[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) Tue, 19 Aug 2025 06:26:35 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f5959785 by Moritz Muehlenhoff at 2025-08-19T15:26:03+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4667,6 +4667,7 @@ CVE-2025-49832 (Asterisk is an open source private branch 
exchange and telephony
        NOTE: Fixed by: 
https://github.com/asterisk/asterisk/commit/f8c6ad7916a9d233eb9e685365132e0435535216
 (22.5.1)
 CVE-2025-48074 (OpenEXR provides the specification and reference 
implementation of the ...)
        - openexr <unfixed> (bug #1110261)
+       [trixie] - openexr <no-dsa> (Minor issue)
        [bookworm] - openexr <no-dsa> (Minor issue)
        [bullseye] - openexr <postponed> (Minor issue)
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf
@@ -14701,6 +14702,7 @@ CVE-2025-6854 (A vulnerability classified as 
problematic was found in chatchat-s
 CVE-2025-5878 (A vulnerability was found in ESAPI esapi-java-legacy and 
classified as ...)
        {DLA-4246-1}
        - libowasp-esapi-java <unfixed> (bug #1109378)
+       [trixie] - libowasp-esapi-java <no-dsa> (Minor issue)
        [bookworm] - libowasp-esapi-java <no-dsa> (Minor issue)
        NOTE: 
https://github.com/ESAPI/esapi-java-legacy/commit/f75ac2c2647a81d2cfbdc9c899f8719c240ed512
 (esapi-2.7.0.0)
        NOTE: 
https://github.com/ESAPI/esapi-java-legacy/commit/e2322914304d9b1c52523ff24be495b7832f6a56
 (esapi-2.7.0.0)
@@ -18798,7 +18800,8 @@ CVE-2025-1562 (The Recover WooCommerce Cart 
Abandonment, Newsletter, Email Marke
        NOT-FOR-US: WordPress plugin
 CVE-2025-48945 (pycares is a Python module which provides an interface to 
c-ares. c-ar ...)
        - pycares <unfixed> (bug #1109377)
-       [bookworm] - pycares <no-dsa> (Minor issue, too intrusive to backport)
+       [trixie] - pycares <ignored> (Minor issue, too intrusive to backport)
+       [bookworm] - pycares <ignored> (Minor issue, too intrusive to backport)
        [bullseye] - pycares <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: 
https://github.com/saghul/pycares/security/advisories/GHSA-5qpg-rh4j-qp35
        NOTE: Fixed by: 
https://github.com/saghul/pycares/commit/ebfd7d71eb8e74bc1057a361ea79a5906db510d4
 (v4.9.0)
@@ -19361,6 +19364,7 @@ CVE-2025-4748 (Improper Limitation of a Pathname to a 
Restricted Directory ('Pat
        NOTE: 
https://github.com/erlang/otp/commit/10608879c81332af2d3c00db61ee173c93c1ea4e 
(OTP-26.2.5.13, OTP-27.3.4.1)
 CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse 
untrusted P ...)
        - protobuf <unfixed> (bug #1108057)
+       [trixie] - protobuf <no-dsa> (Minor issue)
        [bookworm] - protobuf <no-dsa> (Minor issue)
        [bullseye] - protobuf <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: 
https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
@@ -101921,6 +101925,7 @@ CVE-2024-8364 (The WP Custom Fields Search plugin for 
WordPress is vulnerable to
        NOT-FOR-US: WordPress plugin
 CVE-2024-7254 (Any project that parses untrusted Protocol Buffers 
datacontaining an a ...)
        - protobuf <unfixed> (bug #1082381)
+       [trixie] - protobuf <no-dsa> (Minor issue)
        [bookworm] - protobuf <no-dsa> (Minor issue)
        [bullseye] - protobuf <postponed> (Minor issue)
        NOTE: 
https://github.com/protocolbuffers/protobuf/commit/b7044987de77f1dc368fee558636d0b56d7e75e1
 (v3.25.5)
@@ -187603,6 +187608,7 @@ CVE-2023-45805 (pdm is a Python package and 
dependency manager supporting the la
        NOTE: 
https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831
 (2.10.0)
 CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior 
to 2.2. ...)
        - libxml-security-java <unfixed> (bug #1059313)
+       [trixie] - libxml-security-java <no-dsa> (Minor issue)
        [bookworm] - libxml-security-java <no-dsa> (Minor issue)
        [bullseye] - libxml-security-java <no-dsa> (Minor issue)
        [buster] - libxml-security-java <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59597853f5339e997a4ddc1edae46ef984cca51

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f59597853f5339e997a4ddc1edae46ef984cca51
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie triage

Reply via email to