Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e83b8884 by Moritz Muehlenhoff at 2025-08-20T20:48:21+02:00
bookworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2201,6 +2201,8 @@ CVE-2025-55194 (Part-DB is an open source inventory
management system for electr
NOT-FOR-US: Part-DB
CVE-2025-55193 (Active Record connects classes to relational database tables.
Prior to ...)
- rails <unfixed> (bug #1111106)
+ [trixie] - rails <no-dsa> (Minor issue)
+ [bookworm] - rails <no-dsa> (Minor issue)
NOTE:
https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776
NOTE:
https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290
(v7.1.5.2)
NOTE:
https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202
(v7.2.2.2)
@@ -3971,6 +3973,7 @@ CVE-2025-50675 (GPMAW 14, a bioinformatics software, has
a critical vulnerabilit
NOT-FOR-US: GPMAW
CVE-2025-47808 (In GStreamer through 1.26.1, the subparse plugin's
tmplayer_parse_line ...)
- gst-plugins-base1.0 1.26.2-1
+ [bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0003.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132
@@ -3978,6 +3981,7 @@ CVE-2025-47808 (In GStreamer through 1.26.1, the subparse
plugin's tmplayer_pars
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9b810e83d0f4135cf5a066da8b9430cf6e375d29
(1.26.2)
CVE-2025-47807 (In GStreamer through 1.26.1, the subparse plugin's
subrip_unescape_for ...)
- gst-plugins-base1.0 1.26.2-1
+ [bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0002.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/9132
@@ -3985,12 +3989,14 @@ CVE-2025-47807 (In GStreamer through 1.26.1, the
subparse plugin's subrip_unesca
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0711a31221a27c076dde3b9716cbcabf85088fa5
(1.26.2)
CVE-2025-47806 (In GStreamer through 1.26.1, the subparse plugin's
parse_subrip_time f ...)
- gst-plugins-base1.0 1.26.2-1
+ [bookworm] - gst-plugins-base1.0 <no-dsa> (Minor issue)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0006.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/edca7f83d107fb6a55dbd46196fc40b99857a85e
(1.27.1)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d
(1.26.2)
CVE-2025-47219 (In GStreamer through 1.26.1, the isomp4 plugin's
qtdemux_parse_trak fu ...)
- gst-plugins-good1.0 1.26.2-1
+ [bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0004.html
NOTE: For 1.26.y major refactoring fixing the issue:
@@ -4002,6 +4008,7 @@ CVE-2025-47188 (A vulnerability in the Mitel 6800 Series,
6900 Series, and 6900w
NOT-FOR-US: Mitel
CVE-2025-47183 (In GStreamer through 1.26.1, the isomp4 plugin's
qtdemux_parse_tree fu ...)
- gst-plugins-good1.0 1.26.2-1
+ [bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
NOTE:
https://github.com/atredispartners/advisories/blob/master/2025/ATREDIS-2025-0003.md
NOTE: https://gstreamer.freedesktop.org/security/sa-2025-0005.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/48bf6a92d75051be7e5ffb66fcd1a49de74fe865
(1.27.1)
@@ -7980,6 +7987,8 @@ CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU
transmits sensitive data witho
NOT-FOR-US: DuraComm
CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the
OISF (O ...)
- suricata <unfixed> (bug #1109806)
+ [trixie] - suricata <no-dsa> (Minor issue)
+ [bookworm] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3
NOTE: Fixed by:
https://github.com/OISF/suricata/commit/1d6d331752e933c46aca0ae7a9679b27462246e3
(suricata-8.0.0)
NOTE: Fixed by:
https://github.com/OISF/suricata/commit/7fa88ea9e7d05e07a7864050cfd836b576669720
(suricata-7.0.11)
@@ -8432,6 +8441,8 @@ CVE-2025-38352 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/f90fff1e152dedf52b932240ebbd670d83330eca (6.16-rc2)
CVE-2025-7962 (In Jakarta Mail 2.0.2 it is possible to preform a SMTP
Injection by ut ...)
- jakarta-mail <unfixed> (bug #1109804)
+ [trixie] - jakarta-mail <no-dsa> (Minor issue)
+ [bookworm] - jakarta-mail <no-dsa> (Minor issue)
[bullseye] - jakarta-mail <postponed> (Minor issue)
- javamail <unfixed> (bug #1109824)
[bullseye] - javamail <postponed> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e83b8884a6d20f9eb30c1996f30b497ac20a221e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e83b8884a6d20f9eb30c1996f30b497ac20a221e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
