[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 21 08:05:02 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce1e5437 by security tracker role at 2025-04-21T07:04:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2025-43973 (An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go  ...)
+	TODO: check
+CVE-2025-43972 (An issue was discovered in GoBGP before 3.35.0. An attacker can cause  ...)
+	TODO: check
+CVE-2025-43971 (An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go  ...)
+	TODO: check
+CVE-2025-43970 (An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go  ...)
+	TODO: check
+CVE-2025-43967 (libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid ...)
+	TODO: check
+CVE-2025-43966 (libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden ...)
+	TODO: check
+CVE-2025-43964 (In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in  ...)
+	TODO: check
+CVE-2025-43963 (In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cp ...)
+	TODO: check
+CVE-2025-43962 (In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cp ...)
+	TODO: check
+CVE-2025-43961 (In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read i ...)
+	TODO: check
+CVE-2025-0632 (Local File Inclusion (LFI) vulnerability in a Render function of Formu ...)
+	TODO: check
+CVE-2020-36845 (The KnowBe4 Security Awareness Training application before 2020-01-10  ...)
+	TODO: check
+CVE-2020-36844 (The KnowBe4 Security Awareness Training application before 2020-01-10  ...)
+	TODO: check
 CVE-2025-43955 (TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the us ...)
 	NOT-FOR-US: Convertigo
 CVE-2025-43954 (QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS via header ...)
@@ -1085,7 +1111,7 @@ CVE-2024-13925 (The Klarna Checkout for WooCommerce WordPress plugin before 2.13
 CVE-2024-11924 (The Icegram Express formerly known as Email Subscribers  WordPress plu ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-32433 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
-	{DSA-5906-1}
+	{DSA-5906-1 DLA-4132-1}
 	- erlang 1:27.3.3+dfsg-1 (bug #1103442)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
 	NOTE: https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 (OTP-25.3.2.20)
@@ -8535,7 +8561,7 @@ CVE-2025-30372 (Emlog is an open source website building system. Emlog Pro versi
 CVE-2025-30371 (Metabase is a business intelligence and embedded analytics tool. Versi ...)
 	NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
-	{DSA-5906-1}
+	{DSA-5906-1 DLA-4132-1}
 	- erlang 1:27.3.1+dfsg-1 (bug #1101713)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
 	NOTE: https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c (OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -22075,7 +22101,7 @@ CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 en
 	NOTE: https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
 	NOTE: Fixed by: https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for building massi ...)
-	{DSA-5906-1}
+	{DSA-5906-1 DLA-4132-1}
 	- erlang 1:27.2.4+dfsg-1
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
 	NOTE: https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 (OTP-25.3.2.18, OTP-26.2.5.9, OTP-27.2.4)
@@ -140490,7 +140516,7 @@ CVE-2023-32725 (The website configured in the URL widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...)
 	NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...)
-	{DSA-5906-1 DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
+	{DSA-5906-1 DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 DSA-5586-1 DLA-4132-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 DLA-3694-1}
 	- dropbear 2022.83-4 (bug #1059001)
 	[bookworm] - dropbear 2022.83-1+deb12u1
 	[bullseye] - dropbear 2020.81-3+deb11u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1e54376c9303a1308356e98e38aaef2cd2c492

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1e54376c9303a1308356e98e38aaef2cd2c492
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/62e5968c/attachment.htm>

More information about the debian-security-tracker-commits mailing list