Source: znuny Version: 6.5.14-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: fixed -1 6.5.15-1
Hi, The following vulnerabilities were published for znuny and fixed already in experimental, filling bugs to make it (potentially) on the release team radar (if we want to make them to include in trixie). CVE-2025-43926[0]: | ZSA-2025-07: An agent with a valid session can elevate his permission | via XSS by modifying his own preferences. CVE-2025-26847[1]: | ZSA-2025-06: Support bundles generated by the Support Data | Collector may have unmasked password in the included system | configuration export. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-43926 https://www.cve.org/CVERecord?id=CVE-2025-43926 [1] https://security-tracker.debian.org/tracker/CVE-2025-26847 https://www.cve.org/CVERecord?id=CVE-2025-26847 Regards, Salvatore
