bookworm triage

Moritz Muehlenhoff (@jmm) Sat, 27 Dec 2025 06:25:48 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3566b4b2 by Moritz Mühlenhoff at 2025-12-27T15:25:05+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2350,6 +2350,8 @@ CVE-2025-68614 (LibreNMS is an auto-discovering 
PHP/MySQL/SNMP based network mon
        NOT-FOR-US: LibreNMS
 CVE-2025-68480 (Marshmallow is a lightweight library for converting complex 
objects to ...)
        - python-marshmallow <unfixed> (bug #1123888)
+       [trixie] - python-marshmallow <no-dsa> (Minor issue)
+       [bookworm] - python-marshmallow <no-dsa> (Minor issue)
        NOTE: 
https://github.com/marshmallow-code/marshmallow/security/advisories/GHSA-428g-f7cq-pgp5
        NOTE: 
https://github.com/marshmallow-code/marshmallow/commit/218d98a785d3bd25dad8880bb07e9cce70340f31
 (4.1.2)
        NOTE: 
https://github.com/marshmallow-code/marshmallow/commit/70141f4180fb94ced3544cdefdaff89172dd3956
 (4.1.2)
@@ -2935,6 +2937,8 @@ CVE-2025-68279 (Weblate is a web based localization tool. 
In versions prior to 5
        NOT-FOR-US: Weblate
 CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9 
through 2. ...)
        - apache-log4j2 <unfixed> (bug #1123744)
+       [trixie] - apache-log4j2 <no-dsa> (Minor issue)
+       [bookworm] - apache-log4j2 <no-dsa> (Minor issue)
        NOTE: https://github.com/apache/logging-log4j2/pull/4002
        NOTE: https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx
 CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before 
2025-11-15 a ...)
@@ -3827,10 +3831,9 @@ CVE-2025-53430 (Improper Control of Filename for 
Include/Require Statement in PH
 CVE-2025-53429 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53000 (The nbconvert tool, jupyter nbconvert, converts Jupyter 
notebooks to v ...)
-       - nbconvert <unfixed>
+       - nbconvert <not-affected> (Windows-specific)
        NOTE: 
https://www.imperva.com/blog/code-execution-in-jupyter-notebook-exports/
        NOTE: https://github.com/jupyter/nbconvert/issues/2258
-       TODO: check, might only have a security impact on Windows
 CVE-2025-52768 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-52745 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3566b4b2fcd220a2cd4b347bb2fe17da34e41be3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3566b4b2fcd220a2cd4b347bb2fe17da34e41be3
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to