Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
662629f7 by Moritz Muehlenhoff at 2025-07-15T14:53:11+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58,7 +58,7 @@ CVE-2025-53640 (Indico is an event management system that
uses Flask-Multipass,
CVE-2025-3621 (Vulnerabilities* in ActADUR local server product, developed and
mainta ...)
NOT-FOR-US: ActADUR
CVE-2025-53643 (AIOHTTP is an asynchronous HTTP client/server framework for
asyncio an ...)
- - python-aiohttp <unfixed>
+ - python-aiohttp <unfixed> (bug #1109336)
NOTE:
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-9548-qrrj-x5pj
NOTE:
https://github.com/aio-libs/aiohttp/commit/e8d774f635dc6d1cd3174d0e38891da5de0e2b6a
(v3.12.14)
CVE-2025-7628 (A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up
to 5fb ...)
@@ -132,29 +132,29 @@ CVE-2025-7588 (A vulnerability classified as critical has
been found in PHPGuruk
CVE-2025-7587 (A vulnerability was found in code-projects Online Appointment
Booking ...)
NOT-FOR-US: code-projects
CVE-2025-7519 (A flaw was found in polkit. When processing an XML policy with
32 or m ...)
- - policykit-1 <unfixed>
+ - policykit-1 <unfixed> (bug #1109334)
[bookworm] - policykit-1 <no-dsa> (Minor issue; need high privilege
account to place malicious policy file)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379675
NOTE: Fixed by:
https://github.com/polkit-org/polkit/commit/107d3801361b9f9084f78710178e683391f1d245
CVE-2025-53689 (Blind XXE Vulnerabilities in jackrabbit-spi-commons and
jackrabbit-cor ...)
- - jackrabbit <unfixed>
+ - jackrabbit <unfixed> (bug #1109335)
NOTE: https://lists.apache.org/thread/5pf9n76ny13pzzk765og2h3gxdxw7p24
CVE-2025-53639 (MeterSphere is an open source continuous testing platform.
Prior to ve ...)
NOT-FOR-US: MeterSphere
CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that
make jobs ...)
NOT-FOR-US: Shopify extension
CVE-2025-53101 (ImageMagick is free and open-source software used for editing
and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
NOTE:
https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774
(7.1.2-0)
CVE-2025-53019 (ImageMagick is free and open-source software used for editing
and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc
CVE-2025-53015 (ImageMagick is free and open-source software used for editing
and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g
CVE-2025-53014 (ImageMagick is free and open-source software used for editing
and mani ...)
- - imagemagick <unfixed>
+ - imagemagick <unfixed> (bug #1109339)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f
CVE-2025-52363 (Tenda CP3 Pro Firmware V22.5.4.93 contains a hardcoded root
password h ...)
NOT-FOR-US: Tenda
@@ -512,7 +512,7 @@ CVE-2025-53871
CVE-2025-53636 (Open OnDemand is an open-source HPC portal. Users can flood
logs by in ...)
NOT-FOR-US: Open OnDemand
CVE-2025-24294 (The attack vector is a potential Denial of Service (DoS). The
vulnerab ...)
- - ruby3.3 <unfixed>
+ - ruby3.3 <unfixed> (bug #1109337)
- ruby3.1 <removed>
- ruby2.7 <removed>
NOTE:
https://www.ruby-lang.org/en/news/2025/07/08/dos-resolv-cve-2025-24294/
@@ -844,11 +844,11 @@ CVE-2025-53630 (llama.cpp is an inference of several LLM
models in C/C++. Intege
NOTE:
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-vgg9-87g3-85w8
NOTE: Fixed by:
https://github.com/ggml-org/llama.cpp/commit/26a48ad699d50b6268900062661bd22f3e792579
(b5854)
CVE-2025-53629 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
- - cpp-httplib <unfixed>
+ - cpp-httplib <unfixed> (bug #1109340)
NOTE:
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w
NOTE:
https://github.com/yhirose/cpp-httplib/commit/17ba303889b8d4d719be3879a70639ab653efb99
(v0.23.0)
CVE-2025-53628 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
- - cpp-httplib <unfixed>
+ - cpp-httplib <unfixed> (bug #1109340)
NOTE:
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw
NOTE:
https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e
(v0.20.1)
CVE-2025-53626 (pdfme is a TypeScript-based PDF generator and React-based UI.
The expr ...)
@@ -1613,7 +1613,7 @@ CVE-2025-7209 (A vulnerability has been found in 9fans
plan9port up to 9da5b44 a
CVE-2025-7208 (A vulnerability was found in 9fans plan9port up to 9da5b44. It
has bee ...)
NOT-FOR-US: plan9port
CVE-2025-7207 (A vulnerability, which was classified as problematic, was found
in mru ...)
- - mruby <unfixed>
+ - mruby <unfixed> (bug #1109338)
[bookworm] - mruby <no-dsa> (Minor issue)
[bullseye] - mruby <postponed> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/6509
@@ -4802,11 +4802,11 @@ CVE-2025-53076 (Improper Input Validation vulnerability
in Samsung Open Source r
NOTE: Introduces with:
https://github.com/Samsung/rlottie/commit/ee18d81c463df64052de3680366971cfdb179f4a
NOTE: Fxied by:
https://github.com/Samsung/rlottie/commit/36ddb42d78d1b13c1b1d7e1699aef8a9f339ab6f
CVE-2025-53075 (Improper Input Validation vulnerability in Samsung Open Source
rLottie ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1109341)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE:
https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-53074 (Out-of-bounds Read vulnerability in Samsung Open Source
rLottie allows ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1109341)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE:
https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2025-46014 (Several services in Honor Device Co., Ltd Honor PC Manager
v16.0.0.118 ...)
@@ -4832,7 +4832,7 @@ CVE-2025-38087 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b160766e26d4e2e2d6fe2294e0b02f92baefcec5 (6.16-rc3)
CVE-2025-0634 (Use After Free vulnerability in Samsung Open Source rLottie
allows Rem ...)
- - rlottie <unfixed>
+ - rlottie <unfixed> (bug #1109341)
NOTE: https://github.com/Samsung/rlottie/pull/571
NOTE:
https://github.com/Samsung/rlottie/commit/507ea027e47d3e1dc7ddbd9994621215eae7ebb9
CVE-2015-20112 (RLPx 5 has two CTR streams based on the same key, IV, and
nonce. This ...)
@@ -5576,10 +5576,9 @@ CVE-2025-52902 (File Browser provides a file managing
interface within a specifi
CVE-2025-52900 (File Browser provides a file managing interface within a
specified dir ...)
NOT-FOR-US: filebrowser
CVE-2025-52887 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
- - cpp-httplib <unfixed>
+ - cpp-httplib <unfixed> (bug #1109340)
NOTE:
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjhg-gf59-p92h
NOTE:
https://github.com/yhirose/cpp-httplib/commit/28dcf379e82a2cdb544d812696a7fd46067eb7f9
(v0.22.0)
- TODO: double check if only affects 0.21.0 version
CVE-2025-52573 (iOS Simulator MCP Server (ios-simulator-mcp) is a Model
Context Protoc ...)
NOT-FOR-US: iOS Simulator MCP Server (ios-simulator-mcp)
CVE-2025-52477 (Octo-STS is a GitHub App that acts like a Security Token
Service (STS) ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/662629f7c7fb32e7e7774ab482529e0817acafac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/662629f7c7fb32e7e7774ab482529e0817acafac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
