|
|
@@ -32,6 +32,72 @@
|
|
|
linphone, logsurfer, mediastreamer, metacity, mongrel2, ola,
|
|
|
ortp, procrank_linux, ramspeed, sylpheed
|
|
|
|
|
|
+2025.08.2, released November 20, 2025
|
|
|
+
|
|
|
+ Important / security related fixes:
|
|
|
+
|
|
|
+ - bind: CVE-2025-8677, CVE-2025-40778, CVE-2025-40780
|
|
|
+ - dante: CVE-2024-54662
|
|
|
+ - erlang: CVE-2024-53846, CVE-2025-4748, CVE-2025-26618, CVE-2025-30211,
|
|
|
+ CVE-2025-32433, CVE-2025-46712, CVE-2025-48038,
|
|
|
+ CVE-2025-48039, CVE-2025-48040, CVE-2025-48041
|
|
|
+ - hostapd: CVE-2025-24912
|
|
|
+ - imagemagick: CVE-2025-62171
|
|
|
+ - iptraf-ng: CVE-2024-52949
|
|
|
+ - libarchive: CVE-2025-25724
|
|
|
+ - libglib2: CVE-2024-54662
|
|
|
+ - libvips: CVE-2025-29769, CVE-2025-59933
|
|
|
+ - libvpx: CVE-2025-5283
|
|
|
+ - libxslt: CVE-2025-24855, CVE-2024-55549
|
|
|
+ - mbedtls: CVE-2025-54764, CVE-2025-59438
|
|
|
+ - modsecurity2: CVE-2025-52891, CVE-2025-54571
|
|
|
+ - netdata: CVE-2023-22496, CVE-2023-22497
|
|
|
+ - podman: CVE-2025-9566
|
|
|
+ - poppler: CVE-2024-6239, CVE-2024-56378, CVE-2025-32364,
|
|
|
+ CVE-2025-32365, CVE-2025-43903, CVE-2025-50420,
|
|
|
+ CVE-2025-52886
|
|
|
+ - python3: gh-139312, gh-139700, gh-139400, gh-135661, gh-135661,
|
|
|
+ gh-102555, gh-135462, gh-118350, gh-86155
|
|
|
+ - python-webpy: CVE-2025-3818
|
|
|
+ - redis: CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49844
|
|
|
+ - samba: CVE-2025-3818, CVE-2025-10230
|
|
|
+ - shairport-sync: Upstream security fixes without CVE
|
|
|
+ - squid: CVE-2025-59362
|
|
|
+ - suricata: CVE-2024-37151, CVE-2024-38535
|
|
|
+ - tpm2-tss: CVE-2024-29040
|
|
|
+ - xerces: CVE-2024-23807
|
|
|
+ - zabbix: CVE-2025-27231, CVE-2025-27236, CVE-2025-27238, CVE-2025-49641
|
|
|
+ - zip: CVE-2018-13410
|
|
|
+
|
|
|
+ Infrastructure updates/fixes:
|
|
|
+
|
|
|
+ - Improved matching of CPE ID with NVD database, resulting in more accurate
|
|
|
+ identification of CVEs.
|
|
|
+ - brmake: avoid garbled output with top-level parallel build
|
|
|
+
|
|
|
+ Updated / fixed packages: 4th, audit, bind, cmake, crun, dante,
|
|
|
+ ebtables, erlang, freeradius-server, freerdp, gpsd, gstd, hostapd,
|
|
|
+ imagemagick, iptraf-ng, ledmon, libarchive, libcurl, libdbi-drivers,
|
|
|
+ libdisplay-info, libglib2, libgphoto2, libgtk3, libheif, libiconv,
|
|
|
+ libsemanage, libshout, libsolv, libtpms, libvips, libvpx, libwpe,
|
|
|
+ libxslt, linux, linux-headers, live555, mbedtls, micropython,
|
|
|
+ mjpg-streamer, modsecurity2, netdata, podman, poppler, python3,
|
|
|
+ python-flask-cors, python-webpy, quota, qt6multimedia, redis, refpolicy,
|
|
|
+ samba4, shairport-sync, selinux-python, sexpect, siproxd, sqlite, squid,
|
|
|
+ suricata, tor, tpm2-tss, waffle, webkitgtk, wireless-regdb, wpewebkit,
|
|
|
+ xerces, zabbix, zip
|
|
|
+
|
|
|
+ Removed package: ramspeed
|
|
|
+
|
|
|
+ Boards updated / fixed: andes_ae350_45, beaglebone, beagleboneai,
|
|
|
+ cubieboard1, cubieboard2, imx6ulz_bsh_smm_m2, imx8mn_bsh_smm_s2,
|
|
|
+ imx8mn_bsh_smm_s2_pro, olimex_a20_olinuxino_lime*, stm32f429_disco_xip,
|
|
|
+ stm32f746_disco_sd, stm32f769_disco_sd, stm32mp1*_dk*, ti_am62x_sk
|
|
|
+
|
|
|
+ Test Improvements:
|
|
|
+
|
|
|
+ - Capture output of failing commands on host.
|
|
|
+
|
|
|
2025.08.1, released October 11, 2025
|
|
|
|
|
|
Important / security related fixes:
|
Arnout Vandecappelle