Merge remote-tracking branch 'freebsd/main' into lf/main

author: Lexi Winter <ivy@FreeBSD.org> 2025-10-05 09:19:31 +0100
committer: Lexi Winter <ivy@FreeBSD.org> 2025-10-05 09:19:31 +0100
commit: f85f2b2d6e5b7ed869376eb4b180c3a74a5c5da9 (patch)
tree: ad799ccacfb459b809b02b9c115ed4befb93b4c1 /security/vuxml
parent: 0b1510fe1f98f82da6f3481cb6c58957022d9211 (diff)
parent: b057c68280a2f2a7b3d1fbac36f7b034e1fdf593 (diff)
10 files changed, 1843 insertions, 26 deletions
diff --git a/security/vuxml/vuln/2015.xml b/security/vuxml/vuln/2015.xml
index 36997bebdfe4..3f343f329e9d 100644
--- a/security/vuxml/vuln/2015.xml
+++ b/security/vuxml/vuln/2015.xml
@@ -17642,7 +17642,7 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>MIT krb5 Security Advisory 2015-001 reports:</p>
 	<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt">
 	  <p>CVE-2014-5352: In the MIT krb5 libgssapi_krb5 library, after
 	     gss_process_context_token() is used to process a valid context
diff --git a/security/vuxml/vuln/2017.xml b/security/vuxml/vuln/2017.xml
index 66964ad2a106..8fca5b4c468b 100644
--- a/security/vuxml/vuln/2017.xml
+++ b/security/vuxml/vuln/2017.xml
@@ -4548,7 +4548,7 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>Meta CPAN reports:</p>
 	<blockquote cite="https://metacpan.org/changes/release/SHAY/perl-5.26.1#Security">
 	  <p>CVE-2017-12814: $ENV{$key} stack buffer overflow on Windows</p>
 	  <p>A possible stack buffer overflow in the %ENV code on Windows has been
diff --git a/security/vuxml/vuln/2018.xml b/security/vuxml/vuln/2018.xml
index ccf9fab5631e..70d128471a3a 100644
--- a/security/vuxml/vuln/2018.xml
+++ b/security/vuxml/vuln/2018.xml
@@ -1314,7 +1314,7 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The PHPMailer Team reports:</p>
 	<blockquote cite="https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6">
 	  <p>CVE-2018-19296:Fix potential object injection vulnerability.</p>
 	</blockquote>
@@ -1889,7 +1889,7 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The GitLab Team reports:</p>
 	<blockquote cite="https://about.gitlab.com/2018/11/01/critical-security-release-gitlab-11-dot-4-dot-4-released/">
 	  <p>SSRF in Kubernetes integration</p>
 	</blockquote>
diff --git a/security/vuxml/vuln/2019.xml b/security/vuxml/vuln/2019.xml
index bbb8785ae92e..9fdca5d18b3e 100644
--- a/security/vuxml/vuln/2019.xml
+++ b/security/vuxml/vuln/2019.xml
@@ -2532,7 +2532,7 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The GitLab Team reports:</p>
 	<blockquote cite="https://about.gitlab.com/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/">
 	  <p>XSS in Markdown Preview Using Mermaid</p>
 	  <p>Bypass Email Verification using Salesforce Authentication</p>
@@ -3964,7 +3964,7 @@ directly evident from logs.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>Frederic Cambus reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2019-13207">
 	  <p>nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer
 	    Overflow in the dname_concatenate() function in dname.c.</p>
@@ -4134,7 +4134,7 @@ or the current user.</p>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The Apache Team reports:</p>
 	<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.4">
 	  <h1>SECURITY: CVE-2019-10081</h1>
 	  <p>mod_http2: HTTP/2 very early pushes, for example configured with "H2PushResource",
diff --git a/security/vuxml/vuln/2020.xml b/security/vuxml/vuln/2020.xml
index 138f108b0578..77f8e44c0d2b 100644
--- a/security/vuxml/vuln/2020.xml
+++ b/security/vuxml/vuln/2020.xml
@@ -13152,7 +13152,7 @@ whitespace)
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The GitLab Team reports:</p>
 	<blockquote cite="https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/">
 	  <p>Group Maintainers Can Update/Delete Group Runners Using API</p>
 	  <p>GraphQL Queries Can Hang the Application</p>
diff --git a/security/vuxml/vuln/2021.xml b/security/vuxml/vuln/2021.xml
index 12c2d0bcdc77..4b6c9e9f7b0f 100644
--- a/security/vuxml/vuln/2021.xml
+++ b/security/vuxml/vuln/2021.xml
@@ -8873,7 +8873,7 @@ In limited circumstances it was possible for users to authenticate using variati
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>GitLab Team reports:</p>
 	<blockquote cite="https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/">
 	  <p>Remote code execution when uploading specially crafted image files</p>
 	  <p>Update Rexml</p>
@@ -11170,7 +11170,7 @@ raptor_xml_writer_start_element_common.</p>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The oauth2-proxy Team reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-21291">
 	  <p>In OAuth2 Proxy before version 7.0.0, for users that use the
 	     whitelist domain feature, a domain that ended in a similar way to
@@ -12044,7 +12044,7 @@ raptor_xml_writer_start_element_common.</p>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>NVD reports:</p>
 	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2020-15900">
 	  <p>A memory corruption issue was found in Artifex
 	  Ghostscript 9.50 and 9.52. Use of a non-standard
@@ -12123,7 +12123,7 @@ raptor_xml_writer_start_element_common.</p>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The GitLab Team reports:</p>
 	<blockquote cite="https://about.gitlab.com/releases/2021/01/14/critical-security-release-gitlab-13-7-4-released/">
 	  <p>Ability to steal a user's API access token through GitLab Pages</p>
 	</blockquote>
diff --git a/security/vuxml/vuln/2022.xml b/security/vuxml/vuln/2022.xml
index ed08974d84aa..2d1a028b23bf 100644
--- a/security/vuxml/vuln/2022.xml
+++ b/security/vuxml/vuln/2022.xml
@@ -1583,8 +1583,8 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
-	<blockquote cite="INSERT URL HERE">
+	<p>CVE.org reports:</p>
+	<blockquote cite="https://www.cve.org/CVERecord?id=CVE-2022-43995">
 	  <p>Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
 	     contains a plugins/sudoers/auth/passwd.c array-out-of-bounds
 	     error that can result in a heap-based buffer over-read. This
@@ -5040,7 +5040,7 @@
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The Django Project reports:</p>
 	<blockquote cite="https://www.djangoproject.com/weblog/2022/jul/04/security-releases/">
 	  <p>CVE-2022-34265: Potential SQL injection via Trunc(kind) and
 	    Extract(lookup_name) arguments.</p>
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 9d6a9444af0b..0e917c8c007b 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1852,7 +1852,7 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417).
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The OpenSSL team reports:</p>
 	<blockquote cite="https://www.openssl.org/news/secadv/20231024.txt">
 	  <p>Moderate severity: A bug has been identified in the processing
 	    of key and initialisation vector (IV) lengths. This can lead to
@@ -5516,7 +5516,7 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417).
     <affects>
       <package>
 	<name>krb5</name>
-	<range><lt>1.21.1_1</lt></range>
+	<range><gt>1.20</gt><lt>1.21.1_1</lt></range>
       </package>
       <package>
 	<name>krb5-121</name>
@@ -5524,12 +5524,12 @@ Reported by Niccolo Belli and WIPocket (Github #400, #417).
