[Git][security-tracker-team/security-tracker][master] automatic update

Sun, 01 Feb 2026 00:13:34 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c3625c27 by security tracker role at 2026-02-01T08:13:15+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2026-25069 (SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 
and prior  ...)
+       TODO: check
 CVE-2026-1165 (The Popup Box plugin for WordPress is vulnerable to Cross-Site 
Request ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-14554 (The Sell BTC - Cryptocurrency Selling Calculator plugin for 
WordPress  ...)
@@ -21083,14 +21085,17 @@ CVE-2025-67728 (Fireshare facilitates self-hosted 
media and link sharing. Versio
 CVE-2025-67727 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2025-67726 (Tornado is a Python web framework and asynchronous networking 
library. ...)
+       {DLA-4461-1}
        - python-tornado 6.5.4-0.1 (bug #1122663)
        NOTE: 
https://github.com/tornadoweb/tornado/security/advisories/GHSA-jhmp-mqwm-3gq8
        NOTE: Fixed by: 
https://github.com/tornadoweb/tornado/commit/771472cfdaeebc0d89a9cc46e249f8891a6b29cd
 (v6.5.3)
 CVE-2025-67725 (Tornado is a Python web framework and asynchronous networking 
library. ...)
+       {DLA-4461-1}
        - python-tornado 6.5.4-0.1 (bug #1122661)
        NOTE: 
https://github.com/tornadoweb/tornado/security/advisories/GHSA-c98p-7wgm-6p64
        NOTE: Fixed by: 
https://github.com/tornadoweb/tornado/commit/68e81b4a3385161877408a7a49c7ed12b45a614d
 (v6.5.3)
 CVE-2025-67724 (Tornado is a Python web framework and asynchronous networking 
library. ...)
+       {DLA-4461-1}
        - python-tornado 6.5.4-0.1 (bug #1122660)
        NOTE: 
https://github.com/tornadoweb/tornado/security/advisories/GHSA-pr2v-jx2c-wg9f
        NOTE: Fixed by: 
https://github.com/tornadoweb/tornado/commit/9c163aebeaad9e6e7d28bac1f33580eb00b0e421
 (v6.5.3)
@@ -31413,6 +31418,7 @@ CVE-2025-10495 (A potential vulnerability was reported 
in the Lenovo PC Manager,
 CVE-2024-48829 (Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, 
contain an ...)
        NOT-FOR-US: Dell / EMC
 CVE-2024-47866 (Ceph is a distributed object, block, and file storage 
platform. In ver ...)
+       {DLA-4460-1}
        - ceph 18.2.7+ds-1.1 (bug #1120797)
        NOTE: https://www.openwall.com/lists/oss-security/2025/11/11/3
        NOTE: 
https://github.com/ceph/ceph/security/advisories/GHSA-mgrm-g92q-f8h8
@@ -312342,6 +312348,7 @@ CVE-2022-45199 (Pillow before 9.3.0 allows denial of 
service via SAMPLESPERPIXEL
        NOTE: 
https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3
 (9.3.0)
        NOTE: https://github.com/python-pillow/Pillow/pull/6700
 CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly 
Compressed GI ...)
+       {DLA-4462-1}
        - pillow 9.2.0-1
        [buster] - pillow <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4
 (9.2.0)
@@ -371442,6 +371449,7 @@ CVE-2022-0672 (A flaw was found in LemMinX in 
versions prior to 0.19.0. Insecure
 CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. 
Schema dow ...)
        NOT-FOR-US: vscode-xml
 CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system 
"share ...)
+       {DLA-4460-1}
        - ceph 16.2.10+ds-1 (bug #1016069)
        [buster] - ceph <not-affected> (The volumes manager module was added in 
Ceph 14)
        NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/
@@ -374684,6 +374692,7 @@ CVE-2022-24305 (Zoho ManageEngine SharePoint Manager 
Plus before 4329 is vulnera
 CVE-2022-24304
        REJECTED
 CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because 
spaces in ...)
+       {DLA-4462-1}
        - pillow 9.0.1-1
        [buster] - pillow <ignored> (Minor issue)
        [stretch] - pillow <not-affected> (Vulnerable code introduced later)
@@ -446083,7 +446092,7 @@ CVE-2021-23439 (This affects the package 
file-upload-with-preview before 4.2.0.
 CVE-2021-23438 (This affects the package mpath before 0.8.4. A type confusion 
vulnerab ...)
        NOT-FOR-US: Node mpath
 CVE-2021-23437 (The package pillow 5.2.0 and before 8.3.2 are vulnerable to 
Regular Ex ...)
-       {DLA-3768-1}
+       {DLA-4462-1 DLA-3768-1}
        - pillow 8.3.2-1
        [stretch] - pillow <postponed> (Minor issue, can be fixed in the next 
DLA)
        NOTE: 
https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3625c27db31b0fb76aaa2ced5ce2696beea4433

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3625c27db31b0fb76aaa2ced5ce2696beea4433
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to