This shows you the differences between two versions of the page.
|
mailing-lists:distros:stats:2025 [2025/11/07 02:19] solar add final 2025-10 |
mailing-lists:distros:stats:2025 [2026/01/13 04:47] (current) solar add 2025-12 |
||
|---|---|---|---|
| Line 16: | Line 16: | ||
| | 2025-09 | 11 | 11 | 5.04 | 4.78 | 1.00 | 13.89 | | | 2025-09 | 11 | 11 | 5.04 | 4.78 | 1.00 | 13.89 | | ||
| | 2025-10 | 8 | 8 | 7.36 | 6.94 | 1.00 | 15.48 | | | 2025-10 | 8 | 8 | 7.36 | 6.94 | 1.00 | 15.48 | | ||
| - | | Total | 67 | 67 | 6.75 | 6.82 | 0.63 | 20.16 | | + | | 2025-11 | 4 | 4 | 7.85 | 8.54 | 5.30 | 9.03 | |
| + | | 2025-12 | 8 | 8 | 8.19 | 7.93 | 4.38 | 12.39 | | ||
| + | | Total | 79 | 79 | 6.95 | 6.99 | 0.63 | 20.16 | | ||
| - | Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros, which in 2025 didn't occur yet) are (will be) excluded from the calculation of average, median, and minimum embargo duration above. | + | Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros, which in 2025 didn't occur) are (would be) excluded from the calculation of average, median, and minimum embargo duration above. |
| ===== Formatted input data ===== | ===== Formatted input data ===== | ||
| Line 94: | Line 96: | ||
| | curl | [vs-plain] : pre-notification curl CVE-2025-10966 \\ [[https://www.openwall.com/lists/oss-security/2025/11/05/2|[oss-security] [SECURITY ADVISORY] curl: missing SFTP host verification with wolfSSH]] | Wed Oct 29 08:55:34 2025 \\ Wed Nov 05 07:14:23 2025 | 6.93 | November 5 2025 around 07:00 UTC | CVE-2025-10966 | | | curl | [vs-plain] : pre-notification curl CVE-2025-10966 \\ [[https://www.openwall.com/lists/oss-security/2025/11/05/2|[oss-security] [SECURITY ADVISORY] curl: missing SFTP host verification with wolfSSH]] | Wed Oct 29 08:55:34 2025 \\ Wed Nov 05 07:14:23 2025 | 6.93 | November 5 2025 around 07:00 UTC | CVE-2025-10966 | | ||
| | wcurl | [vs-plain] : pre-notification wcurl CVE-2025-11563 \\ [[https://www.openwall.com/lists/oss-security/2025/11/04/1|[oss-security] [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes]] | Thu Oct 30 07:19:58 2025 \\ Tue Nov 04 08:42:13 2025 | 5.06 | November 4 | CVE-2025-11563 | | | wcurl | [vs-plain] : pre-notification wcurl CVE-2025-11563 \\ [[https://www.openwall.com/lists/oss-security/2025/11/04/1|[oss-security] [SECURITY ADVISORY] wcurl path traversal with percent-encoded slashes]] | Thu Oct 30 07:19:58 2025 \\ Tue Nov 04 08:42:13 2025 | 5.06 | November 4 | CVE-2025-11563 | | ||
| + | | cups-filters | [vs-plain] EMBARGOED CVE-2025-64524 cups-filters: Heap Buffer Overflow in rastertopclx Filter Leading to Potential Arbitrary Code Execution \\ [[https://www.openwall.com/lists/oss-security/2025/11/20/1|[oss-security] CVE-2025-64524 cups-filters: Heap Buffer Overflow in rastertopclx Filter Leading to Potential Arbitrary Code Execution]] | Wed Nov 12 15:21:34 2025 \\ Thu Nov 20 17:02:55 2025 | 8.07 | November 20th 15:00 UTC | CVE-2025-64524 | | ||
| + | | cups | [vs-plain] EMBARGOED CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack \\ [[https://www.openwall.com/lists/oss-security/2025/11/27/4|[oss-security] CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack]] | Tue Nov 18 16:21:35 2025 \\ Thu Nov 27 17:00:36 2025 | 9.03 | November 27th 15:00 UTC | CVE-2025-58436 | | ||
| + | | cups | [vs-plain] EMBARGOED CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues \\ [[https://www.openwall.com/lists/oss-security/2025/11/27/5|[oss-security] CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues]] | Tue Nov 18 16:57:39 2025 \\ Thu Nov 27 17:00:58 2025 | 9.00 | November 27th 15:00 UTC | CVE-2025-61915 | | ||
