Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3c0acad2 by Moritz Muehlenhoff at 2025-08-15T15:46:50+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18072,6 +18072,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had
worse-case quadratic complex
- pypy3 <unfixed>
[bullseye] - pypy3 <postponed> (Minor issue; DoS)
- jython <unfixed> (bug #1109376)
+ [trixie] - jython <no-dsa> (Minor issue)
[bookworm] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/K5PIYLR6EP3WR7ZOKKYQUWEDNQVUXOYM/
@@ -22695,6 +22696,7 @@ CVE-2025-49113 (Roundcube Webmail before 1.5.10 and
1.6.x before 1.6.11 allows r
CVE-2025-49112 (setDeferredReply in networking.c in Valkey through 8.1.1 has
an intege ...)
- redict 7.3.5+ds-1 (bug #1107212)
- redis <unfixed> (bug #1107211)
+ [trixie] - redis <postponed> (Minor issue; can be fixed along with next
DSA)
[bookworm] - redis <postponed> (Minor issue; can be fixed along with
next DSA)
[bullseye] - redis <postponed> (Minor issue; can be fixed along with
next DLA)
- valkey 8.1.1+dfsg1-2 (bug #1107210)
@@ -25073,6 +25075,7 @@ CVE-2025-4969 (A vulnerability was found in the libsoup
package. This flaw stems
- libsoup3 3.6.5-2 (bug #1106248)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1106325)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/467
@@ -25712,6 +25715,7 @@ CVE-2025-4948 (A flaw was found in the
soup_multipart_new_from_message() functio
- libsoup3 3.6.5-2 (bug #1106204)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1106337)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/449
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/463
@@ -25719,6 +25723,7 @@ CVE-2025-4945 (A flaw was found in the cookie parsing
logic of the libsoup HTTP
- libsoup3 3.6.5-2 (bug #1106205)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1106375)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/448
CVE-2025-4941 (A vulnerability, which was classified as critical, was found in
PHPGur ...)
@@ -27296,6 +27301,7 @@ CVE-2025-4476 (A denial-of-service vulnerability has
been identified in the libs
- libsoup3 3.6.5-2 (bug #1105887)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1107757)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457
@@ -33623,8 +33629,10 @@ CVE-2024-10635 (Enterprise Protection contains an
improper input validation vuln
NOT-FOR-US: Proofpoint
CVE-2025-4035 (A flaw was found in libsoup. When handling cookies, libsoup
clients mi ...)
- libsoup3 <unfixed> (bug #1104414)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1104415)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2362651
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/443
@@ -34372,6 +34380,7 @@ CVE-2025-46421 (A flaw was found in libsoup. When
libsoup clients encounter an H
- libsoup3 3.6.5-1
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1104054)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/436
@@ -38063,6 +38072,7 @@ CVE-2025-32907 (A flaw was found in libsoup. The
implementation of HTTP range re
- libsoup3 3.6.5-2 (bug #1103264)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1103518)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
NOTE: See also
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452
@@ -41118,8 +41128,10 @@ CVE-2025-32050 (A flaw was found in libsoup. The
libsoup append_param_quoted() f
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/9bb0a55de55c6940ced811a64fbca82fe93a9323
(3.6.1)
CVE-2025-32049 (A flaw was found in libsoup. The SoupWebsocketConnection may
accept a ...)
- libsoup3 <unfixed> (bug #1102067)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1102211)
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408
@@ -46618,6 +46630,7 @@ CVE-2024-44199 (An out-of-bounds read was addressed
with improved input validati
NOT-FOR-US: Apple
CVE-2024-13903 (A vulnerability was found in quickjs-ng QuickJS up to 0.8.0.
It has be ...)
- quickjs <unfixed> (bug #1100987)
+ [trixie] - quickjs <no-dsa> (Minor issue)
NOTE: https://github.com/quickjs-ng/quickjs/issues/775
NOTE:
https://github.com/quickjs-ng/quickjs/commit/99c02eb45170775a9a679c32b45dd4000ea67aff
(v0.9.0)
CVE-2025-30160 (Redlib is an alternative private front-end to Reddit. A
vulnerability ...)
