This shows you the differences between two versions of the page.
|
mailing-lists:distros:stats:2025 [2025/10/06 06:00] solar add final 2025-09 |
mailing-lists:distros:stats:2025 [2025/11/07 02:19] (current) solar add final 2025-10 |
||
|---|---|---|---|
| Line 15: | Line 15: | ||
| | 2025-08 | 4 | 4 | 5.64 | 4.42 | 1.06 | 12.65 | | | 2025-08 | 4 | 4 | 5.64 | 4.42 | 1.06 | 12.65 | | ||
| | 2025-09 | 11 | 11 | 5.04 | 4.78 | 1.00 | 13.89 | | | 2025-09 | 11 | 11 | 5.04 | 4.78 | 1.00 | 13.89 | | ||
| - | | Total | 59 | 59 | 6.67 | 6.54 | 0.63 | 20.16 | | + | | 2025-10 | 8 | 8 | 7.36 | 6.94 | 1.00 | 15.48 | |
| + | | Total | 67 | 67 | 6.75 | 6.82 | 0.63 | 20.16 | | ||
| Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros, which in 2025 didn't occur yet) are (will be) excluded from the calculation of average, median, and minimum embargo duration above. | Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros, which in 2025 didn't occur yet) are (will be) excluded from the calculation of average, median, and minimum embargo duration above. | ||
| Line 85: | Line 86: | ||
| | open-vm-tools | [vs] [EMBARGOED] CVE-2025-41244 - open-vm-tools \\ [[https://www.openwall.com/lists/oss-security/2025/09/29/10|[oss-security] [Security Advisory] open-vm-tools: Local privilege escalation (CVE-2025-41244)]] | Tue Sep 23 07:27:43 2025 \\ Mon Sep 29 16:24:26 2025 | 6.37 | Sep 29th, 2025 | CVE-2025-41244 \\ VMSA-2025-0015 | | | open-vm-tools | [vs] [EMBARGOED] CVE-2025-41244 - open-vm-tools \\ [[https://www.openwall.com/lists/oss-security/2025/09/29/10|[oss-security] [Security Advisory] open-vm-tools: Local privilege escalation (CVE-2025-41244)]] | Tue Sep 23 07:27:43 2025 \\ Mon Sep 29 16:24:26 2025 | 6.37 | Sep 29th, 2025 | CVE-2025-41244 \\ VMSA-2025-0015 | | ||
| | FreeIPA | [vs-plain] CVE-2025-7493 - Privilege escalation from host to domain admin in FreeIPA \\ [[https://www.openwall.com/lists/oss-security/2025/09/30/6|[oss-security] FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin]] | Wed Sep 24 19:00:18 2025 \\ Tue Sep 30 15:50:21 2025 | 5.87 | September 30th | CVE-2025-7493 | | | FreeIPA | [vs-plain] CVE-2025-7493 - Privilege escalation from host to domain admin in FreeIPA \\ [[https://www.openwall.com/lists/oss-security/2025/09/30/6|[oss-security] FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin]] | Wed Sep 24 19:00:18 2025 \\ Tue Sep 30 15:50:21 2025 | 5.87 | September 30th | CVE-2025-7493 | | ||
| + | | X.Org X server and Xwayland | [vs-plain] Preview of X.Org Security Advisory for 2025-10-28 \\ [[https://www.openwall.com/lists/oss-security/2025/10/28/7|[oss-security] Fwd: X.Org Security Advisory: multiple security issues X.Org X server and Xwayland]] | Mon Oct 13 07:46:59 2025 \\ Tue Oct 28 19:24:11 2025 | 15.48 | October 28, 2025 at 13:00 UTC | CVE-2025-62229 \\ CVE-2025-62230 \\ CVE-2025-62231 \\ ZDI-CAN-27238 \\ ZDI-CAN-27545 \\ ZDI-CAN-27560 | | ||
| + | | BIND 9 | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2025/10/22/1|[oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2025-8677, CVE-2025-40778, CVE-2025-40780)]] | Tue Oct 21 10:16:48 2025 \\ Wed Oct 22 15:54:47 2025 | 1.23 | 22 October 2025 | CVE-2025-8677 \\ CVE-2025-40778 \\ CVE-2025-40780 | | ||
| + | | runc | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2025/11/05/3|[oss-security] runc container breakouts via procfs writes: CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881]] | Wed Oct 22 12:16:52 2025 \\ Wed Nov 05 09:53:38 2025 | 13.90 | 2025-11-05 09:00 UTC | CVE-2025-31133 \\ CVE-2025-52565 \\ CVE-2025-52881 | | ||
| + | | OpenSMTPD | [vs] encrypted subject \\ [[https://www.openwall.com/lists/oss-security/2025/10/31/3|[oss-security] OpenSMTPD: Trivial Local Denial-of-Service via UNIX Domain Socket (CVE-2025-62875)]] | Thu Oct 23 09:35:42 2025 \\ Fri Oct 31 17:22:01 2025 | 8.32 | 2025-10-31 | CVE-2025-62875 | | ||
| + | | OpenStack Keystone | [vs] Vulnerability in OpenStack Keystone (CVE pending) \\ [[https://www.openwall.com/lists/oss-security/2025/11/04/2|[oss-security] [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING)]] | Tue Oct 28 16:03:06 2025 \\ Tue Nov 04 15:01:25 2025 | 6.96 | Tuesday, 2025-11-04, 1500UTC | | | ||
| + | | Kea | [vs] One Kea vulnerability will be announced on 29 October 2025 \\ [[https://www.openwall.com/lists/oss-security/2025/10/29/5|[oss-security] ISC has disclosed one vulnerability in Kea (CVE-2025-11232)]] | Tue Oct 28 18:00:50 2025 \\ Wed Oct 29 17:55:19 2025 | 1.00 | 29 October 2025 | CVE-2025-11232 | | ||
| + | | curl | [vs-plain] : pre-notification curl CVE-2025-10966 \\ [[https://www.openwall.com/lists/oss-security/2025/11/05/2|[oss-security] [SECURITY ADVISORY] curl: missing SFTP host verification with wolfSSH]] | Wed Oct 29 08:55:34 2025 \\ Wed Nov 05 07:14:23 2025 | 6.93 | November 5 2025 around 07:00 UTC | CVE-2025-10966 | | ||
| + | | wcurl | [vs-plain] : pre-notification wcurl CVE-2025-11563 \\ [[https://www.openwall.com/lists/oss-security/2025/11/04/1|[oss-security] [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes]] | Thu Oct 30 07:19:58 2025 \\ Tue Nov 04 08:42:13 2025 | 5.06 | November 4 | CVE-2025-11563 | | ||
| ===== Source input data ===== | ===== Source input data ===== | ||
| Line 99: | Line 108: | ||
| * {{stats-202508.txt}} | * {{stats-202508.txt}} | ||
| * {{stats-202509.txt}} | * {{stats-202509.txt}} | ||
| + | * {{stats-202510.txt}} | ||