[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Apr 21 12:41:52 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6947898f by Moritz Muehlenhoff at 2025-04-21T13:41:41+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13944,16 +13944,19 @@ CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 B
 	NOT-FOR-US: Openmrs
 CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users to set w ...)
 	- hoteldruid <unfixed> (bug #1101015)
+	[trixie] - hoteldruid <no-dsa> (Minor issue)
 	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	[bullseye] - hoteldruid <postponed> (Minor issue)
 	NOTE: https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7
 CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid ...)
 	- hoteldruid <unfixed> (bug #1101015)
+	[trixie] - hoteldruid <no-dsa> (Minor issue)
 	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	[bullseye] - hoteldruid <postponed> (Minor issue)
 	NOTE: https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7
 CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7  ...)
 	- hoteldruid <unfixed> (bug #1101015)
+	[trixie] - hoteldruid <no-dsa> (Minor issue)
 	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	[bullseye] - hoteldruid <postponed> (Minor issue)
 	NOTE: https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7
@@ -22569,6 +22572,7 @@ CVE-2025-24841 (Movable Type contains a stored cross-site scripting vulnerabilit
 CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to contain a seg ...)
 	{DLA-4073-1}
 	- ffmpeg <unfixed>
+	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://trac.ffmpeg.org/ticket/11393
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57q
@@ -36233,16 +36237,19 @@ CVE-2024-12970 (Improper Neutralization of Special Elements used in an OS Comman
 	NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
 CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This vulnerability ...)
 	- ffmpeg <unfixed>
+	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
 CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows unexpected addit ...)
 	- ffmpeg <unfixed>
+	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
 CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows by ...)
 	- ffmpeg <unfixed>
+	[trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 7.1 branch)
 	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
@@ -47704,11 +47711,13 @@ CVE-2024-52765 (H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code ex
 	NOT-FOR-US: H3C GR-1800AX MiniGRW1B0V100R007
 CVE-2024-52763 (A cross-site scripting (XSS) vulnerability in the component /graph_all ...)
 	- ganglia-web <unfixed> (bug #1088799)
+	[trixie] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - ganglia-web <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/ganglia/ganglia-web/issues/382
 CVE-2024-52762 (A cross-site scripting (XSS) vulnerability in the component /master/he ...)
 	- ganglia-web <unfixed> (bug #1088799)
+	[trixie] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - ganglia-web <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/ganglia/ganglia-web/issues/382
@@ -150324,6 +150333,7 @@ CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB button
 	NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
 CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...)
 	- xorg-server <unfixed> (bug #1055426)
+	[trixie] - xorg-server <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - xorg-server <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - xorg-server <no-dsa> (Minor issue)
 	[buster] - xorg-server <no-dsa> (Minor issue)
@@ -171858,6 +171868,7 @@ CVE-2023-31669 (WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++a
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem of tee ...)
 	- teeworlds <unfixed> (bug #1036703)
+	[trixie] - teeworlds <ignored> (Minor issue)
 	[bookworm] - teeworlds <ignored> (Minor issue)
 	[bullseye] - teeworlds <ignored> (Minor issue)
 	[buster] - teeworlds <no-dsa> (Minor issue)
@@ -171865,6 +171876,7 @@ CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem
 	NOTE: https://github.com/teeworlds/teeworlds/issues/2970
 CVE-2023-31517 (A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 all ...)
 	- teeworlds <unfixed> (bug #1036703)
+	[trixie] - teeworlds <ignored> (Minor issue)
 	[bookworm] - teeworlds <ignored> (Minor issue)
 	[bullseye] - teeworlds <ignored> (Minor issue)
 	[buster] - teeworlds <no-dsa> (Minor issue)
@@ -363048,6 +363060,7 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import
 	NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
 CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh stl_fix_norm ...)
 	- slic3r-prusa <unfixed> (bug #1074415)
+	[trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222
@@ -363055,16 +363068,19 @@ CVE-2020-28597 (A predictable seed vulnerability exists in the password reset fu
 	NOT-FOR-US: Epignosis EfrontPro
 CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
 	- slic3r-prusa <unfixed> (bug #1074415)
+	[trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220
 CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj()  ...)
 	- slic3r-prusa <unfixed> (bug #1074415)
+	[trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219
 CVE-2020-28594 (A use-after-free vulnerability exists in the _3MF_Importer::_handle_en ...)
 	- slic3r-prusa <unfixed> (bug #1074415)
+	[trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218
@@ -700886,6 +700902,7 @@ CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to c
 	- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
 CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier, uses  ...)
 	- nginx <unfixed> (low; bug #701112)
+	[trixie] - nginx <ignored> (Minor issue)
 	[bookworm] - nginx <ignored> (Minor issue)
 	[bullseye] - nginx <ignored> (Minor issue)
 	[buster] - nginx <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6947898fb839db09307d81c244cd2d23b199b1f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6947898fb839db09307d81c244cd2d23b199b1f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/ddcc0103/attachment.htm>

More information about the debian-security-tracker-commits mailing list