       </package>
       <package>
 	<name>krb5-devel</name>
-	<range><lt>1.22.2023.08.07</lt></range>
+	<range><gt>1.20</gt><lt>1.22.2023.08.07</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The MIT krb5 Team reports:</p>
 	<blockquote cite="https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840">
 	  <p>When issuing a ticket for a TGS renew or validate request, copy
 	     only the server field from the outer part of the header ticket
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 64f19bfb38aa..fbc958655802 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -5885,7 +5885,7 @@ All of these are related to the CometVisu add-on for openHAB - if you are a user
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The Vaultwarden Team reports:</p>
 	<blockquote cite="https://github.com/dani-garcia/vaultwarden/releases/tag/1.32.0">
 	  <p>This release has several CVE Reports fixed and we recommend
 	    everybody to update to the latest version as soon as possible.</p>
@@ -13486,7 +13486,7 @@ All of these are related to the CometVisu add-on for openHAB - if you are a user
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The OpenSSL Team reports:</p>
 	<blockquote cite="https://www.openssl.org/news/secadv/20240109.txt">
 	  <p>The POLY1305 MAC (message authentication code) implementation
 	    contains a bug that might corrupt the internal state of applications running
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index ad81cb807bd3..806a5ebf596d 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,1816 @@
+  <vuln vid="0af2f18e-a119-11f0-9446-f02f7497ecda">
+    <topic>redis,valkey -- Out of bound read due to a bug in LUA</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+    <range><ge>8.2.0</ge><lt>8.2.2</lt></range>
+      </package>
+      <package>
+	<name>redis80</name>
+    <range><ge>8.0.0</ge><lt>8.0.4</lt></range>
+      </package>
+      <package>
+	<name>redis74</name>
+    <range><ge>7.4.0</ge><lt>7.4.6</lt></range>
+      </package>
+      <package>
+	<name>redis72</name>
+    <range><ge>7.2.0</ge><lt>7.2.11</lt></range>
+      </package>
+      <package>
+	<name>redis62</name>
+    <range><ge>6.2.0</ge><lt>6.2.20</lt></range>
+      </package>
+      <package>
+	<name>valkey</name>
+    <range><lt>8.1.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>redis reports:</p>
+	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f">
+	  <p>
+	    An authenticated user may use a specially crafted LUA script to read
+	    out-of-bound data or crash the server and subsequent denial of
+	    service.
+	    The problem exists in all versions of Redis with Lua scripting
+	    An additional workaround to mitigate the problem without patching
+	    the redis-server executable is to prevent users from executing Lua
+	    scripts. This can be done using ACL to block a script by restricting
+	    both the EVAL and FUNCTION command families.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-46819</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46819</url>
+    </references>
+    <dates>
+      <discovery>2025-10-03</discovery>
+      <entry>2025-10-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="0258d37d-a118-11f0-9446-f02f7497ecda">
+    <topic>redis,valkey -- Running Lua function as a different user</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+    <range><ge>8.2.0</ge><lt>8.2.2</lt></range>
+      </package>
+      <package>
+	<name>redis80</name>
+    <range><ge>8.0.0</ge><lt>8.0.4</lt></range>
+      </package>
+      <package>
+	<name>redis74</name>
+    <range><ge>7.4.0</ge><lt>7.4.6</lt></range>
+      </package>
+      <package>
+	<name>redis72</name>
+    <range><ge>7.2.0</ge><lt>7.2.11</lt></range>
+      </package>
+      <package>
+	<name>redis62</name>
+    <range><ge>6.2.0</ge><lt>6.2.20</lt></range>
+      </package>
+      <package>
+	<name>valkey</name>
+    <range><lt>8.1.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>redis reports:</p>
+    <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp">
+	  <p>
+	    An authenticated user may use a specially crafted Lua script to
+	    manipulate different LUA objects and potentially run their own code
+	    in the context of another user
+	    The problem exists in all versions of Redis with Lua scripting.
+	    An additional workaround to mitigate the problem without patching
+	    the redis-server executable is to prevent users from executing Lua
+	    scripts. This can be done using ACL to block a script by restricting
+	    both the EVAL and FUNCTION command families.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-46818</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46818</url>
+    </references>
+    <dates>
+      <discovery>2025-10-03</discovery>
+      <entry>2025-10-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f6b8de04-a116-11f0-9446-f02f7497ecda">
+    <topic>redis,valkey -- Lua library commands may lead to integer overflow and potential RCE</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+    <range><ge>8.2.0</ge><lt>8.2.2</lt></range>
+      </package>
+      <package>
+	<name>redis80</name>
+    <range><ge>8.0.0</ge><lt>8.0.4</lt></range>
+      </package>
+      <package>
+	<name>redis74</name>
+    <range><ge>7.4.0</ge><lt>7.4.6</lt></range>
+      </package>
+      <package>
+	<name>redis72</name>
+    <range><ge>7.2.0</ge><lt>7.2.11</lt></range>
+      </package>
+      <package>
+	<name>redis62</name>
+    <range><ge>6.2.0</ge><lt>6.2.20</lt></range>
+      </package>
+      <package>
+	<name>valkey</name>
+    <range><lt>8.1.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>redis reports:</p>
+	<blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp">
+	  <p>
+	    An authenticated user may use a specially crafted Lua script to
+	    cause an integer overflow and potentially lead to remote code
+	    execution
+	    The problem exists in all versions of Redis with Lua scripting.
+	    An additional workaround to mitigate the problem without patching
+	    the redis-server executable is to prevent users from executing Lua
+	    scripts. This can be done using ACL to block a script by restricting
+	    both the EVAL and FUNCTION command families.
+	  </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-46817</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46817</url>
+    </references>
+    <dates>
+      <discovery>2025-10-03</discovery>
+      <entry>2025-10-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="17e85cae-a115-11f0-9446-f02f7497ecda">
+    <topic>redis,valkey -- Lua Use-After-Free may lead to remote code execution</topic>
+    <affects>
+      <package>
+	<name>redis</name>
+    <range><ge>8.2.0</ge><lt>8.2.2</lt></range>
+      </package>
+      <package>
+	<name>redis80</name>
+    <range><ge>8.0.0</ge><lt>8.0.4</lt></range>
+      </package>
+      <package>
+	<name>redis74</name>
+    <range><ge>7.4.0</ge><lt>7.4.6</lt></range>
+      </package>
+      <package>
+	<name>redis72</name>
+    <range><ge>7.2.0</ge><lt>7.2.11</lt></range>
+      </package>
+      <package>
+	<name>redis62</name>
+    <range><ge>6.2.0</ge><lt>6.2.20</lt></range>
+      </package>
+      <package>
+	<name>valkey</name>
+    <range><lt>8.1.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>redis reports:</p>
+    <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q">
+      <p>
+	An authenticated user may use a specially crafted Lua script to
+	manipulate the garbage collector, trigger a use-after-free and
+	potentially lead to remote code execution.
+	The problem exists in all versions of Redis with Lua scripting.
+	An additional workaround to mitigate the problem without patching the
+	redis-server executable is to prevent users from executing Lua scripts.
+	This can be done using ACL to restrict EVAL and EVALSHA commands.
