Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7b1c58e6 by Moritz Muehlenhoff at 2026-01-01T23:25:25+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -686,6 +686,7 @@ CVE-2025-69194
NOTE: Fixed by:
https://gitlab.com/gnuwget/wget2/-/commit/684be4785280fbe6b8666080bbdd87e7e5299ac5
(v2.2.1)
CVE-2025-69261 (WasmEdge is a WebAssembly runtime. Prior to version
0.16.0-alpha.3, a ...)
- wasmedge <unfixed> (bug #1124376)
+ [trixie] - wasmedge <no-dsa> (Minor issue)
NOTE:
https://github.com/WasmEdge/WasmEdge/security/advisories/GHSA-89fm-8mr7-gg4m
NOTE: Fixed by:
https://github.com/WasmEdge/WasmEdge/commit/37cc9fa19bd23edbbdaa9252059b17f191fa4d17
(0.16.0-alpha.3)
CVE-2025-69257 (theshit is a command-line utility that automatically detects
and fixes ...)
@@ -877,6 +878,8 @@ CVE-2025-52835 (Cross-Site Request Forgery (CSRF)
vulnerability in ConoHa by GMO
NOT-FOR-US: WordPress plugin or theme
CVE-2025-50343 (An issue was discovered in matio 1.5.28. A heap-based memory
corruptio ...)
- libmatio <unfixed>
+ [trixie] - libmatio <no-dsa> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libmatio <no-dsa> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/tbeu/matio/issues/275
CVE-2025-15359 (DVP-12SE11T - Out-of-bound memory write Vulnerability)
NOT-FOR-US: Delta Electronics
@@ -2068,6 +2071,8 @@ CVE-2025-15355 (ISOinsight developed by NetVision
Information has a Reflected Cr
NOT-FOR-US: NetVision Information
CVE-2025-15284 (Improper Input Validation vulnerability in qs (parse modules)
allows H ...)
- node-qs 6.14.1+ds+~6.14.0-1 (bug #1124315)
+ [trixie] - node-qs <no-dsa> (Minor issue)
+ [bookworm] - node-qs <no-dsa> (Minor issue)
NOTE:
https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p
NOTE:
https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9
(v6.14.1)
CVE-2025-15233 (A security flaw has been discovered in Tenda M3
1.0.0.13(4903). This i ...)
@@ -2172,6 +2177,8 @@ CVE-2025-68706 (A stack-based buffer overflow exists in
the GoAhead-Webs HTTP da
NOT-FOR-US: KuWFi
CVE-2025-68431 (libheif is an HEIF and AVIF file format decoder and encoder.
Prior to ...)
- libheif <unfixed> (bug #1124317)
+ [trixie] - libheif <no-dsa> (Minor issue)
+ [bookworm] - libheif <no-dsa> (Minor issue)
NOTE:
https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq
NOTE: Fixed by:
https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46
(v1.21.0)
CVE-2025-67255 (In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters
lack pro ...)
@@ -2212,6 +2219,8 @@ CVE-2025-65442 (DOM-based Cross-Site Scripting (XSS)
vulnerability in 201206030
NOT-FOR-US: 201206030 novel
CVE-2025-60458 (UxPlay 1.72 contains a double free vulnerability in its RTSP
request h ...)
- uxplay <unfixed> (bug #1124380)
+ [trixie] - uxplay <no-dsa> (Minor issue)
+ [bookworm] - uxplay <no-dsa> (Minor issue)
NOTE: https://github.com/0pepsi/CVE-2025-60458
NOTE: https://github.com/FDH2/UxPlay/issues/486
NOTE: https://github.com/FDH2/UxPlay/issues/441
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b1c58e64c8bd9254c6cc708fc2b29741631488e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7b1c58e64c8bd9254c6cc708fc2b29741631488e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
