[Git][security-tracker-team/security-tracker][master] kanboard re-uploaded again into archive mark issues as unfixed for now

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 29 03:50:21 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4b897b48 by Salvatore Bonaccorso at 2025-08-29T04:48:14+02:00
kanboard re-uploaded again into archive mark issues as unfixed for now

Retrigger checks/triage on those which were marked as removed from
usntable without having back then the resolution. Most of them should be
now addressed but needs to be reckecked explicitly.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5279,11 +5279,11 @@ CVE-2025-55166 (savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22
 CVE-2025-55164 (content-security-policy-parser parses content security policy directiv ...)
 	NOT-FOR-US: helmetjs/content-security-policy-parser
 CVE-2025-55011 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed>
+	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55
 	NOTE: https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef13368 (v1.2.47)
 CVE-2025-55010 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed>
+	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r
 	NOTE: https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f (v1.2.47)
 CVE-2025-54864 (Hydra is a continuous integration service for Nix based projects. Prio ...)
@@ -19077,7 +19077,7 @@ CVE-2025-52889 (Incus is a system container and virtual machine manager. When us
 	NOTE: Introduced with: https://github.com/lxc/incus/commit/a7c33301738aede3c035063e973b1d885d9bac7c (v6.12.0)
 	NOTE: Fixed by: https://github.com/lxc/incus/commit/2516fb19ad8428454cb4edfe70c0a5f0dc1da214
 CVE-2025-52576 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed>
+	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7
 	NOTE: https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1 (v1.2.46)
 CVE-2025-52569 (GitForge.jl is a unified interface for interacting with Git "forges."  ...)
@@ -19552,7 +19552,7 @@ CVE-2025-52562 (Convoy is a KVM server management panel for hosting businesses.
 CVE-2025-52561 (HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version ...)
 	NOT-FOR-US: HTMLSanitizer.jl
 CVE-2025-52560 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed>
+	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92
 	NOTE: https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75 (v1.2.46)
 CVE-2025-52558 (changedetection.io is a free open source web page change detection, we ...)
@@ -32543,7 +32543,7 @@ CVE-2025-47859
 CVE-2025-47858
 	REJECTED
 CVE-2025-46825 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed>
+	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v
 	NOTE: Fixed by: https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808 (v1.2.45)
 	NOTE: Introduced by: https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564 (v1.2.26)
@@ -79852,7 +79852,7 @@ CVE-2024-56116 (A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7
 CVE-2024-56115 (A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to ...)
 	NOT-FOR-US: Amiro.CMS
 CVE-2024-55603 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed> (bug #1090923)
+	- kanboard <unfixed> (bug #1090923)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484
 	NOTE: https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78 (v1.2.43)
 CVE-2024-55506 (An IDOR vulnerability in CodeAstro's Complaint Management System v1.0  ...)
@@ -84026,7 +84026,7 @@ CVE-2024-54127 (This vulnerability exists in the TP-Link Archer C50 due to prese
 CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to improper si ...)
 	NOT-FOR-US: TP-Link
 CVE-2024-54001 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed> (bug #1089187)
+	- kanboard <unfixed> (bug #1089187)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj
 CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP a ...)
 	- rust-pgp 0.14.2-1
@@ -91222,10 +91222,10 @@ CVE-2024-52286 (Stirling-PDF is a locally hosted web application that allows you
 CVE-2024-51992 (Orchid is a @laravel package that allows for rapid application develop ...)
 	NOT-FOR-US: Orchid laravel package
 CVE-2024-51748 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed> (bug #1088798)
+	- kanboard <unfixed> (bug #1088798)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p
 CVE-2024-51747 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed> (bug #1088798)
+	- kanboard <unfixed> (bug #1088798)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v
 CVE-2024-51490 (Ampache is a web based audio/video streaming application and file mana ...)
 	- ampache <removed>
@@ -132036,7 +132036,7 @@ CVE-2024-36732 (An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to caus
 CVE-2024-36730 (Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attack ...)
 	NOT-FOR-US: OneFlow
 CVE-2024-36399 (Kanboard is project management software that focuses on the Kanban met ...)
-	- kanboard <removed> (bug #1072791)
+	- kanboard <unfixed> (bug #1072791)
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv
 	NOTE: https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7 (v1.2.37)
 CVE-2024-36394 (SysAid - CWE-78: Improper Neutralization of Special Elements used in a ...)
@@ -173315,7 +173315,7 @@ CVE-2024-22725 (Orthanc versions before 1.12.2 are affected by a reflected cross
 	[buster] - orthanc <postponed> (Minor issue, XSS)
 	NOTE: https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0
 CVE-2024-22720 (Kanboard 1.2.34 is vulnerable to Html Injection in the group managemen ...)
-	- kanboard <removed> (bug #1062710)
+	- kanboard <unfixed> (bug #1062710)
 	NOTE: https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b
 	NOTE: https://github.com/kanboard/kanboard/issues/5411
 	NOTE: Fixed by: https://github.com/kanboard/kanboard/commit/70df1210259a2e5ec258a753318bddfda6f7d024 (v1.2.35)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b897b48c334bc39665d25bd2fbb1c0983686e35

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b897b48c334bc39665d25bd2fbb1c0983686e35
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/3a184f7a/attachment.htm>

More information about the debian-security-tracker-commits mailing list