+      </p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-49844</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-49844</url>
+    </references>
+    <dates>
+      <discovery>2025-10-03</discovery>
+      <entry>2025-10-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="c27c05a7-a0c8-11f0-8471-4ccc6adda413">
+    <topic>qt6-webengine -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>qt6-pdf</name>
+	<name>qt6-webengine</name>
+	<range><lt>6.9.3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Qt qtwebengine-chromium repo reports:</p>
+	<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based">
+	  <p>Backports for 9 security bugs in Chromium:</p>
+	  <ul>
+	    <li>CVE-2025-9866: Determine whether to bypass redirect checks per request</li>
+	    <li>CVE-2025-10200: Use after free in Serviceworker</li>
+	    <li>CVE-2025-10201: Inappropriate implementation in Mojo</li>
+	    <li>CVE-2025-10500: Use after free in Dawn</li>
+	    <li>CVE-2025-10501: Use after free in WebRTC</li>
+	    <li>CVE-2025-10502: Heap buffer overflow in ANGLE</li>
+	    <li>CVE-2025-10890: Side-channel information leakage in V8 (1/2)</li>
+	    <li>CVE-2025-10891: Integer overflow in V8</li>
+	    <li>CVE-2025-10892: Integer overflow in V8</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9866</cvename>
+      <cvename>CVE-2025-10200</cvename>
+      <cvename>CVE-2025-10201</cvename>
+      <cvename>CVE-2025-10500</cvename>
+      <cvename>CVE-2025-10501</cvename>
+      <cvename>CVE-2025-10502</cvename>
+      <cvename>CVE-2025-10890</cvename>
+      <cvename>CVE-2025-10891</cvename>
+      <cvename>CVE-2025-10892</cvename>
+      <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based</url>
+    </references>
+    <dates>
+      <discovery>2025-09-25</discovery>
+      <entry>2025-10-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="21fba35e-a05f-11f0-a8b8-a1ef31191bc1">
+    <topic>fetchmail -- potential crash when authenticating to SMTP server</topic>
+    <affects>
+      <package>
+	<name>fetchmail</name>
+	<range><ge>5.9.9</ge><lt>6.5.6</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Matthias Andree reports:</p>
+	<blockquote cite="https://www.fetchmail.info/fetchmail-SA-2025-01.txt">
+	  <p>
+	    fetchmail's SMTP client, when configured to authenticate, is
+	    susceptible to a protocol violation where, when a trusted but
+	    malicious or malfunctioning SMTP server responds to an
+	    authentication request with a "334" code but without a following
+	    blank on the line, it will attempt to start reading from memory
+	    address 0x1 to parse the server's SASL challenge. This address is
+	    constant and not under the attacker's control. This event will
+	    usually cause a crash of fetchmail.
+	  </p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-61962</cvename>
+      <url>https://www.fetchmail.info/fetchmail-SA-2025-01.txt</url>
+      <url>https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads</url>
+      <url>https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8</url>
+    </references>
+    <dates>
+      <discovery>2025-10-02</discovery>
+      <entry>2025-10-03</entry>
+      <modified>2025-10-04</modified>
+    </dates>
+  </vuln>
+
+  <vuln vid="169a87de-a157-4558-9f97-a7395a9ae144">
+    <topic>chromium -- multiple security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>141.0.7390.54</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>141.0.7390.54</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html">
+	 <p>This update includes 21 security fixes:</p>
+	 <ul>
+	    <li>[442444724] High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02</li>
+	    <li>[444755026] High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12</li>
+	    <li>[428189824] Medium CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz on 2025-06-27</li>
+	    <li>[397878997] Medium CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen on 2025-02-20</li>
+	    <li>[438226517] Medium CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-08-13</li>
+	    <li>[440523110] Medium CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq  on 2025-08-22</li>
+	    <li>[441917796] Medium CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob on 2025-08-29</li>
+	    <li>[420734141] Medium CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K on 2025-05-28</li>
+	    <li>[443408317] Medium CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-09-06</li>
+	    <li>[439758498] Medium CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep on 2025-08-19</li>
+	    <li>[419721056] Low CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari on 2025-05-23</li>
+	    <li>[439772737] Low CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep on 2025-08-19</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-11205</cvename>
+      <cvename>CVE-2025-11206</cvename>
+      <cvename>CVE-2025-11207</cvename>
+      <cvename>CVE-2025-11208</cvename>
+      <cvename>CVE-2025-11209</cvename>
+      <cvename>CVE-2025-11210</cvename>
+      <cvename>CVE-2025-11211</cvename>
+      <cvename>CVE-2025-11212</cvename>
+      <cvename>CVE-2025-11213</cvename>
+      <cvename>CVE-2025-11215</cvename>
+      <cvename>CVE-2025-11216</cvename>
+      <cvename>CVE-2025-11219</cvename>
+      <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html</url>
+    </references>
+    <dates>
+      <discovery>2025-09-30</discovery>
+      <entry>2025-10-03</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="90fc859e-9fe4-11f0-9fa2-080027836e8b">
+    <topic>Django -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>py39-django42</name>
+	<name>py310-django42</name>
+	<name>py311-django42</name>
+	<range><lt>4.2.25</lt></range>
+      </package>
+      <package>
+	<name>py310-django51</name>
+	<name>py311-django51</name>
+	<range><lt>5.1.13</lt></range>
+      </package>
+      <package>
+	<name>py310-django52</name>
+	<name>py311-django52</name>
+	<range><lt>5.2.7</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Django reports:</p>
+	<blockquote cite="https://www.djangoproject.com/weblog/2025/oct/01/security-releases/">
+	  <p>CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB.</p>
+	  <p>CVE-2025-59682: Potential partial directory-traversal via archive.extract().</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-59681</cvename>
+      <cvename>CVE-2025-59682</cvename>
+      <url>https://www.djangoproject.com/weblog/2025/oct/01/security-releases/</url>
+    </references>
+    <dates>
+      <discovery>2025-10-01</discovery>
+      <entry>2025-10-02</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="cb570d6f-9ea9-11f0-9446-f02f7497ecda">
+    <topic>py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL</topic>
+    <affects>
+      <package>
+	<name>py39-mysql-connector-python</name>
+	<name>py310-mysql-connector-python</name>
+	<name>py311-mysql-connector-python</name>
+	<name>py312-mysql-connector-python</name>
+	<range><lt>9.2.0</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Oracle reports:</p>
+    <blockquote cite="https://www.oracle.com/security-alerts/cpujan2025.html">
+      <p>Vulnerability in the MySQL Connectors product of Oracle MySQL
+      (component: Connector/Python). Supported versions that are affected are
+      9.1.0 and prior. Easily exploitable vulnerability allows high privileged
+      attacker with network access via multiple protocols to compromise MySQL
+      Connectors. Successful attacks require human interaction from a person
+      other than the attacker. Successful attacks of this vulnerability can
+      result in unauthorized creation, deletion or modification access to
+      critical data or all MySQL Connectors accessible data as well as
+      unauthorized read access to a subset of MySQL Connectors accessible data
+      and unauthorized ability to cause a hang or frequently repeatable crash
+      (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4
+      (Confidentiality, Integrity and Availability impacts). CVSS Vector:
+      (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-21548</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21548</url>
+    </references>
+    <dates>
+      <discovery>2025-01-21</discovery>
+      <entry>2025-10-01</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="00e912c5-9e92-11f0-bc5f-8447094a420f">
+    <topic>OpenSSL -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>openssl</name>
+	<range><lt>3.0.18,1</lt></range>
+      </package>
+      <package>
+	<name>openssl32</name>
+	<range><lt>3.2.6</lt></range>
+      </package>
+      <package>
+	<name>openssl33</name>
+	<range><lt>3.3.5</lt></range>
+      </package>
+      <package>
+	<name>openssl33-quictls</name>
+	<range><lt>3.3.5</lt></range>
+      </package>
+      <package>
+	<name>openssl34</name>
+	<range><lt>3.4.3</lt></range>
+      </package>
+      <package>
+	<name>openssl35</name>
+	<range><lt>3.5.4</lt></range>
+      </package>
+      <package>
+	<name>openssl36</name>
+	<range><lt>3.6.0</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The OpenSSL project reports reports:</p>
+	<blockquote cite="https://openssl-library.org/news/secadv/20250930.txt">
+	  <p>Out-of-bounds read &amp; write in RFC 3211 KEK Unwrap</p>
+	  <p>Timing side-channel in SM2 algorithm on 64-bit ARM</p>
