[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 1 13:38:51 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7dc02d89 by Moritz Muehlenhoff at 2025-04-01T14:38:31+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -549,6 +549,7 @@ CVE-2025-3051 (Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code f
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28383471/
 CVE-2025-30673 (Sub::HandlesVia for Perl before 0.050002 allows untrusted code from th ...)
 	- libsub-handlesvia-perl 0.050002-1
+	[bookworm] - libsub-handlesvia-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28383041/
 	NOTE: Fixed by: https://github.com/tobyink/p5-sub-handlesvia/commit/9bc3cfb22ade4b407413ae1c746bb331fff52954 (0.050002)
 CVE-2025-30672 (Mite for Perl before 0.013000 generates code with the current working  ...)
@@ -1193,6 +1194,7 @@ CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool.
 	NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
 	- erlang 1:27.3.1+dfsg-1 (bug #1101713)
+	[bookworm] - erlang <no-dsa> (Minor issue)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
 	NOTE: https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
 	NOTE: https://github.com/erlang/otp/commit/655e20a49ef80431e86ffb6c7f366d01fd4b64c3 (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -1425,6 +1427,7 @@ CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neu
 	NOT-FOR-US: Dell / EMC
 CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is vulnerable to  ...)
 	- libstring-compare-constanttime-perl <unfixed> (bug #1101502)
+	[bookworm] - libstring-compare-constanttime-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28284732/
 	NOTE: https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
 CVE-2024-56325
@@ -1887,6 +1890,7 @@ CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the compone
 	NOT-FOR-US: hay-kot mealie
 CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link Following") and  ...)
 	- node-tar-fs 3.0.8+~cs2.0.4-1 (bug #1101501)
+	[bookworm] - node-tar-fs <no-dsa> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-pq67-2wwv-3xjx
 	NOTE: https://github.com/mafintosh/tar-fs/commit/fd1634e869e7c5f85948e95eabdaa8451a085de5 (v2.1.2)
 	NOTE: https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed (v3.0.7)
@@ -5228,7 +5232,9 @@ CVE-2024-48013 (Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 1
 	NOT-FOR-US: Dell / EMC
 CVE-2024-44866 (A buffer overflow in the GuitarPro1::read function of MuseScore Studio ...)
 	- musescore3 <unfixed>
+	[bookworm] - musescore3 <ignored> (Minor issue)
 	- musescore2 <unfixed>
+	[bookworm] - musescore2 <ignored> (Minor issue)
 	- musescore <removed>
 	NOTE: https://github.com/moonadon9/CVE_2024
 	NOTE: Fixed by: https://github.com/musescore/MuseScore/commit/0630461b734201db24139b0dc1657371fce41fb9 (v4.4.0)


=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
 
 If needed, specify the release by adding a slash after the name of the source package.
 
+--
+atop
 --
 frr
   coordination with the maintainer ongoing, Daniel Baumann proposing an update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dc02d89d885c30afacc183cc4389cf024352aa1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dc02d89d885c30afacc183cc4389cf024352aa1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/8616e572/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list