[Git][security-tracker-team/security-tracker][master] 5 commits: data/dla-needed.txt: Triage intel-microcode for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Wed Aug 13 21:55:19 BST 2025 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7266078d by Chris Lamb at 2025-08-13T13:54:00-07:00
data/dla-needed.txt: Triage intel-microcode for bullseye LTS.

- - - - -
815ba1d4 by Chris Lamb at 2025-08-13T13:54:02-07:00
Triage CVE-2023-53159 in rust-openssl for bullseye LTS.

- - - - -
db2ff788 by Chris Lamb at 2025-08-13T13:54:03-07:00
Triage CVE-2025-7039 in glib2.0 for bullseye LTS.

- - - - -
202f321b by Chris Lamb at 2025-08-13T13:54:05-07:00
Triage CVE-2024-38805 in edk2 for bullseye LTS.

- - - - -
68356f44 by Chris Lamb at 2025-08-13T13:54:06-07:00
data/dla-needed.txt: Triage lemonldap-ng for bullseye LTS (CVE-2024-52948)

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -928,6 +928,7 @@ CVE-2024-38805 (EDK2 contains a vulnerability in BIOS where a user may cause an
 	- edk2 <unfixed>
 	[trixie] - edk2 <no-dsa> (Minor issue)
 	[bookworm] - edk2 <no-dsa> (Minor issue)
+	[bullseye] - edk2 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x
 CVE-2024-33607 (Out-of-bounds read in some Intel(R) TDX module software before version ...)
 	NOT-FOR-US: Intel
@@ -1441,6 +1442,7 @@ CVE-2025-7039 [buffer underrun in get_tmp_file()]
 	- glib2.0 2.84.4-1 (bug #1110640)
 	[trixie] - glib2.0 <no-dsa> (Minor issue)
 	[bookworm] - glib2.0 <no-dsa> (Minor issue)
+	[bullseye] - glib2.0 <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3716
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4674
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3 (2.85.2)
@@ -4436,6 +4438,7 @@ CVE-2024-58264 (The serde-json-wasm crate before 1.0.1 for Rust allows stack con
 CVE-2023-53159 (The openssl crate before 0.10.55 for Rust allows an out-of-bounds read ...)
 	- rust-openssl 0.10.57-1
 	[bookworm] - rust-openssl <no-dsa> (Minor issue)
+	[bullseye] - rust-openssl <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0044.html
 	NOTE: https://github.com/sfackler/rust-openssl/issues/1965
 	NOTE: https://github.com/sfackler/rust-openssl/commit/155b3dc71700d2ff31651bbc99b991765a718c4e
@@ -64616,7 +64619,6 @@ CVE-2023-36998 (The NextEPC MME <= 1.0.1 (fixed in commit a8492c9c5bc0a66c6999cb
 CVE-2024-52948 [CSRF on 2FA registration]
 	- lemonldap-ng 2.20.2+ds-1
 	[bookworm] - lemonldap-ng 2.16.1+ds-deb12u5
-	[bullseye] - lemonldap-ng <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3258
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/0e69ee17ee7e78569a6f7a3c859105e958d374d4
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/d65bd9cb8e9a620f71214d87e937747d7b415999


=====================================
data/dla-needed.txt
=====================================
@@ -166,6 +166,9 @@ icingaweb2
   NOTE: 20250603: I also saw in the release log that multiple issues were fixed without mentioning any CVE (dleidert)
   NOTE: 20250603: upstream should be asked about the patches for CVE 2025-* (dleidert)
 --
+intel-microcode
+  NOTE: 20250813: Added by Front-Desk (lamby)
+--
 iperf3 (bunk)
   NOTE: 20250805: Added by Front-Desk (rouca)
 --
@@ -181,6 +184,10 @@ knot-resolver
   NOTE: 20250506: Writting to upstream to get a PoC to reproduce open CVEs.
   NOTE: 20250522: Processing some tips received by upstream to try to reproduce CVE. Still working on the patches.
 --
+lemonldap-ng
+  NOTE: 20250813: Added by Front-Desk (lamby)
+  NOTE: 20250813: CVE-2024-52948 was marked as <postponed>, but fixed in bookworm. (lamby)
+--
 libcommons-lang3-java (dleidert)
   NOTE: 20250713: Added by Front-Desk (apo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/908fd6ab5ab49602ec72a7f4dda355d004a91215...68356f44c9e41c633ece6c2d7a9ec03b39c60f58

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/908fd6ab5ab49602ec72a7f4dda355d004a91215...68356f44c9e41c633ece6c2d7a9ec03b39c60f58
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250813/124951cb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list