+	  <p>Fix Out-of-bounds read in HTTP client no_proxy handling</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9230</cvename>
+      <cvename>CVE-2025-9231</cvename>
+      <cvename>CVE-2025-9232</cvename>
+      <freebsdsa>SA-25:08.openssl</freebsdsa>
+      <url>https://openssl-library.org/news/secadv/20250930.txt</url>
+    </references>
+    <dates>
+      <discovery>2025-09-30</discovery>
+      <entry>2025-10-01</entry>
+      <modified>2025-10-03</modified>
+    </dates>
+  </vuln>
+
+  <vuln vid="699ef80f-9e91-11f0-bc5f-8447094a420f">
+    <topic>LibreSSL -- overwrite and -read vulnerability</topic>
+    <affects>
+      <package>
+	<name>libressl</name>
+	<range><lt>4.1.1</lt></range>
+      </package>
+      <package>
+	<name>libressl-devel</name>
+	<range><lt>4.1.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The LibreSSL project reports:</p>
+	<blockquote cite="https://github.com/libressl/portable/releases/tag/v4.1.1">
+	  <p>An incorrect length check can result in a 4-byte overwrite and an 8-byte overread.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9230</cvename>
+      <url>https://github.com/libressl/portable/releases/tag/v4.1.1</url>
+    </references>
+    <dates>
+      <discovery>2025-10-01</discovery>
+      <entry>2025-10-01</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="4ccd6222-9c83-11f0-a337-b42e991fc52e">
+    <topic>goldendict -- dangerous method exposed</topic>
+    <affects>
+      <package>
+	<name>goldendict</name>
+	<range><lt>1.5.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>cve@mitre.org reports:</p>
+	<blockquote cite="https://github.com/goldendict/goldendict/releases">
+	  <p>GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous
+	  method that allows reading and modifying files when a user
+	  adds a crafted dictionary and then searches for any term
+	  included in that dictionary.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-53964</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53964</url>
+    </references>
+    <dates>
+      <discovery>2025-07-17</discovery>
+      <entry>2025-09-28</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="3bf134f4-942d-11f0-95de-0800276af896">
+    <topic>libudisks -- Udisks: out-of-bounds read in udisks daemon</topic>
+    <affects>
+      <package>
+	<name>libudisks</name>
+	<range><lt>2.10.2</lt></range>
+	<range><ge>2.10.90</ge><lt>2.10.91</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>secalert@redhat.com reports:</p>
+	<blockquote cite="https://access.redhat.com/errata/RHSA-2025:15017">
+	  <p>A flaw was found in the Udisks daemon, where it allows unprivileged
+	users to create loop devices using the D-BUS system.  This is
+	achieved via the loop device handler, which handles requests sent
+	through the D-BUS interface.  As two of the parameters of this
+	handle, it receives the file descriptor list and index specifying
+	the file where the loop device should be backed.  The function
+	itself validates the index value to ensure it isn&apos;t bigger
+	than the maximum value allowed.  However, it fails to validate the
+	lower bound, allowing the index parameter to be a negative value.
+	Under these circumstances, an attacker can cause the UDisks daemon
+	to crash or perform a local privilege escalation by gaining access
+	to files owned by privileged users.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-8067</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8067</url>
+    </references>
+    <dates>
+      <discovery>2025-08-28</discovery>
+      <entry>2025-09-26</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="32bdeb94-9958-11f0-b6e2-6805ca2fa271">
+    <topic>quiche -- Infinite loop triggered by connection ID retirement</topic>
+    <affects>
+      <package>
+	<name>quiche</name>
+	<range><lt>0.24.5</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Quiche Releases reports:</p>
+	<blockquote cite="https://github.com/cloudflare/quiche/releases/tag/0.24.5">
+	  <p>This update includes 1 security fix:</p>
+	  <ul>
+	    <li>High CVE-2025-7054: Infinite loop triggered by connection ID retirement. Reported by Catena cyber on 2025-08-07.</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-7054</cvename>
+      <url>https://www.cve.org/CVERecord?id=CVE-2025-7054</url>
+    </references>
+    <dates>
+      <discovery>2025-08-07</discovery>
+      <entry>2025-09-26</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="7b0cbc73-9955-11f0-b6e2-6805ca2fa271">
+    <topic>quiche -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>quiche</name>
+	<range><lt>0.24.4</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Quiche Releases reports:</p>
+	<blockquote cite="https://github.com/cloudflare/quiche/releases/tag/0.24.4">
+	  <p>This update includes 2 security fixes:</p>
+	  <ul>
+	    <li>Medium CVE-2025-4820: Incorrect congestion window growth by optimistic ACK. Reported by Louis Navarre on 2025-06-18.</li>
+	    <li>High CVE-2025-4821: Incorrect congestion window growth by invalid ACK ranges. Reported by Louis Navarre on 2025-06-18.</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-4820</cvename>
+      <cvename>CVE-2025-4821</cvename>
+      <url>https://github.com/cloudflare/quiche/releases/tag/0.24.4</url>
+    </references>
+    <dates>
+      <discovery>2025-06-18</discovery>
+      <entry>2025-09-26</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="477fdc04-9aa2-11f0-961b-2cf05da270f3">
+    <topic>Gitlab -- Vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>gitlab-ce</name>
+	<name>gitlab-ee</name>
+	<range><ge>18.4.0</ge><lt>18.4.1</lt></range>
+	<range><ge>18.3.0</ge><lt>18.3.3</lt></range>
+	<range><ge>11.10.0</ge><lt>18.2.7</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Gitlab reports:</p>
+	<blockquote cite="https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/">
+	  <p>Denial of Service issue when uploading specifically crafted JSON files impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue bypassing query complexity limits impacts GitLab CE/EE</p>
+	  <p>Information disclosure issue in virtual registery configuration for low privileged users impacts GitLab CE/EE</p>
+	  <p>Privilege Escalation issue from within the Developer role impacts GitLab EE</p>
+	  <p>Denial of Service issue in GraphQL API via Unbounded Array Parameters impacts GitLab CE/EE</p>
+	  <p>Improper Authorization issue for Project Maintainers when assigning roles impacts GitLab EE</p>
+	  <p>Denial of Service issue in GraphQL API blobSearch impacts GitLab CE/EE</p>
+	  <p>Incorrect ownership assignment via Move Issue drop-down impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue via string conversion methods impacts GitLab CE/EE</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-10858</cvename>
+      <cvename>CVE-2025-8014</cvename>
+      <cvename>CVE-2025-9958</cvename>
+      <cvename>CVE-2025-7691</cvename>
+      <cvename>CVE-2025-10871</cvename>
+      <cvename>CVE-2025-10867</cvename>
+      <cvename>CVE-2025-5069</cvename>
+      <cvename>CVE-2025-10868</cvename>
+      <url>https://about.gitlab.com/releases/2025/09/25/patch-release-gitlab-18-4-1-released/</url>
+    </references>
+    <dates>
+      <discovery>2025-09-25</discovery>
+      <entry>2025-09-26</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="e5cf9f44-9a64-11f0-8241-93c889bb8de1">
+    <topic>openvpn-devel -- script injection vulnerability from trusted but malicious server</topic>
+    <affects>
+      <package>
+	<name>openvpn-devel</name>
+	<range><ge>g20250629,1</ge><lt>g20250925,1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Gert Doering reports:</p>
+	<blockquote cite="https://github.com/OpenVPN/openvpn/commit/0fb5a00549be6b065f9a4d61940ee06786d9fa61">
+	  <p>Notable changes beta1 -&gt;
+	    beta2 are: [...] add proper input sanitation to DNS strings to
+	    prevent an attack coming from a trusted-but-malicous OpenVPN server
+	    (CVE: 2025-10680, affects unixoid systems with --dns-updown scripts
+	    and windows using the built-in powershell call)
+	  </p>
+	</blockquote>
+	<p>Lev Stipakov writes:</p>
+	<blockquote cite="https://github.com/OpenVPN/openvpn/commit/3a66045b407321c9d1c096227db164df3955ab40">
+	  <p> On Linux (and similar platforms), those options are written to a tmp
+	    file, which is later sourced by a script running as root. Since
+	    options are controlled by the server, it is possible for a malicious
+	    server to execute script injection attack [...].</p>
+	</blockquote>
+	<p>The original report is credited to Stanislav Fort &lt;disclosure@aisle.com&gt;.</p>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-10680</cvename>
+      <url>https://github.com/OpenVPN/openvpn/commit/0fb5a00549be6b065f9a4d61940ee06786d9fa61</url>
+      <url>https://github.com/OpenVPN/openvpn/commit/3a66045b407321c9d1c096227db164df3955ab40</url>
+    </references>
+    <dates>
+      <discovery>2025-09-24</discovery>
+      <entry>2025-09-25</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="c2253bff-9952-11f0-b6e2-6805ca2fa271">
+    <topic>dnsdist -- Denial of service via crafted DoH exchange</topic>
+    <affects>
+      <package>
+	<name>dnsdist</name>
+	<range><lt>1.9.11</lt></range>
+	<range><ge>2.0.0</ge><lt>2.0.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@open-xchange.com reports:</p>
