Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a9950566 by security tracker role at 2026-01-25T08:12:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-6461 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin
for Word ...)
+ TODO: check
CVE-2026-1302 (The Meta-box GalleryMeta plugin for WordPress is vulnerable to
Stored ...)
NOT-FOR-US: WordPress plugin
CVE-2026-1300 (The Responsive Header plugin for WordPress is vulnerable to
Stored Cro ...)
@@ -2311,7 +2313,7 @@ CVE-2025-11468 (When folding a long comment in an email
header containing exclus
NOTE: https://github.com/python/cpython/pull/143936
NOTE: Fixed by:
https://github.com/python/cpython/commit/17d1490aa97bd6b98a42b1a9b324ead84e7fd8a2
(main)
CVE-2026-24061 (telnetd in GNU Inetutils through 2.7 allows remote
authentication bypa ...)
- {DSA-6106-1}
+ {DSA-6106-1 DLA-4453-1}
- inetutils 2:2.7-2 (bug #1126047)
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html
NOTE: Introduced with:
https://codeberg.org/inetutils/inetutils/commit/fa3245ac8c288b87139a0da8249d0a408c4dfb87
(inetutils-1_9_3)
@@ -23995,27 +23997,32 @@ CVE-2025-40216 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b (6.16-rc4)
CVE-2025-66200 (mod_userdir+suexec bypass via AllowOverride FileInfo
vulnerability in ...)
+ {DLA-4452-1}
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 2.4.66-1~deb12u1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-66200
NOTE:
https://github.com/apache/httpd/commit/9d26b95787b229a3f6195d7beead774d131eeda1
CVE-2025-65082 (Improper Neutralization of Escape, Meta, or Control Sequences
vulnerab ...)
+ {DLA-4452-1}
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 2.4.66-1~deb12u1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-65082
NOTE:
https://github.com/apache/httpd/commit/e4f00c5eb71d8a7aa1f52b5279832986f669d463
CVE-2025-59775 (Server-Side Request Forgery (SSRF) vulnerability in Apache
HTTP Serv ...)
+ {DLA-4452-1}
- apache2 <not-affected> (Only affects Apache on Windows)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-59775
CVE-2025-58098 (Apache HTTP Server 2.4.65 and earlier with Server Side
Includes (SSI) ...)
+ {DLA-4452-1}
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 2.4.66-1~deb12u1
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-58098
NOTE:
https://github.com/apache/httpd/commit/ecc1b8f3817e3dcab9c1f24f905752d3c0a279af
CVE-2025-55753 (An integer overflow in the case of failed ACME certificate
renewal lea ...)
+ {DLA-4452-1}
- apache2 2.4.66-1 (bug #1121926)
[trixie] - apache2 2.4.66-1~deb13u1
[bookworm] - apache2 2.4.66-1~deb12u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9950566ae4d2c4a9c331e2c8dc81c0d5d556228
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a9950566ae4d2c4a9c331e2c8dc81c0d5d556228
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