@@ -78789,6 +78802,7 @@ CVE-2024-55634 (A vulnerability in Drupal Core allows
Privilege Escalation.This
- drupal7 <not-affected> (Only affects Drupal 8 and later)
CVE-2024-55601 (Hugo is a static site generator. Starting in version 0.123.0
and prior ...)
- hugo <unfixed> (bug #1089683)
+ [trixie] - hugo <no-dsa> (Minor issue)
[bookworm] - hugo <not-affected> (Vulnerable code introduced later)
[bullseye] - hugo <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-c2xf-9v2r-r2rx
@@ -96037,6 +96051,7 @@ CVE-2024-45271 (An unauthenticated local attacker can
gain admin privileges by d
NOT-FOR-US: MB connect line GmbH
CVE-2024-44337 (The package `github.com/gomarkdown/markdown` is a Go library
for parsi ...)
- golang-github-gomarkdown-markdown <unfixed> (bug #1085377)
+ [trixie] - golang-github-gomarkdown-markdown <no-dsa> (Minor issue)
[bookworm] - golang-github-gomarkdown-markdown <no-dsa> (Minor issue)
NOTE: https://github.com/Brinmon/CVE-2024-44337
NOTE:
https://github.com/gomarkdown/markdown/commit/a2a9c4f76ef5a5c32108e36f7c47f8d310322252
@@ -106978,7 +106993,8 @@ CVE-2024-42852 (Cross Site Scripting vulnerability in
AcuToWeb server v.10.5.0.7
NOT-FOR-US: AcuToWeb server
CVE-2024-42845 (An eval Injection vulnerability in the component
invesalius/reader/dic ...)
- invesalius <unfixed> (bug #1082875)
- [bookworm] - invesalius <postponed> (Minor issue, revisit when fixed
upstream)
+ [trixie] - invesalius <no-dsa> (Minor issue)
+ [bookworm] - invesalius <no-dsa> (Minor issue)
[bullseye] - invesalius <postponed> (Minor issue)
NOTE:
https://github.com/partywavesec/invesalius3_vulnerabilities/tree/main/CVE-2024-42845
NOTE:
https://github.com/invesalius/invesalius3/commit/020cd6056c30105a870cfea99939282b6ec5640b
@@ -159369,6 +159385,7 @@ CVE-2024-1979 (A vulnerability was found in Quarkus.
In certain conditions relat
NOT-FOR-US: Quarkus
CVE-2023-5685 (A flaw was found in XNIO. The XNIO NotifierState that can cause
a Stac ...)
- jboss-xnio <unfixed> (bug #1065847)
+ [trixie] - jboss-xnio <ignored> (Minor issue)
[bookworm] - jboss-xnio <ignored> (Minor issue)
[bullseye] - jboss-xnio <no-dsa> (Minor issue)
[buster] - jboss-xnio <no-dsa> (Minor issue)
@@ -174239,6 +174256,7 @@ CVE-2023-50837 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: WordPress plugin
CVE-2023-50572 (An issue in the component GroovyEngine.execute of jline-groovy
v3.24.1 ...)
- jline3 <unfixed> (bug #1059726)
+ [trixie] - jline3 <ignored> (Minor issue)
[bookworm] - jline3 <ignored> (Minor issue)
[bullseye] - jline3 <no-dsa> (Minor issue)
- jline2 <not-affected> (Only affects 3.x)
@@ -188114,6 +188132,7 @@ CVE-2023-5072 (Denial of Service in JSON-Java
versions up to and including 2023
[bullseye] - libjson-java <no-dsa> (Minor issue)
[buster] - libjson-java <no-dsa> (Minor issue)
- jenkins-json <unfixed> (bug #1053883)
+ [trixie] - jenkins-json <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - jenkins-json <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - jenkins-json <no-dsa> (Minor issue)
[buster] - jenkins-json <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0acad29d97d5a76449d7978f992be7e1015a92
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0acad29d97d5a76449d7978f992be7e1015a92
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
