[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Apr 3 13:11:01 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a41e4db by Moritz Muehlenhoff at 2025-04-03T14:10:43+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,6 +41,7 @@ CVE-2025-3137 (A vulnerability, which was classified as critical, was found in P
 	NOT-FOR-US: PHPGurukul
 CVE-2025-3136 (A vulnerability, which was classified as problematic, has been found i ...)
 	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/149821
 CVE-2025-3135 (A vulnerability classified as critical was found in fcba_zzm ics-park  ...)
 	NOT-FOR-US: Smart Park Management System
@@ -53,10 +54,12 @@ CVE-2025-3129 (Improper Restriction of Excessive Authentication Attempts vulnera
 CVE-2025-3123 (A vulnerability, which was classified as critical, has been found in W ...)
 	NOT-FOR-US: WonderCMS
 CVE-2025-3122 (A vulnerability classified as problematic was found in WebAssembly wab ...)
-	- wabt <unfixed>
+	- wabt <unfixed> (unimportant)
+	NOTE: Crash in CLI tool, no security impact
 	NOTE: https://github.com/WebAssembly/wabt/issues/2565
 CVE-2025-3121 (A vulnerability classified as problematic has been found in PyTorch 2. ...)
 	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/issues/149800
 CVE-2025-3120 (A vulnerability was found in SourceCodester Apartment Visitors Managem ...)
 	NOT-FOR-US: SourceCodester
@@ -2577,6 +2580,7 @@ CVE-2025-2815 (The Administrator Z plugin for WordPress is vulnerable to unautho
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege escalation ...)
 	- golang-gvisor-gvisor 0.0~20240729.0-1
+	[bookworm] - golang-gvisor-gvisor <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e (release-20240325.0)
 CVE-2025-29928 (authentik is an open-source identity provider. Prior to versions 2024. ...)
 	NOT-FOR-US: authentik


=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,7 @@ frr
 gh
   Santiago Vila might work on preparing an update
 --
-jetty9
+jetty9 (apo)
 --
 jpeg-xl
 --
@@ -63,6 +63,8 @@ tcpdf
 --
 thunderbird (jmm)
 --
+tomcat10 (apo)
+--
 trafficserver (jmm)
 --
 wordpress



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a41e4dbb6356a61514a2be3165bde6ac5272ec7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a41e4dbb6356a61514a2be3165bde6ac5272ec7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/549211ef/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list