+	<blockquote cite="https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html">
+	  <p>In some circumstances, when DNSdist is configured to use the nghttp2
+	     library to process incoming DNS over HTTPS queries, an attacker
+	     might be able to cause a denial of service by crafting a DoH exchange
+	     that triggers an unbounded I/O read loop, causing an unexpected
+	     consumption of CPU resources. The offending code was introduced in
+	     DNSdist 1.9.0-alpha1 so previous versions are not affected.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-30187</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30187</url>
+    </references>
+    <dates>
+      <discovery>2025-09-18</discovery>
+      <entry>2025-09-24</entry>
+      <modified>2025-09-26</modified>
+    </dates>
+  </vuln>
+
+  <vuln vid="57b54de1-85a5-439a-899e-75d19cbdff54">
+    <topic>chromium -- multiple security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>140.0.7339.207</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>140.0.7339.207</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html">
+	 <p>This update includes 4 security fixes:</p>
+	 <ul>
+	    <li>[430336833] High CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged) on 2025-07-09</li>
+	    <li>[443765373] High CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-09</li>
+	    <li>[444048019] High CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep on 2025-09-10</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-10890</cvename>
+      <cvename>CVE-2025-10891</cvename>
+      <cvename>CVE-2025-10892</cvename>
+      <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html</url>
+    </references>
+    <dates>
+      <discovery>2025-09-23</discovery>
+      <entry>2025-09-23</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="6904ba53-22ff-4478-bfae-059dc2eefee1">
+    <topic>chromium -- multiple security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>140.0.7339.185</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>140.0.7339.185</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html">
+	 <p>This update includes 4 security fixes:</p>
+	 <ul>
+	    <li>[445380761] High CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16</li>
+	    <li>[435875050] High CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin) on 2025-08-03</li>
+	    <li>[440737137] High CVE-2025-10501: Use after free in WebRTC. Reported by sherkito on 2025-08-23</li>
+	    <li>[438038775] High CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep on 2025-08-12</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-10585</cvename>
+      <cvename>CVE-2025-10500</cvename>
+      <cvename>CVE-2025-10501</cvename>
+      <cvename>CVE-2025-10502</cvename>
+      <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html</url>
+    </references>
+    <dates>
+      <discovery>2025-09-17</discovery>
+      <entry>2025-09-22</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="b51a4121-9607-11f0-becf-00a098b42aeb">
+    <topic>PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS</topic>
+    <affects>
+      <package>
+	<name>pcre2</name>
+	<range><eq>10.45</eq></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security-advisories@github.com reports:</p>
+	<blockquote cite="https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254">
+	  <p>The PCRE2 library is a set of C functions that implement regular
+	expression pattern matching.  In version 10.45, a heap-buffer-overflow
+	read vulnerability exists in the PCRE2 regular expression matching
+	engine, specifically within the handling of the (*scs:...) (Scan
+	SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c.
+	This vulnerability may potentially lead to information disclosure
+	if the out-of-bounds data read during the memcmp affects the final
+	match result in a way observable by the attacker.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-58050</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-58050</url>
+    </references>
+    <dates>
+      <discovery>2025-08-27</discovery>
+      <entry>2025-09-20</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="744966b3-93d8-11f0-b8da-589cfc10a551">
+    <topic>expat -- dynamic memory allocations issue</topic>
+    <affects>
+      <package>
+	<name>expat2</name>
+	<range><lt>2.7.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>expat security advisory:</p>
+	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-59375">
+	  <p>libexpat allows attackers to trigger large dynamic memory allocations
+	  via a small document that is submitted for parsing.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-59375</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-59375</url>
+    </references>
+    <dates>
+      <discovery>2025-09-17</discovery>
+      <entry>2025-09-17</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="b9b668f0-96ec-4568-b618-2edea45d6933">
+    <topic>jenkins -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>jenkins</name>
+	<range><lt>2.528</lt></range>
+      </package>
+      <package>
+	<name>jenkins-lts</name>
+	<range><lt>2.516.3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Jenkins Security Advisory:</p>
+	<blockquote cite="https://www.jenkins.io/security/advisory/2025-09-17/">
+	  <h1>Description</h1>
+	  <h5>(High) SECURITY-3618 / CVE-2025-5115</h5>
+	  <p>HTTP/2 denial of service vulnerability in bundled Jetty</p>
+	  <h5>(Medium) SECURITY-3594 / CVE-2025-59474</h5>
+	  <p>Missing permission check allows obtaining agent names</p>
+	  <h5>(Medium) SECURITY-3625 / CVE-2025-59475</h5>
+	  <p> Missing permission check in authenticated users' profile menu</p>
+	  <h5>(Medium) SECURITY-3424 / CVE-2025-59476</h5>
+	  <p>Log message injection vulnerability</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-5115</cvename>
+      <cvename>CVE-2025-59474</cvename>
+      <cvename>CVE-2025-59475</cvename>
+      <cvename>CVE-2025-59476</cvename>
+      <url>https://www.jenkins.io/security/advisory/2025-09-17/</url>
+    </references>
+    <dates>
+      <discovery>2025-09-17</discovery>
+      <entry>2025-09-17</entry>
+  </dates>
+  </vuln>
+
+  <vuln vid="f6ca7c47-9190-11f0-b8da-589cfc10a551">
+    <topic>unit-java -- security vulnerability</topic>
+    <affects>
+      <package>
+	<name>unit-java</name>
+	<range><lt>1.34.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>F5 reports:</p>
+	<blockquote cite="https://my.f5.com/manage/s/article/K000149959">
+	  <p>When NGINX Unit with the Java Language Module is in use,
+	  undisclosed requests can lead to an infinite loop and cause
+	  an increase in CPU resource utilization.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-1695</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-1695</url>
+    </references>
+    <dates>
+      <discovery>2025-09-14</discovery>
+      <entry>2025-09-14</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="3aee6703-8ff6-11f0-b8da-589cfc10a551">
+    <topic>cups -- security vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>cups</name>
+	<range><lt>2.4.13</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>OpenPrinting reports:</p>
+	<blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq">
+	  <p>When the AuthType is set to anything but Basic, if the request contains an
+	    Authorization: Basic ... header, the password is not checked.</p>
+	</blockquote>
+	<blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4">
+	  <p>An unsafe deserialization and validation of printer attributes, causes null
+	    dereference in libcups library.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-58060</cvename>
+      <cvename>CVE-2025-58364</cvename>
+      <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq</url>
+      <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4</url>
+    </references>
+    <dates>
+      <discovery>2025-09-11</discovery>
+      <entry>2025-09-12</entry>
+      <modified>2025-09-16</modified>
+    </dates>
+  </vuln>
+
+  <vuln vid="f50640fa-89a4-4795-a302-47b0dea8cee5">
+    <topic>chromium -- multiple security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>140.0.7339.127</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>140.0.7339.127</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html">
+	 <p>This update includes 2 security fixes:</p>
+	 <ul>
+	    <li>[440454442] Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22</li>
+	    <li>[439305148] High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando &amp; Anon on 2025-08-18</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-10200</cvename>
+      <cvename>CVE-2025-10201</cvename>
+      <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html</url>
+    </references>
+    <dates>
+      <discovery>2025-09-09</discovery>
+      <entry>2025-09-11</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="602fc0fa-8ece-11f0-9d03-2cf05da270f3">
+    <topic>Gitlab -- Vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>gitlab-ce</name>
+	<name>gitlab-ee</name>
+	<range><ge>18.3.0</ge><lt>18.3.2</lt></range>
+	<range><ge>18.2.0</ge><lt>18.2.6</lt></range>
+	<range><ge>7.8.0</ge><lt>18.1.6</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Gitlab reports:</p>
+	<blockquote cite="https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/">
