Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
651c5e5d by Moritz Muehlenhoff at 2025-09-08T14:41:48+02:00
boomworm/trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -264,6 +264,8 @@ CVE-2025-57807 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick6/commit/ab1bb3d8ed06d0ed6aa5038b6a74aebf53af9ccf
(6.9.13-29)
CVE-2025-7709 [Integer Overflow in FTS5 Extension]
- sqlite3 <unfixed> (bug #1114609)
+ [trixie] - sqlite3 <no-dsa> (Minor issue)
+ [bookworm] - sqlite3 <no-dsa> (Minor issue)
[bullseye] - sqlite3 <not-affected> (The vulnerable code was introduced
later)
NOTE:
https://github.com/google/security-research/security/advisories/GHSA-v2c8-vqqp-hv3g
NOTE: Fixed by: https://sqlite.org/src/info/63595b74956a9391
@@ -2715,6 +2717,8 @@ CVE-2025-4643 (Payload uses JSON Web Tokens (JWT) for
authentication. After log
NOT-FOR-US: Payload
CVE-2025-47909 (Hosts listed in TrustedOrigins implicitly allow requests from
the corr ...)
- golang-github-gorilla-csrf <unfixed>
+ [trixie] - golang-github-gorilla-csrf <no-dsa> (Minor issue)
+ [bookworm] - golang-github-gorilla-csrf <no-dsa> (Minor issue)
NOTE: https://github.com/golang/vulndb/issues/3884
NOTE: https://github.com/advisories/GHSA-82ff-hg59-8x73
CVE-2025-44033 (SQL injection vulnerability in oa_system oasys v.1.1 allows a
remote a ...)
@@ -3893,6 +3897,8 @@ CVE-2025-57805 (The Scratch Channel is a news website. In
versions 1 and 1.1, a
CVE-2025-57804 (h2 is a pure-Python implementation of a HTTP/2 protocol stack.
Prior t ...)
{DLA-4290-1}
- python-h2 <unfixed> (bug #1112348)
+ [trixie] - python-h2 <no-dsa> (Minor issue)
+ [bookworm] - python-h2 <no-dsa> (Minor issue)
NOTE:
https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h
NOTE:
https://github.com/python-hyper/h2/commit/883ed37be42592b2f0aa0caddab6ca5e3d668fa3
(v4.3.0)
NOTE:
https://github.com/python-hyper/h2/commit/035e9899f95e3709af098f578bfc3cd302298e3a
(v4.3.0)
@@ -4114,6 +4120,8 @@ CVE-2025-44178 (DASAN GPON ONU H660WM H660WMR210825 is
susceptible to improper a
NOT-FOR-US: DASAN GPON ONU H660WM
CVE-2025-43960 (Adminer 4.8.1, when using Monolog for logging, allows a Denial
of Serv ...)
- adminer <unfixed>
+ [trixie] - adminer <no-dsa> (Minor issue)
+ [bookworm] - adminer <no-dsa> (Minor issue)
NOTE: https://github.com/far00t01/CVE-2025-43960
TODO: check, does not seem to be fixed in 4.8.2 and later versions
CVE-2025-3478 (A Stored Cross-Site Scripting (XSS) vulnerability has been
identified ...)
@@ -14824,7 +14832,7 @@ CVE-2025-7784 (A flaw was found in the Keycloak
identity and access management s
CVE-2025-7783 (Use of Insufficiently Random Values vulnerability in form-data
allows ...)
{DLA-4261-1}
- node-form-data 4.0.1-2 (bug #1109551)
- [bookworm] - node-form-data 4.0.1-1+deb12u1
+ [bookworm] - node-form-data 4.0.0-1+deb12u1
NOTE:
https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4
NOTE: Fixed by:
https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0
(v4.0.4)
CVE-2025-7697 (The Integration for Google Sheets and Contact Form 7, WPForms,
Element ...)
@@ -46464,6 +46472,7 @@ CVE-2017-20197 (A vulnerability was found in
propanetank Roommate-Bill-Tracking
NOT-FOR-US: Roommate-Bill-Tracking
CVE-2025-30215 (NATS-Server is a High-Performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.10.27-1
+ [bookworm] - nats-server <no-dsa> (Minor issue)
NOTE: https://advisories.nats.io/CVE/secnote-2025-01.txt
CVE-2025-3442 (This vulnerability exists in TP-Link TapoH200 V1 IoT Smart Hub
due to ...)
NOT-FOR-US: TP-Link
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651c5e5d5ec065891aed05c2339a8a3fd72b2f33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/651c5e5d5ec065891aed05c2339a8a3fd72b2f33
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
