[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 14 17:45:58 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e215a6d by Moritz Muehlenhoff at 2025-04-14T18:45:26+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -16,9 +16,11 @@ CVE-2025-3550 (A vulnerability has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde
 	NOT-FOR-US: wowjoy Internet Doctor Workstation System
 CVE-2025-3549 (A vulnerability, which was classified as critical, was found in Open A ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6070
 CVE-2025-3548 (A vulnerability, which was classified as critical, has been found in O ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6068
 	NOTE: https://github.com/assimp/assimp/pull/6073
 	NOTE: Fixed by: https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a
@@ -516,6 +518,7 @@ CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id para
 	NOT-FOR-US: BlueCMS
 CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a denial of se ...)
 	- sqlite3 <unfixed> (bug #1102670)
+	[bookworm] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
 CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code Astro Inter ...)
 	NOT-FOR-US: CodeAstro
@@ -1653,15 +1656,19 @@ CVE-2025-3410 (A vulnerability classified as critical was found in mymagicpower
 	NOT-FOR-US: mymagicpower AIAS
 CVE-2025-3409 (A vulnerability classified as critical has been found in Nothings stb  ...)
 	- libstb <unfixed>
+	[bookworm] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1771
 CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has been r ...)
 	- libstb <unfixed>
+	[bookworm] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1770
 CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has been d ...)
 	- libstb <unfixed>
+	[bookworm] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1769
 CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has been c ...)
 	- libstb <unfixed>
+	[bookworm] - libstb <no-dsa> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1772
 CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27 ...)
 	NOT-FOR-US: FCJ Venture Builder appclientefiel
@@ -1914,6 +1921,7 @@ CVE-2025-29594 (A vulnerability exists in the errorpage.php file of the CS2-Weap
 	NOT-FOR-US: CS2-WeaponPaints-Website
 CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacke ...)
 	- libheif <unfixed>
+	[bookworm] - libheif <no-dsa> (Minor issue)
 	NOTE: https://github.com/lmarch2/poc/blob/main/libheif/libheif.md
 CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker  ...)
 	- libbpf <unfixed> (bug #1102672)
@@ -2032,6 +2040,7 @@ CVE-2024-43046 (There may be information disclosure during memory re-allocation
 	NOT-FOR-US: Qualcomm
 CVE-2024-38797 (EDK2 contains a vulnerability in the HashPeImageByType(). A user may c ...)
 	- edk2 <unfixed> (bug #1102519)
+	[bookworm] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
 CVE-2024-33058 (Memory corruption while assigning memory from the source DDR memory(HL ...)
 	NOT-FOR-US: Qualcomm
@@ -2271,6 +2280,7 @@ CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL Comma
 	NOT-FOR-US: Apache Airflow SQL provider
 CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties argument in c ...)
 	- rust-openssl 0.10.72-1 (bug #1102137)
+	[bookworm] - rust-openssl <no-dsa> (Minor issue)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
 	NOTE: https://github.com/sfackler/rust-openssl/pull/2390
 	NOTE: https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
@@ -3579,6 +3589,7 @@ CVE-2024-42325 (Zabbix API user.get returns all users that share common group wi
 	NOTE: https://support.zabbix.com/browse/ZBX-26258
 CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot Operating  ...)
 	- ros-dynamic-reconfigure <unfixed> (bug #1102010)
+	[bookworm] - ros-dynamic-reconfigure <no-dsa> (Minor issue)
 	NOTE: https://github.com/ros/dynamic_reconfigure/pull/202
 	NOTE: Fixed by: https://github.com/ros/dynamic_reconfigure/commit/9975cc8b55b3039115da6662cc7279cc65303844
 CVE-2024-36469 (Execution time for an unsuccessful login differs when using a non-exis ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -64,6 +64,8 @@ sympa
 --
 tcpdf
 --
+vips
+--
 wordpress
 --
 zabbix



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e215a6dbb81cb581822cfa8b60c65cfc2699a9b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e215a6dbb81cb581822cfa8b60c65cfc2699a9b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250414/e7ad6262/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list