+	  <p>Denial of Service issue in SAML Responses impacts GitLab CE/EE</p>
+	  <p>Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in endpoint file upload impacts GitLab CE/EE</p>
+	  <p>Denial of Service issue in token listing operations impacts GitLab CE/EE</p>
+	  <p>Information disclosure issue in runner endpoints impacts GitLab CE/EE</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-2256</cvename>
+      <cvename>CVE-2025-6454</cvename>
+      <cvename>CVE-2025-1250</cvename>
+      <cvename>CVE-2025-7337</cvename>
+      <cvename>CVE-2025-10094</cvename>
+      <cvename>CVE-2025-6769</cvename>
+      <url>https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/</url>
+    </references>
+    <dates>
+      <discovery>2025-09-10</discovery>
+      <entry>2025-09-11</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="bda50cf1-8bcf-11f0-b3f7-a8a1599412c6">
+    <topic>chromium -- multiple security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>140.0.7339.80</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>140.0.7339.80</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html">
+	 <p>This update includes 6 security fixes:</p>
+	 <ul>
+	    <li>[434513380] High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28</li>
+	    <li>[437147699] Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07</li>
+	    <li>[379337758] Medium CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK on 2024-11-16</li>
+	    <li>[415496161] Medium CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-05-04</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9864</cvename>
+      <cvename>CVE-2025-9865</cvename>
+      <cvename>CVE-2025-9866</cvename>
+      <cvename>CVE-2025-9867</cvename>
+      <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html</url>
+    </references>
+    <dates>
+      <discovery>2025-09-02</discovery>
+      <entry>2025-09-07</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="340dc4c1-895a-11f0-b6e5-4ccc6adda413">
+    <topic>exiv2 -- Denial-of-service</topic>
+    <affects>
+      <package>
+	<name>exiv2</name>
+	<range><lt>0.28.6</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Kevin Backhouse reports:</p>
+	<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g">
+	  <p>A denial-of-service was found in Exiv2 version v0.28.5: a quadratic
+	  algorithm in the ICC profile parsing code in jpegBase::readMetadata()
+	  can cause Exiv2 to run for a long time. Exiv2 is a command-line utility
+	  and C++ library for reading, writing, deleting, and modifying the
+	  metadata of image files. The denial-of-service is triggered when Exiv2
+	  is used to read the metadata of a crafted jpg image file.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-55304</cvename>
+      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g</url>
+    </references>
+    <dates>
+      <discovery>2025-08-29</discovery>
+      <entry>2025-09-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="84a77710-8958-11f0-b6e5-4ccc6adda413">
+    <topic>exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()</topic>
+    <affects>
+      <package>
+	<name>exiv2</name>
+	<range><lt>0.28.6</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Kevin Backhouse reports:</p>
+	<blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39">
+	  <p>An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier.
+	  Exiv2 is a command-line utility and C++ library for reading, writing,
+	  deleting, and modifying the metadata of image files. The out-of-bounds
+	  read is triggered when Exiv2 is used to write metadata into a crafted
+	  image file. An attacker could potentially exploit the vulnerability to
+	  cause a denial of service by crashing Exiv2, if they can trick the victim
+	  into running Exiv2 on a crafted image file.</p>
+	  <p>Note that this bug is only triggered when writing the metadata, which
+	  is a less frequently used Exiv2 operation than reading the metadata. For
+	  example, to trigger the bug in the Exiv2 command-line application, you
+	  need to add an extra command-line argument such as delete.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-54080</cvename>
+      <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39</url>
+    </references>
+    <dates>
+      <discovery>2025-08-29</discovery>
+      <entry>2025-09-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="0db8684f-8938-11f0-8325-bc2411f8eb0b">
+    <topic>Django -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>py39-django42</name>
+	<name>py310-django42</name>
+	<name>py311-django42</name>
+	<range><lt>4.2.24</lt></range>
+      </package>
+      <package>
+	<name>py310-django51</name>
+	<name>py311-django51</name>
+	<range><lt>5.1.12</lt></range>
+      </package>
+      <package>
+	<name>py310-django52</name>
+	<name>py311-django52</name>
+	<range><lt>5.2.6</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Django reports:</p>
+	<blockquote cite="https://www.djangoproject.com/weblog/2025/sep/03/security-releases/">
+	  <p>CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-57833</cvename>
+      <url>https://www.djangoproject.com/weblog/2025/sep/03/security-releases/</url>
+    </references>
+    <dates>
+      <discovery>2025-09-01</discovery>
+      <entry>2025-09-04</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="9f9b0b37-88fa-11f0-90a2-6cc21735f730">
+    <topic>Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin</topic>
+    <affects>
+      <package>
+	<name>shibboleth-sp</name>
+	<range><lt>3.5.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Internet2 reports:</p>
+	<blockquote cite="https://shibboleth.net/community/advisories/secadv_20250903.txt">
+	  <p>The Shibboleth Service Provider includes a storage API usable
+	  for a number of different use cases such as the session cache,
+	  replay cache, and relay state management. An ODBC extension
+	  plugin is provided with some distributions of the software
+	  (notably on Windows).</p>
+	  <p>A SQL injection vulnerability was identified in some of the
+	  queries issued by the plugin, and this can be creatively
+	  exploited through specially crafted inputs to exfiltrate
+	  information stored in the database used by the SP.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <url>https://shibboleth.net/community/advisories/secadv_20250903.txt</url>
+    </references>
+    <dates>
+      <discovery>2025-09-03</discovery>
+      <entry>2025-09-03</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="aaa060af-88d6-11f0-a294-b0416f0c4c67">
+    <topic>Vieb -- Remote Code Execution via Visiting Untrusted URLs</topic>
+    <affects>
+      <package>
+	<name>linux-vieb</name>
+	<range><lt>12.4.0</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report:</p>
+	<blockquote cite="https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm">
+    <p>We discovered a remote code execution (RCE) vulnerability in the latest
+      release of the Vieb browser (v12.3.0). By luring a user to visit a
+      malicious website, an attacker can achieve arbitrary code execution on the
+      victim’s machine.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <url>https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm</url>
+    </references>
+    <dates>
+      <discovery>2025-07-31</discovery>
+      <entry>2025-09-03</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="d7b7e505-8486-11f0-9d03-2cf05da270f3">
+    <topic>Gitlab -- vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>gitlab-ce</name>
+	<name>gitlab-ee</name>
+	<range><ge>18.3.0</ge><lt>18.3.1</lt></range>
+	<range><ge>18.2.0</ge><lt>18.2.5</lt></range>
+	<range><ge>8.15.0</ge><lt>18.1.5</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Gitlab reports:</p>
+	<blockquote cite="https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/">
+	  <p>Allocation of Resources Without Limits issue in import function impacts GitLab CE/EE</p>
+	  <p>Missing authentication issue in GraphQL endpoint impacts GitLab CE/EE</p>
+	  <p>Allocation of Resources Without Limits issue in GraphQL impacts GitLab CE/EE</p>
+	  <p>Code injection issue in GitLab repositories impacts GitLab CE/EE</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-3601</cvename>
+      <cvename>CVE-2025-2246</cvename>
+      <cvename>CVE-2025-4225</cvename>
+      <cvename>CVE-2025-5101</cvename>
+      <url>https://about.gitlab.com/releases/2025/08/27/patch-release-gitlab-18-3-1-released/</url>
+    </references>
+    <dates>
+      <discovery>2025-08-27</discovery>
+      <entry>2025-08-29</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f727fe60-8389-11f0-8438-001b217e4ee5">
+    <topic>ISC KEA -- kea-dhcp4 aborts if client sends a broadcast request with particular options</topic>
+    <affects>
+      <package>
+	<name>kea</name>
+	<range><ge>3.0.0</ge><lt>3.0.1</lt></range>
+      </package>
+      <package>
+	<name>kea-devel</name>
+	<range><ge>3.1.0</ge><lt>3.1.1</lt></range>
+	<range><ge>2.7.1</ge><le>2.7.9</le></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Internet Systems Consortium, Inc. reports:</p>
+	<blockquote cite="https://kb.isc.org/docs/">
+	<p>We corrected an issue in `kea-dhcp4` that caused
+	the server to abort if a client sent a broadcast request with particular
+	options, and Kea failed to find an appropriate subnet for that client.
