[Git][security-tracker-team/security-tracker][master] 3 commits: lts: triage CVE-2025-9308/node-yarnpkg for Bullseye
Daniel Leidert (@dleidert)
dleidert at debian.org
Sun Aug 24 01:24:16 BST 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
11e1fd43 by Daniel Leidert at 2025-08-24T02:00:03+02:00
lts: triage CVE-2025-9308/node-yarnpkg for Bullseye
Mark as postponed. Minor issue that can produce a local DoS similar to
CVE-2025-8262 (same submitter as well). Follow triage of CVE-2025-8262.
- - - - -
a3d6f623 by Daniel Leidert at 2025-08-24T02:09:47+02:00
lts: triage CVE-2015-1554/kgb-bot
Mark as ignored. This has not been reproduced by third parties since the issue
has been reported. Thus, it has been ignored. Reflect that in the LTS triage.
- - - - -
a1925a75 by Daniel Leidert at 2025-08-24T02:20:36+02:00
Add links for CVE-2024-44905/golang-gopkg-pg.v5
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -591,6 +591,7 @@ CVE-2025-9309 (A vulnerability was found in Tenda AC10 16.03.10.13. Affected is
NOT-FOR-US: Tenda
CVE-2025-9308 (A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This imp ...)
- node-yarnpkg <unfixed>
+ [bullseye] - node-yarnpkg <postponed> (minor issue; DoS)
NOTE: https://github.com/yarnpkg/yarn/pull/9203
CVE-2025-9307 (A flaw has been found in PHPGurukul Online Course Registration 3.1. Th ...)
NOT-FOR-US: PHPGurukul
@@ -21847,6 +21848,8 @@ CVE-2024-44906 (uptrace pgdriver v1.2.1 was discovered to contain a SQL injectio
CVE-2024-44905 (go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerabil ...)
- golang-gopkg-pg.v5 <undetermined>
TODO: check details
+ NOTE: https://github.com/advisories/GHSA-6xp3-p59p-q4fj
+ NOTE: Fixed by: https://github.com/go-pg/pg/commit/eff50a43724e52347559687a6945c116afbb41c1 (v10.15.0)
CVE-2023-45256 (Multiple SQL injection vulnerabilities in the EuroInformation Monetico ...)
NOT-FOR-US: PrestaShop module
CVE-2025-30399 (Untrusted search path in .NET and Visual Studio allows an unauthorized ...)
@@ -691145,7 +691148,8 @@ CVE-2015-1401 (Improper Authentication vulnerability in the "LDAP / SSO Authenti
NOT-FOR-US: typo3 extension
CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of service (c ...)
- kgb-bot <undetermined> (low; bug #776424)
- [buster] - kgb-bot <no-dsa> (Minor issue, not reproducible)
+ [bullseye] - kgb-bot <ignored> (Minor issue, not reproducible)
+ [buster] - kgb-bot <ignored> (Minor issue, not reproducible)
NOTE: 20190201: random crash still not reproducible
CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js ...)
NOT-FOR-US: sequelize
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/678cc89c138ab1a158e3907d6ed962fac5f492ea...a1925a75dbac25bff36e36d34f3ef56cd3b3637a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/678cc89c138ab1a158e3907d6ed962fac5f492ea...a1925a75dbac25bff36e36d34f3ef56cd3b3637a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250824/1f96e7c9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list