proj: X.Org X server and Xwayland
subj: [vs-plain] Preview of X.Org Security Advisory for 2025-10-28
trep: Mon Oct 13 07:46:59 2025
cves: CVE-2025-62229, CVE-2025-62230, CVE-2025-62231, ZDI-CAN-27238, ZDI-CAN-27545, ZDI-CAN-27560
tcrd: October 28, 2025 at 13:00 UTC
toss: Tue Oct 28 19:24:11 2025
soss: [oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland
loss: https://www.openwall.com/lists/oss-security/2025/10/28/7

proj: BIND 9
subj: [vs] ...
trep: Tue Oct 21 10:16:48 2025
cves: CVE-2025-8677, CVE-2025-40778, CVE-2025-40780
tcrd: 22 October 2025
toss: Wed Oct 22 15:54:47 2025
soss: [oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2025-8677, CVE-2025-40778, CVE-2025-40780)
loss: https://www.openwall.com/lists/oss-security/2025/10/22/1

proj: runc
subj: [vs] ...
trep: Wed Oct 22 12:16:52 2025
cves: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
tcrd: 2025-11-05 09:00 UTC
toss: Wed Nov 05 09:53:38 2025
soss: [oss-security] runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881
loss: https://www.openwall.com/lists/oss-security/2025/11/05/3

proj: OpenSMTPD
subj: [vs] encrypted subject
trep: Thu Oct 23 09:35:42 2025
cves: CVE-2025-62875
tcrd: 2025-10-31
toss: Fri Oct 31 17:22:01 2025
soss: [oss-security] OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875)
loss: https://www.openwall.com/lists/oss-security/2025/10/31/3

proj: OpenStack Keystone
subj: [vs] Vulnerability in OpenStack Keystone (CVE pending)
trep: Tue Oct 28 16:03:06 2025
tcrd: Tuesday, 2025-11-04, 1500UTC
toss: Tue Nov 04 15:01:25 2025
soss: [oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING)
loss: https://www.openwall.com/lists/oss-security/2025/11/04/2

proj: Kea
subj: [vs] One Kea vulnerability will be announced on 29 October 2025
trep: Tue Oct 28 18:00:50 2025
cves: CVE-2025-11232
tcrd: 29 October 2025
toss: Wed Oct 29 17:55:19 2025
soss: [oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-11232)
loss: https://www.openwall.com/lists/oss-security/2025/10/29/5

proj: curl
subj: [vs-plain] : pre-notification curl CVE-2025-10966
trep: Wed Oct 29 08:55:34 2025
cves: CVE-2025-10966
tcrd: November 5 2025 around 07:00 UTC
toss: Wed Nov 05 07:14:23 2025
soss: [oss-security] [SECURITY ADVISORY] curl: missing SFTP host verification with wolfSSH
loss: https://www.openwall.com/lists/oss-security/2025/11/05/2

proj: wcurl
subj: [vs-plain] : pre-notification wcurl CVE-2025-11563
trep: Thu Oct 30 07:19:58 2025
cves: CVE-2025-11563
tcrd: November 4
toss: Tue Nov 04 08:42:13 2025
soss: [oss-security] [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes
loss: https://www.openwall.com/lists/oss-security/2025/11/04/1