE: https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
        NOTE: 
https://wordpress.org/documentation/wordpress-version/version-6-1-9/
@@ -35083,6 +35090,7 @@ CVE-2025-10477 (A vulnerability was identified in 
kidaze CourseSelectionSystem u
 CVE-2024-12367 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
        NOT-FOR-US: Vega Master
 CVE-2025-24293
+       {DSA-6090-1 DLA-4416-1}
        - rails 2:7.2.2.2+dfsg-1
        NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-r4mg-4433-c7g3
        NOTE: 
https://github.com/rails/rails/commit/2d612735ac0d9712fdfffaf80afa627e7295f6ce 
(v8.0.2.1)
@@ -46230,6 +46238,7 @@ CVE-2025-55196 (External Secrets Operator is a 
Kubernetes operator that integrat
 CVE-2025-55194 (Part-DB is an open source inventory management system for 
electronic c ...)
        NOT-FOR-US: Part-DB
 CVE-2025-55193 (Active Record connects classes to relational database tables. 
Prior to ...)
+       {DSA-6090-1 DLA-4416-1}
        - rails 2:7.2.2.2+dfsg-1 (bug #1111106)
        NOTE: 
https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
        NOTE: 
https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 
(v7.1.5.2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bcbf7eced46c78f597d5fb85fbb63091963891a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7bcbf7eced46c78f597d5fb85fbb63091963891a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to