[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-2123/geshi

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 10 11:32:55 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
25ca4625 by Salvatore Bonaccorso at 2025-04-10T12:29:25+02:00
Update status for CVE-2025-2123/geshi

Since the change done for #685324 the contrib/cssgen.php is not
installed anymore in a produced binary package. Later on in 1.0.9.1-1
the code was removed from the unpacked source by patching the upstream
source dropping the file.

Even if the underlying source would still be affected we "fix" the issue
by removing the whole source code starting in 1.0.8.4-2, thus mark this
as the fixed version.

Not marking it as well as unimportant since at some point the
contrib/cssgen.php was shipped in a binary package for a while.

Thanks: Sylvain Beucler for the analysis

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11000,9 +11000,11 @@ CVE-2025-2125 (A vulnerability has been found in Control iD RH iD 25.2.25.0 and
 CVE-2025-2124 (A vulnerability, which was classified as problematic, was found in Con ...)
 	NOT-FOR-US: Control iD RH iD
 CVE-2025-2123 (A vulnerability, which was classified as problematic, has been found i ...)
-	- geshi <unfixed> (bug #1102218)
-	[bookworm] - geshi <no-dsa> (Minor issue)
+	- geshi 1.0.8.4-2 (bug #1102218)
 	NOTE: https://github.com/GeSHi/geshi-1.0/issues/159
+	NOTE: Since the fix of #685324 the contrib/cssgen.php is first removed from the
+	NOTE: bundled examples and later on replaced by a patch removing the file from
+	NOTE: the unpacked source.
 CVE-2025-2122 (A vulnerability classified as problematic was found in Thinkware Car D ...)
 	NOT-FOR-US: Thinkware Car Dashcam F800 Pro
 CVE-2025-2121 (A vulnerability classified as critical has been found in Thinkware Car ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25ca46256d9e36c03466903c2e95d7adcfa0bf90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25ca46256d9e36c03466903c2e95d7adcfa0bf90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250410/2d7fbd39/attachment.htm>

More information about the debian-security-tracker-commits mailing list