[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 5 21:12:09 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3066d011 by security tracker role at 2025-04-05T20:12:02+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,21 @@
-CVE-2024-56370
+CVE-2025-3299 (A vulnerability was found in PHPGurukul Men Salon Management System 1. ...)
+	TODO: check
+CVE-2025-3298 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...)
+	TODO: check
+CVE-2025-3297 (A vulnerability, which was classified as problematic, was found in Sou ...)
+	TODO: check
+CVE-2025-30401 (A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 dis ...)
+	TODO: check
+CVE-2024-56370 (Net::Xero 0.044 and earlier for Perl uses the rand() function as the d ...)
 	NOT-FOR-US: Net::Xero Perl module
-CVE-2024-52322
+CVE-2024-52322 (WebService::Xero 0.11 and earlier for Perl uses the rand() function as ...)
 	NOT-FOR-US: WebService::Xero Perl module
-CVE-2024-57835
+CVE-2024-57835 (Amon2::Auth::Site::LINE uses the String::Random moduleto generate nonc ...)
 	NOT-FOR-US: Amon2::Auth::Site::LINE Perl module
-CVE-2024-58036
+CVE-2024-58036 (Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as ...)
 	- libnet-dropbox-api-perl <unfixed> (bug #1102147)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28504518/
-CVE-2024-57868
+CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as the defa ...)
 	- libweb-api-perl <unfixed> (bug #1102148)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
 CVE-2025-30473
@@ -805,6 +813,7 @@ CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\librar
 CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
 	NOT-FOR-US: API Platform Core
 CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library plus comma ...)
+	{DSA-5895-1}
 	- xz-utils 5.8.1-1
 	[bullseye] - xz-utils <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/04/03/1
@@ -10036,6 +10045,7 @@ CVE-2024-36347 [AMD CPU Microcode Signature Verification Vulnerability]
 	NOTE: Kernel stop-gap mitigation: https://www.openwall.com/lists/oss-security/2025/03/06/3
 	NOTE: https://git.kernel.org/linus/bb2281fb05e50108ce95c43ab7e701ee564565c8
 CVE-2024-56202 (Expected Behavior Violation vulnerability in Apache Traffic Server.  T ...)
+	{DSA-5896-1}
 	- trafficserver <unfixed> (bug #1099691)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
 	NOTE: https://github.com/apache/trafficserver/commit/1cca4a29520f9258be6c3fad5092939dbe9d3562 (9.2.9-rc0)
@@ -10043,10 +10053,12 @@ CVE-2024-56196 (Improper Access Control vulnerability in Apache Traffic Server.
 	- trafficserver <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
 CVE-2024-56195 (Improper Access Control vulnerability in Apache Traffic Server.  This  ...)
+	{DSA-5896-1}
 	- trafficserver <unfixed> (bug #1099691)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
 	NOTE: https://github.com/apache/trafficserver/commit/483f84ea4ae2511834abd90014770b27a5082a4c (9.2.9-rc0)
 CVE-2024-38311 (Improper Input Validation vulnerability in Apache Traffic Server.  Thi ...)
+	{DSA-5896-1}
 	- trafficserver <unfixed> (bug #1099691)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/05/1
 	NOTE: https://github.com/apache/trafficserver/commit/a16c4b6bb0b126047c68dafbdf6311ac1586fc0b (9.2.9-rc0)
@@ -16685,6 +16697,7 @@ CVE-2025-1403 (Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to
 CVE-2025-1402 (The Event Tickets and Registration plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp. The size ...)
+	{DLA-4116-1}
 	- abseil 20240722.0-3 (bug #1098903)
 	[bookworm] - abseil <no-dsa> (Minor issue)
 	NOTE: https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 (20250127.rc1)
@@ -45085,7 +45098,7 @@ CVE-2024-11193 (An information disclosure vulnerability exists in Yugabyte Anywh
 CVE-2024-10146 (The Simple File List WordPress plugin before 6.1.13 does not sanitise  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-50306 (Unchecked return value can allow Apache Traffic Server to retain privi ...)
-	{DLA-4055-1}
+	{DSA-5896-1 DLA-4055-1}
 	- trafficserver <unfixed> (bug #1087531)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
 	NOTE: https://github.com/apache/trafficserver/pull/11855
@@ -45095,12 +45108,13 @@ CVE-2024-50306 (Unchecked return value can allow Apache Traffic Server to retain
 	NOTE: Followup: https://github.com/apache/trafficserver/commit/a0d49ddb44ea5e295c85d7d88a13e4978d6bc84b (9.2.7-rc0)
 	NOTE: Followup: https://github.com/apache/trafficserver/commit/d4dda9b5583d19e2eee268fec59aa487d61fc079 (master)
 CVE-2024-38479 (Improper Input Validation vulnerability in Apache Traffic Server.  Thi ...)
-	{DLA-4055-1}
+	{DSA-5896-1 DLA-4055-1}
 	- trafficserver <unfixed> (bug #1087531)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
 	NOTE: https://github.com/apache/trafficserver/pull/11856
 	NOTE: https://github.com/apache/trafficserver/commit/b8861231702ac5df7d5de401e82440c1cf20b633 (9.2.6-rc0)
 CVE-2024-50305 (Valid Host header field can cause Apache Traffic Server to crash on so ...)
+	{DSA-5896-1}
 	- trafficserver <unfixed> (bug #1087531)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/11/13/1
 	NOTE: https://github.com/apache/trafficserver/issues/8461



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3066d0115a51b1a5d485480b68370dbe5d647e60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3066d0115a51b1a5d485480b68370dbe5d647e60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250405/c43ea06e/attachment.htm>

More information about the debian-security-tracker-commits mailing list