[Git][security-tracker-team/security-tracker][master] LTS: Mark CVE-2024-45157, CVE-2025-27809, CVE-2025-27810 as not actionable
Andrej Shadura (@andrewsh)
andrewsh at debian.org
Mon Aug 25 15:13:03 BST 2025
Andrej Shadura pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ea41c7ae by Andrej Shadura at 2025-08-25T16:12:45+02:00
LTS: Mark CVE-2024-45157, CVE-2025-27809, CVE-2025-27810 as not actionable
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -48763,12 +48763,16 @@ CVE-2025-29100 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the f
CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed ...)
- mbedtls 3.6.3-1 (bug #1101499)
[bookworm] - mbedtls <no-dsa> (Minor issue)
+ [bullseye] - mbedtls <ignored> (Issue mainly concerns PSA subsystem introduced later, unclear if relevant elsewhere)
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
+ NOTE: Backport for 2.28 branch: https://github.com/Mbed-TLS/mbedtls/commit/6070470dfd5c680a59a55bc55299e1a65a6c7049
CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...)
- mbedtls 3.6.3-1 (bug #1101499)
[bookworm] - mbedtls <no-dsa> (Minor issue)
+ [bullseye] - mbedtls <ignored> (Too disruptive for rdeps if backported)
NOTE: https://github.com/Mbed-TLS/mbedtls/issues/466
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
+ NOTE: Backport for 2.28 branch: https://github.com/Mbed-TLS/mbedtls/commit/c43a9d5576c3f9b9da21454711c104b1f9d73efa
CVE-2025-26512 (SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a v ...)
NOT-FOR-US: NetApp
CVE-2025-1798 (The does not sanitise and escape some parameters when outputting them ...)
@@ -107420,6 +107424,7 @@ CVE-2024-45158 (An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack bu
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-2/
CVE-2024-45157 (An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1 ...)
- mbedtls <unfixed> (unimportant)
+ [bullseye] - mbedtls <not-affected> (Affected PSA subsystem introduced later)
NOTE: No code fix, not a documentation change
NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
CVE-2024-45107 (Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.0 ...)
=====================================
data/dla-needed.txt
=====================================
@@ -249,10 +249,6 @@ linux (Ben Hutchings)
luajit (guilhem)
NOTE: 20250710: Added by Front-Desk (apo)
--
-mbedtls (andrewsh)
- NOTE: 20250714: Added by Front-Desk (Beuc)
- NOTE: 20250714: 6 new CVEs pile-up in June; also check postponed issues (Beuc/front-desk)
---
mimetex
NOTE: 20250422: Added by Front-Desk (rouca)
NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea41c7ae01a07a97ff946c5698f0aead81d8e10b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea41c7ae01a07a97ff946c5698f0aead81d8e10b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250825/5fadf86c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list