[automatic] Publish and update 5 advisories for 5 packages

[jlsec-bot]

This action searched recent NVD/EUVD changes/publications, checking 843 (+0) advisories from NVD and 608 (+511) from EUVD for advisories that pertain here. It identified 5 advisories as being related to the Julia package(s): MbedTLS_jll, OpenSSL_jll, OpenSSH_jll, libssh_jll, and GnuTLS_jll.

1 advisories failed to parse the source version range

These advisories seem to apply to a Julia package but had trouble identifying exactly how and at which versions.

• CVE-2025-5318 for packages: libssh_jll
  • libssh_jll computed ["*"]. Its latest version (0.11.3+0) has components: {libssh = "0.11.3"}
    • libssh:libssh at `` failed to parse

2 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

• CVE-2025-32988 for packages: GnuTLS_jll
  • GnuTLS_jll computed ["*"]. Its latest version (3.8.4+0) has components: {gnutls = "3.8.4"}
    • gnu:gnutls at < 3.8.10 includes all versions
• CVE-2025-59438 for packages: MbedTLS_jll
  • MbedTLS_jll computed ["*"]. Its latest version (2.28.10+0) has components: {mbedtls = "2.28.10"}
    • arm:mbed_tls at < 3.6.5 includes all versions

2 advisories found concrete vulnerable ranges

• CVE-2025-26465 for packages: OpenSSH_jll
  • OpenSSH_jll computed [">= 9.3.2+0, < 9.9.1+0"]. Its latest version (10.2.1+0) has components: {openssh = "10.2p1"}
• CVE-2025-4575 for packages: OpenSSL_jll
  • OpenSSL_jll computed [">= 3.5.0+0, < 3.5.1+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
  • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}