[Git][security-tracker-team/security-tracker][master] 2 commits: dla: add libapache2-mod-auth-openidc

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri Apr 11 11:09:32 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38275089 by Sylvain Beucler at 2025-04-11T11:49:20+02:00
dla: add libapache2-mod-auth-openidc

- - - - -
2d65b3bc by Sylvain Beucler at 2025-04-11T12:09:02+02:00
CVE-2025-32414/libxml2: bullseye postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1342,6 +1342,7 @@ CVE-2025-3361 (The web service of iSherlock from HGiga has an OS Command Injecti
 	NOT-FOR-US: HGiga
 CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memor ...)
 	- libxml2 <unfixed> (bug #1102521)
+	[bullseye] - libxml2 <postponed> (Minor issue, OOB read)
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
 CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user bio in  ...)
 	NOT-FOR-US: Vulnerability-Lookup


=====================================
data/dla-needed.txt
=====================================
@@ -133,6 +133,10 @@ jinja2 (kanashiro)
 knot-resolver
   NOTE: 20240924: Added by Front-Desk (lamby)
 --
+libapache2-mod-auth-openidc
+  NOTE: 20250411: Added by Front-Desk (Beuc)
+  NOTE: 20250411: Code was refactored but still looks vulnerable, check the simple PoC (Beuc/front-desk)
+--
 libbson-xs-perl (roberto)
   NOTE: 20250331: Added by Front-Desk (Beuc)
   NOTE: 20250331: Cf. mongo-c-driver (provides libbson which libbson-xs-perl embeds) (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e805bd1392589bc07152630c05ec08d8ef84b43...2d65b3bcfeb1ba8d0161dd16caf3837ff474c114

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e805bd1392589bc07152630c05ec08d8ef84b43...2d65b3bcfeb1ba8d0161dd16caf3837ff474c114
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250411/fadc65b8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list