[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 17 19:46:55 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b0f5b7e4 by Moritz Muehlenhoff at 2025-04-17T20:46:38+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4072,9 +4072,11 @@ CVE-2024-57835 (Amon2::Auth::Site::LINE uses the String::Random moduleto generat
NOT-FOR-US: Amon2::Auth::Site::LINE Perl module
CVE-2024-58036 (Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as ...)
- libnet-dropbox-api-perl <unfixed> (bug #1102147)
+ [bookworm] - libnet-dropbox-api-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28504518/
CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as the defa ...)
- libweb-api-perl <unfixed> (bug #1102148)
+ [bookworm] - libweb-api-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Apache Airflow SQL provider
@@ -9408,6 +9410,7 @@ CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of f
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...)
- mbedtls 3.6.3-1 (bug #1101499)
+ [bookworm] - mbedtls <no-dsa> (Minor issue)
NOTE: https://github.com/Mbed-TLS/mbedtls/issues/466
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
CVE-2025-26512 (SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a v ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -28,7 +28,7 @@ graphicsmagick (carnil)
--
jpeg-xl
--
-libapache2-mod-auth-openidc
+libapache2-mod-auth-openidc (jmm)
Maintainer prepared update
--
libreswan
@@ -45,6 +45,8 @@ netty
nodejs
Bastien Roucaries (rouca) showed interest to prepare an update and is working on it
--
+openjdk-17 (jmm)
+--
opennds
pinged maintainer, but no reply yet. should most probably be bumped to 10.x
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0f5b7e4d3d71c321b9a599eec3a1bacc6d66f34
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0f5b7e4d3d71c321b9a599eec3a1bacc6d66f34
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250417/50dc1212/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list