Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
82459c9d by security tracker role at 2025-07-27T20:12:37+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,39 @@
+CVE-2025-8240 (A vulnerability, which was classified as critical, has been
found in c ...)
+ TODO: check
+CVE-2025-8239 (A vulnerability classified as critical was found in
code-projects Exam ...)
+ TODO: check
+CVE-2025-8238 (A vulnerability classified as critical has been found in
code-projects ...)
+ TODO: check
+CVE-2025-8237 (A vulnerability was found in code-projects Exam Form Submission
1.0. I ...)
+ TODO: check
+CVE-2025-8236 (A vulnerability was found in code-projects Online Ordering
System 1.0. ...)
+ TODO: check
+CVE-2025-8235 (A vulnerability was found in code-projects Online Ordering
System 1.0. ...)
+ TODO: check
+CVE-2025-8234 (A vulnerability was found in code-projects Online Ordering
System 1.0 ...)
+ TODO: check
+CVE-2025-8233 (A vulnerability has been found in code-projects Online Ordering
System ...)
+ TODO: check
+CVE-2025-8232 (A vulnerability, which was classified as critical, was found in
code-p ...)
+ TODO: check
+CVE-2025-8231 (A vulnerability, which was classified as critical, has been
found in D ...)
+ TODO: check
+CVE-2025-8230 (A vulnerability classified as critical was found in Campcodes
Courier ...)
+ TODO: check
+CVE-2025-8229 (A vulnerability classified as critical has been found in
Campcodes Cou ...)
+ TODO: check
+CVE-2025-8228 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2.
It has ...)
+ TODO: check
+CVE-2025-8227 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2.
It has ...)
+ TODO: check
+CVE-2025-8226 (A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2.
It has ...)
+ TODO: check
+CVE-2024-58263 (The cosmwasm-std crate before 2.0.2 for Rust allows integer
overflows ...)
+ TODO: check
+CVE-2024-58262 (The curve25519-dalek crate before 4.1.3 for Rust has a
constant-time o ...)
+ TODO: check
+CVE-2024-58261 (The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows
an infi ...)
+ TODO: check
CVE-2025-8225 (A vulnerability was found in GNU Binutils 2.44 and classified
as probl ...)
- binutils <unfixed> (unimportant)
NOTE:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
@@ -1230,7 +1266,7 @@ CVE-2025-54090 (A bug in Apache HTTP Server 2.4.64
results in all "RewriteCond e
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-54090
NOTE: Fixed by:
https://github.com/apache/httpd/commit/8abb3d06b23975705ebcf4bf4476464fd0b9bd0b
CVE-2025-8035 (Memory safety bugs present in Firefox ESR 128.12, Thunderbird
ESR 128. ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1241,7 +1277,7 @@ CVE-2025-8040 (Memory safety bugs present in Firefox ESR
140.0, Thunderbird ESR
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8040
CVE-2025-8034 (Memory safety bugs present in Firefox ESR 115.25, Firefox ESR
128.12, ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1252,7 +1288,7 @@ CVE-2025-8044 (Memory safety bugs present in Firefox 140
and Thunderbird 140. So
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8044
CVE-2025-8033 (The JavaScript engine did not handle closed generators
correctly and i ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1266,7 +1302,7 @@ CVE-2025-8038 (Thunderbird ignored paths when checking
the validity of navigatio
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8038
CVE-2025-8032 (XSLT document loading did not correctly propagate the source
document ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1274,7 +1310,7 @@ CVE-2025-8032 (XSLT document loading did not correctly
propagate the source docu
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8032
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8032
CVE-2025-8031 (The `username:password` part was not correctly stripped from
URLs in C ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1285,7 +1321,7 @@ CVE-2025-8043 (Focus incorrectly truncated URLs towards
the beginning instead of
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8043
CVE-2025-8030 (Insufficient escaping in the \u201cCopy as cURL\u201d feature
could po ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1299,7 +1335,7 @@ CVE-2025-8036 (Thunderbird cached CORS preflight
responses across IP address cha
- firefox 141.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8036
CVE-2025-8029 (Thunderbird executed `javascript:` URLs when used in `object`
and `emb ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1313,7 +1349,7 @@ CVE-2025-8041
- firefox <not-affected> (Only affects Firefox on Android)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/#CVE-2025-8041
CVE-2025-8028 (On arm64, a WASM `br_table` instruction with a lot of entries
could le ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -1321,7 +1357,7 @@ CVE-2025-8028 (On arm64, a WASM `br_table` instruction
with a lot of entries cou
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/#CVE-2025-8028
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/#CVE-2025-8028
CVE-2025-8027 (On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the
64-bit ret ...)
- {DSA-5964-1 DLA-4253-1 DLA-4250-1}
+ {DSA-5966-1 DSA-5964-1 DLA-4253-1 DLA-4250-1}
- firefox 141.0-1
- firefox-esr 128.13.0esr-1
- thunderbird 1:128.13.0esr-1
@@ -6677,18 +6713,21 @@ CVE-2025-49087 (In Mbed TLS 3.6.1 through 3.6.3 before
3.6.4, a timing discrepan
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md
CVE-2025-6491 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.*
before ...)
+ {DLA-4254-1}
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x
NOTE: Fixed by:
https://github.com/php/php-src/commit/9cb3d8d200f0c822b17bda35a2a67a97b039d3e1
(php-8.1.33)
CVE-2025-1220 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.*
before ...)
+ {DLA-4254-1}
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE:
https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r
NOTE: Fixed by:
https://github.com/php/php-src/commit/cac8f7f1cf4939f55f06b68120040f057682d89c
(php-8.1.33)
CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.*
before ...)
+ {DLA-4254-1}
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82459c9d07863ae0d50752951ecea5d8a2c74093
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82459c9d07863ae0d50752951ecea5d8a2c74093
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
