[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Apr 27 19:14:59 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2156960f by Moritz Muehlenhoff at 2025-04-27T20:14:31+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2677,6 +2677,7 @@ CVE-2025-1980 (The Ready_ application's Profile section allows users to upload f
NOT-FOR-US: Ready OS
CVE-2024-58249 (In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps ...)
- wxwidgets3.2 3.2.7+dfsg-1
+ [bookworm] - wxwidgets3.2 <no-dsa> (Minor issue)
NOTE: https://github.com/wxWidgets/wxWidgets/issues/24885
NOTE: https://github.com/wxWidgets/wxWidgets/commit/f2918a9ac823074901ce27de939baa57788beb3d (v3.2.7)
CVE-2024-58248 (nopCommerce before 4.80.0 does not offer locking for order placement. ...)
@@ -24045,86 +24046,107 @@ CVE-2024-12860 (The CarSpot \u2013 Dealership Wordpress Classified Theme theme f
NOT-FOR-US: WordPress plugin
CVE-2025-1125 (When reading data from a hfs filesystem, grub's hfs filesystem module ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-1118 (A flaw was found in grub2. Grub's dump command is not blocked when gru ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0690 (The read command is used to read the keyboard input from the user, whi ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0689 (When reading data from disk, the grub's UDF filesystem module utilizes ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0686 (A flaw was found in grub2. When performing a symlink lookup from a rom ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0685 (A flaw was found in grub2. When reading data from a jfs filesystem, gr ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0684 (A flaw was found in grub2. When performing a symlink lookup from a rei ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0678 (A flaw was found in grub2. When reading data from a squash4 filesystem ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0677 (A flaw was found in grub2. When performing a symlink lookup, the grub' ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0624 (A flaw was found in grub2. During the network boot process, when tryin ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0622 (A flaw was found in command/gpg. In some scenarios, hooks created by l ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45783 (A flaw was found in grub2. When failing to mount an HFS+ grub, the hfs ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45782 (A flaw was found in the HFS filesystem. When reading an HFS volume's n ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45781 (A flaw was found in grub2. When reading a symbolic link's name from a ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45780 (A flaw was found in grub2. When reading tar files, grub2 allocates an ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45779 (An integer overflow flaw was found in the BFS file system driver in gr ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45778 (A stack overflow flaw was found when reading a BFS file system. A craf ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45777 (A flaw was found in grub2. The calculation of the translation buffer w ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45776 (When reading the language .mo file in grub_mofile_open(), grub2 fails ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45775 (A flaw was found in grub2 where the grub_extcmd_dispatcher() function ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can cause the ...)
- grub2 2.12-6 (bug #1098319)
+ [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-27113 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer der ...)
@@ -40604,14 +40626,13 @@ CVE-2024-10903 (The Broken Link Checker WordPress plugin before 2.4.2 does not v
CVE-2024-8950 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Arne Informatics Piramit Automation
CVE-2024-56431 (oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 71 ...)
- - libtheora 1.2.0~alpha1+dfsg-6 (bug #1091633)
- [bookworm] - libtheora <no-dsa> (Minor issue)
- [bullseye] - libtheora <postponed> (Minor issue, UBSAN, no patch)
+ - libtheora 1.2.0~alpha1+dfsg-6 (unimportant; bug #1091633)
NOTE: https://github.com/UnionTech-Software/libtheora-CVE-2024-56431-PoC
NOTE: https://github.com/advisories/GHSA-8xp8-gmmj-xc8w
NOTE: https://github.com/xiph/theora/issues/18
NOTE: https://gitlab.xiph.org/xiph/theora/-/merge_requests/28
NOTE: Fixed by: https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b (v1.2.0beta1)
+ NOTE: No security impact
CVE-2024-56430 (OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext: ...)
NOT-FOR-US: OpenFHE
CVE-2024-53291 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensiti ...)
@@ -282687,6 +282708,7 @@ CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3,
{DSA-5073-1 DLA-2904-1}
- expat 2.4.3-1
- libxmltok 1.2-4.2 (bug #1012179)
+ [bookworm] - libxmltok <no-dsa> (Minor issue)
NOTE: https://github.com/libexpat/libexpat/issues/532
NOTE: https://github.com/libexpat/libexpat/pull/538
NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2156960fb6362ffcee92bcccf055e0d64dea1814
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2156960fb6362ffcee92bcccf055e0d64dea1814
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250427/83335f7e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list