+	This addresses CVE-2025-40779 [#4055, #4048].</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-40779</cvename>
+    </references>
+    <dates>
+      <discovery>2025-08-27</discovery>
+      <entry>2025-08-27</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="2a11aa1e-83c7-11f0-b6e5-4ccc6adda413">
+    <topic>qt6-base -- DoS in QColorTransferGenericFunction</topic>
+    <affects>
+      <package>
+	<name>qt6-base</name>
+	<range><lt>6.9.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Andy Shaw reports:</p>
+	<blockquote cite="https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt">
+	  <p>When passing values outside of the expected range to QColorTransferGenericFunction
+	  it can cause a denial of service, for example, this can happen when passing a
+	  specifically crafted ICC profile to QColorSpace::fromICCProfile.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-5992</cvename>
+      <url>https://www.qt.io/blog/security-advisory-recently-reported-denial-of-service-issue-in-qcolortransfergenericfunction-impacts-qt</url>
+    </references>
+    <dates>
+      <discovery>2025-07-11</discovery>
+      <entry>2025-08-28</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="edf83c10-83b8-11f0-b6e5-4ccc6adda413">
+    <topic>qt6-webengine -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>qt6-pdf</name>
+	<name>qt6-webengine</name>
+	<range><lt>6.9.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Qt qtwebengine-chromium repo reports:</p>
+	<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based">
+	  <p>Backports for 25 security bugs in Chromium:</p>
+	  <ul>
+	    <li>CVE-2025-5063: Use after free in Compositing</li>
+	    <li>CVE-2025-5064: Inappropriate implementation in Background Fetch</li>
+	    <li>CVE-2025-5065: Inappropriate implementation in FileSystemAccess API</li>
+	    <li>CVE-2025-5068: Use after free in Blink</li>
+	    <li>CVE-2025-5280: Out of bounds write in V8</li>
+	    <li>CVE-2025-5281: Inappropriate implementation in BFCache</li>
+	    <li>CVE-2025-5283: Use after free in libvpx</li>
+	    <li>CVE-2025-5419: Out of bounds read and write in V8</li>
+	    <li>CVE-2025-6191: Integer overflow in V8</li>
+	    <li>CVE-2025-6192: Use after free in Profiler</li>
+	    <li>CVE-2025-6554: Type Confusion in V8</li>
+	    <li>CVE-2025-6556: Insufficient policy enforcement in Loader</li>
+	    <li>CVE-2025-6557: Insufficient data validation in DevTools</li>
+	    <li>CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU</li>
+	    <li>CVE-2025-7656: Integer overflow in V8</li>
+	    <li>CVE-2025-7657: Use after free in WebRTC</li>
+	    <li>CVE-2025-8010: Type Confusion in V8</li>
+	    <li>CVE-2025-8576: Use after free in Extensions</li>
+	    <li>CVE-2025-8578: Use after free in Cast</li>
+	    <li>CVE-2025-8580: Inappropriate implementation in Filesystems</li>
+	    <li>CVE-2025-8582: Insufficient validation of untrusted input in DOM</li>
+	    <li>CVE-2025-8879: Heap buffer overflow in libaom</li>
+	    <li>CVE-2025-8880: Race in V8</li>
+	    <li>CVE-2025-8881: Inappropriate implementation in File Picker</li>
+	    <li>CVE-2025-8901: Out of bounds write in ANGLE</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-5063</cvename>
+      <cvename>CVE-2025-5064</cvename>
+      <cvename>CVE-2025-5065</cvename>
+      <cvename>CVE-2025-5068</cvename>
+      <cvename>CVE-2025-5280</cvename>
+      <cvename>CVE-2025-5281</cvename>
+      <cvename>CVE-2025-5283</cvename>
+      <cvename>CVE-2025-5419</cvename>
+      <cvename>CVE-2025-6191</cvename>
+      <cvename>CVE-2025-6192</cvename>
+      <cvename>CVE-2025-6554</cvename>
+      <cvename>CVE-2025-6556</cvename>
+      <cvename>CVE-2025-6557</cvename>
+      <cvename>CVE-2025-6558</cvename>
+      <cvename>CVE-2025-7656</cvename>
+      <cvename>CVE-2025-7657</cvename>
+      <cvename>CVE-2025-8010</cvename>
+      <cvename>CVE-2025-8576</cvename>
+      <cvename>CVE-2025-8578</cvename>
+      <cvename>CVE-2025-8580</cvename>
+      <cvename>CVE-2025-8582</cvename>
+      <cvename>CVE-2025-8879</cvename>
+      <cvename>CVE-2025-8880</cvename>
+      <cvename>CVE-2025-8881</cvename>
+      <cvename>CVE-2025-8901</cvename>
+      <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based</url>
+    </references>
+    <dates>
+      <discovery>2025-05-27</discovery>
+      <entry>2025-08-28</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="6989312e-8366-11f0-9bc6-b42e991fc52e">
+    <topic>SQLite -- application crash</topic>
+    <affects>
+      <package>
+	<name>sqlite3</name>
+	<range><lt>3.49.1</lt></range>
+      </package>
+      <package>
+	<name>linux_base-rl9-9.6</name>
+	<range><lt>9.6</lt></range>
+      </package>
+      <package>
+	<name>linux-c7-sqlite</name>
+	<range><lt>3.7.17_2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>cve@mitre.org reports:</p>
+	<blockquote cite="https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248">
+	  <p>In SQLite 3.49.0 before 3.49.1, certain argument values
+	  to sqlite3_db_config (in the C-language API) can cause a
+	  denial of service (application crash). An sz*nBig
+	  multiplication is not cast to a 64-bit integer, and
+	  consequently some memory allocations may be incorrect.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-29088</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-29088</url>
+    </references>
+    <dates>
+      <discovery>2025-04-10</discovery>
+      <entry>2025-08-27</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="c323bab5-80dd-11f0-97c4-40b034429ecf">
+    <topic>p5-Catalyst-Authentication-Credential-HTTP -- Insecure source of randomness</topic>
+    <affects>
+      <package>
+	<name>p5-Catalyst-Authentication-Credential-HTTP</name>
+	<range><lt>1.019</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>perl-catalyst project reports:</p>
+	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-40920">
+	  <p>Catalyst::Authentication::Credential::HTTP versions 1.018
+	  and earlier for Perl generate nonces using
+	  the Perl Data::UUID library. * Data::UUID does not use a
+	  strong cryptographic source for generating
+	  UUIDs.* Data::UUID returns v3 UUIDs, which are generated
+	  from known information and are unsuitable for
+	  security, as per RFC 9562. * The nonces should be generated
+	  from a strong cryptographic source, as per RFC 7616.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-40920</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-40920</url>
+    </references>
+    <dates>
+      <discovery>2025-08-11</discovery>
+      <entry>2025-08-24</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="07335fb9-7eb1-11f0-ba14-b42e991fc52e">
+    <topic>Mozilla -- memory safety bugs</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>142</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072">
+	  <p>Memory safety bugs present in Firefox 141 and Thunderbird
+	  141. Some of these bugs showed evidence of memory corruption
+	  and we presume that with enough effort some of these could
+	  have been exploited to run arbitrary code.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9187</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9187</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="feb359ef-7eb0-11f0-ba14-b42e991fc52e">
+    <topic>Mozilla -- memory safety bugs</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>128.14</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>140.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166">
+	  <p>Memory safety bugs present in Firefox ESR 115.26, Firefox
+	  ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,
+	  Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141.
