[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Feb 7 19:59:22 GMT 2025



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
521e05b9 by Moritz Muehlenhoff at 2025-02-07T20:58:58+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,6 +97,7 @@ CVE-2025-24786 (WhoDB is an open source database management tool. While the appl
 	NOT-FOR-US: WhoDB
 CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy for pen ...)
 	- mitmproxy <unfixed>
+	[bookworm] - mitmproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p
 CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json endpoint ...)
 	NOT-FOR-US: Emoncms
@@ -1413,8 +1414,10 @@ CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and
 	- python3.13 <unfixed>
 	- python3.12 <unfixed>
 	- python3.11 <removed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
 	NOTE: https://github.com/python/cpython/issues/105704
 	NOTE: https://github.com/python/cpython/pull/129418
@@ -2000,6 +2003,7 @@ CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does not
 	NOT-FOR-US: WordPress plugin
 CVE-2025-24528 [Prevent overflow when calculating ulog block size]
 	- krb5 <unfixed> (bug #1094730)
+	[bookworm] - krb5 <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
 	NOTE: Fixed by: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0
 CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A malicious regis ...)
@@ -11758,6 +11762,7 @@ CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time a
 	NOTE: https://savannah.gnu.org/bugs/?66603
 CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in  ...)
 	- grub2 <unfixed>
+	[bookworm] - grub2 <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?66599
 CVE-2024-13006 (A vulnerability, which was classified as critical, has been found in 1 ...)
 	NOT-FOR-US: 1000 Projects Human Resource Management System


=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ opennds
 --
 pagure
 --
+pam-pkcs11 (carnil)
+--
 php-laravel-framework
 --
 python-django



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521e05b92cfd2bb24d9fd5e62e2117fce4cce126

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521e05b92cfd2bb24d9fd5e62e2117fce4cce126
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/db5ff8a4/attachment.htm>


More information about the debian-security-tracker-commits mailing list