[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2024-12368 for odoo as EOL

Thorsten Alteholz (@alteholz) alteholz at debian.org
Fri Apr 18 14:16:20 BST 2025 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9816b63a by Thorsten Alteholz at 2025-04-18T15:15:56+02:00
mark CVE-2024-12368 for odoo as EOL

- - - - -
7dbbe8e4 by Thorsten Alteholz at 2025-04-18T15:15:58+02:00
mark CVE-2025-3549 and CVE-2025-3548 as postponed for Bullseye

- - - - -
5a2b42bd by Thorsten Alteholz at 2025-04-18T15:16:00+02:00
mark CVE-2025-29482 as postponed for Bullseye

- - - - -
43be37ce by Thorsten Alteholz at 2025-04-18T15:16:02+02:00
mark CVE-2025-3409, CVE-2025-3408, CVE-2025-3407 and CVE-2025-3406 as postponed for Bullseye

- - - - -
ef591571 by Thorsten Alteholz at 2025-04-18T15:16:02+02:00
add thunderbird

- - - - -
e8964a56 by Thorsten Alteholz at 2025-04-18T15:16:04+02:00
mark CVE-2025-29088 as postponed for Bullseye

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2529,10 +2529,12 @@ CVE-2025-3550 (A vulnerability has been found in wowjoy \u6d59\u6c5f\u6e56\u5dde
 CVE-2025-3549 (A vulnerability, which was classified as critical, was found in Open A ...)
 	- assimp <unfixed> (bug #1103444)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6070
 CVE-2025-3548 (A vulnerability, which was classified as critical, has been found in O ...)
 	- assimp <unfixed> (bug #1103443)
 	[bookworm] - assimp <no-dsa> (Minor issue)
+	[bullseye] - assimp <postponed> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6068
 	NOTE: https://github.com/assimp/assimp/pull/6073
 	NOTE: Fixed by: https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a
@@ -3034,6 +3036,7 @@ CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File Deletion via the id para
 CVE-2025-29088 (In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_ ...)
 	- sqlite3 <unfixed> (bug #1102670)
 	[bookworm] - sqlite3 <no-dsa> (Minor issue)
+	[bullseye] - sqlite3 <postponed> (Minor issue)
 	NOTE: https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
 CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code Astro Inter ...)
 	NOT-FOR-US: CodeAstro
@@ -4174,18 +4177,22 @@ CVE-2025-3410 (A vulnerability classified as critical was found in mymagicpower
 CVE-2025-3409 (A vulnerability classified as critical has been found in Nothings stb  ...)
 	- libstb <unfixed>
 	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <postponed> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1771
 CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has been r ...)
 	- libstb <unfixed>
 	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <postponed> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1770
 CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has been d ...)
 	- libstb <unfixed>
 	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <postponed> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1769
 CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has been c ...)
 	- libstb <unfixed>
 	[bookworm] - libstb <no-dsa> (Minor issue)
+	[bullseye] - libstb <postponed> (Minor issue)
 	NOTE: https://github.com/nothings/stb/issues/1772
 CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27 ...)
 	NOT-FOR-US: FCJ Venture Builder appclientefiel
@@ -4439,6 +4446,7 @@ CVE-2025-29594 (A vulnerability exists in the errorpage.php file of the CS2-Weap
 CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacke ...)
 	- libheif <unfixed>
 	[bookworm] - libheif <no-dsa> (Minor issue)
+	[bullseye] - libheif <postponed> (Minor issue)
 	NOTE: https://github.com/lmarch2/poc/blob/main/libheif/libheif.md
 CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local attacker  ...)
 	- libbpf <unfixed> (bug #1102672)
@@ -21069,6 +21077,7 @@ CVE-2024-12424
 	REJECTED
 CVE-2024-12368 (Improper access control in the auth_oauth module of Odoo Community 15. ...)
 	- odoo 16.0.0+dfsg.1-1
+	[bullseye] - odoo <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/odoo/odoo/issues/193854
 CVE-2024-11955 (A vulnerability was found in GLPI up to 10.0.17. It has been declared  ...)
 	- glpi <removed>


=====================================
data/dla-needed.txt
=====================================
@@ -296,6 +296,9 @@ tcpdf
   NOTE: 20241205: Added by Front-Desk (santiago)
   NOTE: 20241230: https://lists.debian.org/debian-lts/2024/12/msg00057.html (bunk)
 --
+thunderbird
+  NOTE: 20250418: Added by Front-Desk (ta)
+--
 trafficserver
   NOTE: 20241120: Added by Front-Desk (Beuc)
   NOTE: 20241120: Upcoming DSA (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f49f36cff4f692eeb9dbe7787575bc361dbdf782...e8964a569ad3c8816496d9fb8c9ae52d953f4769

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f49f36cff4f692eeb9dbe7787575bc361dbdf782...e8964a569ad3c8816496d9fb8c9ae52d953f4769
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/85d24cbd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list