+	  Some of these bugs showed evidence of memory corruption and
+	  we presume that with enough effort some of these could have
+	  been exploited to run arbitrary code.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9184</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9184</url>
+      <cvename>CVE-2025-9185</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9185</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="fa7fd6d4-7eb0-11f0-ba14-b42e991fc52e">
+    <topic>Firefox -- Spoofing in the Address Bar</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>140.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1976102">
+	  <p>Spoofing issue in the Address Bar component.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9183</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9183</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f994cea5-7eb0-11f0-ba14-b42e991fc52e">
+    <topic>Mozilla -- DoS in WebRender</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>140.2</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>142</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1975837">
+	  <p>&apos;Denial-of-service due to out-of-memory in the
+	  Graphics: WebRender component.&apos;</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9182</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9182</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f7e8e9a3-7eb0-11f0-ba14-b42e991fc52e">
+    <topic>Mozilla -- Uninitialized memory</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>140.2</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>140.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1977130">
+	  <p>Uninitialized memory in the JavaScript Engine component.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9181</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9181</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f6219d24-7eb0-11f0-ba14-b42e991fc52e">
+    <topic>Mozilla -- Same-origin policy bypass</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>140.2</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>142</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979782">
+	  <p>&apos;Same-origin policy bypass in the Graphics: Canvas2D
+	component.&apos;</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9180</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9180</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="f42ee983-7eb0-11f0-ba14-b42e991fc52e">
+    <topic>Mozilla -- memory corruption in GMP</topic>
+    <affects>
+      <package>
+	<name>firefox</name>
+	<range><lt>142,2</lt></range>
+      </package>
+      <package>
+	<name>firefox-esr</name>
+	<range><lt>140.2</lt></range>
+      </package>
+      <package>
+	<name>thunderbird</name>
+	<range><lt>140.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>security@mozilla.org reports:</p>
+	<blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979527">
+	  <p>An attacker was able to perform memory corruption in the GMP process
+	which processes encrypted media.  This process is also heavily
+	sandboxed, but represents slightly different privileges from the
+	content process.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-9179</cvename>
+      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-9179</url>
+    </references>
+    <dates>
+      <discovery>2025-08-19</discovery>
+      <entry>2025-08-21</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="eb03714d-79f0-11f0-b4c1-ac5afc632ba3">
+    <topic>nginx -- worker process memory disclosure</topic>
+    <affects>
+      <package>
+	<name>nginx-devel</name>
+	<range><lt>1.29.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>F5 reports:</p>
+	<blockquote cite="https://my.f5.com/manage/s/article/K000152786">
+	  <p>NGINX Open Source and NGINX Plus have a vulnerability in the
+	  ngx_mail_smtp_module that might allow an unauthenticated attacker to
+	  over-read NGINX SMTP authentication process memory; as a result, the
+	  server side may leak arbitrary bytes sent in a request to the
+	  authentication server.  This issue happens during the NGINX SMTP
+	  authentication process and requires the attacker to make preparations
+	  against the target system to extract the leaked data.  The issue
+	  affects NGINX only if (1) it is built with the ngx_mail_smtp_module,
+	  (2) the smtp_auth directive is configured with method "none,"
+	  and (3) the authentication server returns the "Auth-Wait" response
+	  header.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-53859</cvename>
+      <url>https://www.cve.org/CVERecord?id=CVE-2025-53859</url>
+    </references>
+    <dates>
+      <discovery>2025-08-13</discovery>
+      <entry>2025-08-15</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a60e73e0-7942-11f0-b3f7-a8a1599412c6">
     <topic>chromium -- multiple security fixes</topic>
     <affects>
@@ -381,8 +2194,6 @@
 	<name>sqlite3</name>
 	<range><ge>3.39.2,1</ge><lt>3.41.2,1</lt></range>
       </package>
-      <!-- as of 2025-08-01, sqlite in -c7 is 3.7.17 and matched by the <3.50.2 below,
-	   and -rl9 aka linux_base ships 3.34.1 which is outside this range. -->
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
@@ -1340,12 +3151,18 @@
 	<name>sqlite3</name>
 	<range><lt>3.50.2,1</lt></range>
       </package>
+      <!-- as of 2025-08-01, sqlite in -c7 is 3.7.17 and matched by the <3.50.2 below,
+	   and -rl9 aka linux_base ships 3.34.1 which is outside this range. -->
       <package>
 	<name>linux-c7-sqlite</name>
 	<range><lt>3.50.2</lt></range>
       </package>
       <package>
 	<name>linux_base-rl9</name>
+	<range><ge>9.5.14</ge><lt>9.6_1</lt></range>
+      </package>
+      <package>
+	<name>linux-rl9-sqlite3</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -1367,7 +3184,7 @@
     <dates>
       <discovery>2025-07-15</discovery>
       <entry>2025-07-23</entry>
-      <modified>2025-08-01</modified>
+      <modified>2025-09-07</modified>
     </dates>
   </vuln>
 
@@ -1541,7 +3358,7 @@
     <affects>
       <package>
 	<name>libxslt</name>
-	<range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed -->
+	<range><lt>1.1.43_2</lt></range> <!-- adjust should libxslt ever be fixed -->
       </package>
       <package>
 	<name>linux-c7-libxslt</name>
@@ -8360,7 +10177,7 @@
     </affects>
     <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
+	<p>The NGINX Unit team reports:</p>
 	<blockquote cite="https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html">
 	  <p>Unit 1.34.2 fixes two issues in the Java language module websocket code.</p>
 	    <ol>
author	Lexi Winter <ivy@FreeBSD.org>	2025-10-05 09:19:31 +0100
committer	Lexi Winter <ivy@FreeBSD.org>	2025-10-05 09:19:31 +0100
commit	f85f2b2d6e5b7ed869376eb4b180c3a74a5c5da9 (patch)
tree	ad799ccacfb459b809b02b9c115ed4befb93b4c1 /security/vuxml
parent	0b1510fe1f98f82da6f3481cb6c58957022d9211 (diff)
parent	b057c68280a2f2a7b3d1fbac36f7b034e1fdf593 (diff)