| + | | Unbound | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2025/11/26/4|[oss-security] Unbound: 1.24.2 addresses CVE-2025-11411 (again)]] | Fri Nov 21 14:11:18 2025 \\ Wed Nov 26 21:27:10 2025 | 5.30 | 26th of November | CVE-2025-11411 | | ||
| + | | smb4k | [vs] encrypted subject \\ [[https://www.openwall.com/lists/oss-security/2025/12/10/6|[oss-security] smb4k: Major Vulnerabilities in KAuth Helper (CVE-2025-66002, CVE-2025-66003)]] | Mon Dec 01 15:17:53 2025 \\ Wed Dec 10 18:23:16 2025 | 9.13 | 2025-12-10 | CVE-2025-66002 \\ CVE-2025-66003 | | ||
| + | | dropbear | [vs-plain] dropbear: privilege escalation via unix domain socket forwardings \\ [[https://www.openwall.com/lists/oss-security/2025/12/16/2|[oss-security] Dropbear 2025.89 fixes privilege escalation, CVE-2025-14282]] | Thu Dec 04 04:49:55 2025 \\ Tue Dec 16 14:07:31 2025 | 12.39 | Tuesday 16th December, around 10pm +0800 | CVE-2025-14282 | | ||
| + | | systemd | [vs-plain] systemd: exposure of resource to wrong sphere \\ [[https://www.openwall.com/lists/oss-security/2025/12/28/4|[oss-security] Systemd vsock sshd]] | Tue Dec 23 21:34:00 2025 \\ Sun Dec 28 06:47:57 2025 | 4.38 | January 15th 2026 \\ January 6 | | | ||
| + | | curl | [vs-plain] : pre-notification curl CVE-2025-13034 (1/5) \\ [[https://www.openwall.com/lists/oss-security/2026/01/07/2|[oss-security] [ADVISORY] curl CVE-2025-13034: No QUIC certificate pinning with GnuTLS]] \\ [[https://github.com/curl/curl/commit/3d91ca8cdb3b434226e743946]] | Tue Dec 30 08:52:43 2025 \\ Wed Jan 07 07:09:24 2026 | 7.93 | January 7 2026 around 07:00 UTC | CVE-2025-13034 | | ||
| + | | curl | [vs-plain] : pre-notification curl CVE-2025-14524 (2/5) \\ [[https://www.openwall.com/lists/oss-security/2026/01/07/4|[oss-security] [ADVISORY] curl CVE-2025-14524: bearer token leak on cross-protocol redirect]] \\ [[https://github.com/curl/curl/commit/1a822275d333dc6da6043497160fd]] | Tue Dec 30 08:52:48 2025 \\ Wed Jan 07 07:09:41 2026 | 7.93 | January 7 2026 around 07:00 UTC | CVE-2025-14524 | | ||
| + | | curl | [vs-plain] : pre-notification curl CVE-2025-14819 (3/5) \\ [[https://www.openwall.com/lists/oss-security/2026/01/07/5|[oss-security] [ADVISORY] curl CVE-2025-14819: OpenSSL partial chain store policy bypass]] \\ [[https://github.com/curl/curl/commit/cd046f6c93b39d673a58c1864]] | Tue Dec 30 08:52:55 2025 \\ Wed Jan 07 07:09:47 2026 | 7.93 | January 7 2026 around 07:00 UTC | CVE-2025-14819 | | ||
| + | | curl | [vs-plain] : pre-notification curl CVE-2025-15079 (4/5) \\ [[https://www.openwall.com/lists/oss-security/2026/01/07/6|[oss-security] [ADVISORY] curl CVE-2025-15079: libssh global knownhost override]] \\ [[https://github.com/curl/curl/commit/adca486c125d9a6d9565b9607a19dce803]] | Tue Dec 30 08:53:03 2025 \\ Wed Jan 07 07:09:52 2026 | 7.93 | January 7 2026 around 07:00 UTC | CVE-2025-15079 | | ||
| + | | curl | [vs-plain] : pre-notification curl CVE-2025-15224 (5/5) \\ [[https://www.openwall.com/lists/oss-security/2026/01/07/7|[oss-security] [ADVISORY] curl CVE-2025-15224: libssh key passphrase bypass without agent set]] \\ [[https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c92]] | Tue Dec 30 08:53:10 2025 \\ Wed Jan 07 07:09:56 2026 | 7.93 | January 7 2026 around 07:00 UTC | CVE-2025-15224 | | ||
| ===== Source input data ===== | ===== Source input data ===== | ||
| Line 109: | Line 123: | ||
| * {{stats-202509.txt}} | * {{stats-202509.txt}} | ||
| * {{stats-202510.txt}} | * {{stats-202510.txt}} | ||
| + | * {{stats-202511.txt}} | ||
| + | * {{stats-202512.txt}} | ||