[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 13 21:12:52 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ac4a27b7 by security tracker role at 2025-04-13T20:12:45+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,8 +1,23 @@
+CVE-2025-3538 (A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been ra ...)
+	TODO: check
+CVE-2025-3537 (A vulnerability was found in Tutorials-Website Employee Management Sys ...)
+	TODO: check
+CVE-2025-3536 (A vulnerability was found in Tutorials-Website Employee Management Sys ...)
+	TODO: check
+CVE-2025-3535 (A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and ...)
+	TODO: check
+CVE-2025-3534 (A vulnerability, which was classified as critical, was found in PowerC ...)
+	TODO: check
+CVE-2025-3533 (A vulnerability, which was classified as problematic, has been found i ...)
+	TODO: check
+CVE-2025-3423 (IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scr ...)
+	TODO: check
 CVE-2025-32896
 	NOT-FOR-US: Apache SeaTunnel
 CVE-2025-24859
 	NOT-FOR-US: Apache Roller
-CVE-2024-56406 [heap buffer overflow when transliterating non-ASCII bytes]
+CVE-2024-56406 (A heap buffer overflow vulnerability was discovered in Perl.   Release ...)
+	{DSA-5902-1}
 	- perl 5.40.1-3
 	[bullseye] - perl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28708725/
@@ -490,28 +505,34 @@ CVE-2023-43035 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web p
 CVE-2023-42007 (IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to c ...)
 	NOT-FOR-US: IBM
 CVE-2025-32700 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	{DSA-5901-1}
 	- mediawiki 1:1.43.1+dfsg-1
 	NOTE: https://phabricator.wikimedia.org/T389235
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1135788
 CVE-2025-32699 (Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation  ...)
+	{DSA-5901-1}
 	- mediawiki 1:1.43.1+dfsg-1
 	NOTE: https://phabricator.wikimedia.org/T387130
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135794
 CVE-2025-32698 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
+	{DSA-5901-1}
 	- mediawiki 1:1.43.1+dfsg-1
 	NOTE: https://phabricator.wikimedia.org/T385958
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135793
 CVE-2025-32697 (Improper Preservation of Permissions vulnerability in Wikimedia Founda ...)
+	{DSA-5901-1}
 	- mediawiki 1:1.43.1+dfsg-1
 	NOTE: https://phabricator.wikimedia.org/T140010
 	NOTE: https://phabricator.wikimedia.org/T62109
 	NOTE: https://phabricator.wikimedia.org/T24521
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1112359
 CVE-2025-32696 (Improper Preservation of Permissions vulnerability in Wikimedia Founda ...)
+	{DSA-5901-1}
 	- mediawiki 1:1.43.1+dfsg-1
 	NOTE: https://phabricator.wikimedia.org/T304474
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/737454
 CVE-2025-3469 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+	{DSA-5901-1}
 	- mediawiki 1:1.43.1+dfsg-1
 	NOTE: https://phabricator.wikimedia.org/T358689
 	NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/1135795
@@ -1780,6 +1801,7 @@ CVE-2025-3370 (A vulnerability classified as critical has been found in PHPGuruk
 CVE-2025-3369 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has been rat ...)
 	NOT-FOR-US: xxyopen Novel-Plus
 CVE-2025-3360 (A flaw was found in GLib. An integer overflow and buffer under-read oc ...)
+	{DLA-4128-1}
 	- glib2.0 2.84.1-1
 	[bookworm] - glib2.0 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3647
@@ -12388,6 +12410,7 @@ CVE-2025-27623 (Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not reda
 CVE-2025-27622 (Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact enc ...)
 	NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-27516 (Jinja is an extensible templating engine. Prior to 3.1.6, an oversight ...)
+	{DLA-4126-1}
 	- jinja2 3.1.6-1 (bug #1099690)
 	[bookworm] - jinja2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
@@ -36628,6 +36651,7 @@ CVE-2024-56363 (APTRS (Automated Penetration Testing Reporting System) is a Pyth
 CVE-2024-56362 (Navidrome is an open source web-based music collection server and stre ...)
 	NOT-FOR-US: Navidrome
 CVE-2024-56326 (Jinja is an extensible templating engine. Prior to 3.1.5, An oversight ...)
+	{DLA-4126-1}
 	- jinja2 3.1.5-1 (bug #1091331)
 	[bookworm] - jinja2 3.1.2-1+deb12u2
 	NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
@@ -40483,6 +40507,7 @@ CVE-2024-49600 (Dell Power Manager (DPM), versions prior to 3.17, contain an imp
 CVE-2024-48956 (Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers with ...)
 	NOT-FOR-US: Serviceware Processes
 CVE-2024-46901 (Insufficient validation of filenames against control characters in Apa ...)
+	{DLA-4127-1}
 	- subversion 1.14.5-1
 	[bookworm] - subversion 1.14.2-4+deb12u1
 	NOTE: https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
@@ -79494,6 +79519,7 @@ CVE-2024-6679 (A vulnerability classified as critical has been found in witmy my
 CVE-2024-6643
 	REJECTED
 CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
+	{DLA-4125-1}
 	- twitter-bootstrap4 4.6.1+dfsg1-5 (bug #1084059)
 	[bookworm] - twitter-bootstrap4 <postponed> (Minor issue, revisit when fixed upstream)
 	- twitter-bootstrap3 <not-affected> (Only affects 4.x)
@@ -79503,11 +79529,13 @@ CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes use
 CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...)
+	{DLA-4124-1}
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
 	- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
 	[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
 CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
+	{DLA-4124-1}
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
 	- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
 	[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4a27b7ece79364574e192fb278f6e362de0e85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ac4a27b7ece79364574e192fb278f6e362de0e85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250413/55568695/attachment.htm>

More information about the debian-security-tracker-commits mailing list