[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Feb 7 19:59:22 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
521e05b9 by Moritz Muehlenhoff at 2025-02-07T20:58:58+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,6 +97,7 @@ CVE-2025-24786 (WhoDB is an open source database management tool. While the appl
NOT-FOR-US: WhoDB
CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy for pen ...)
- mitmproxy <unfixed>
+ [bookworm] - mitmproxy <no-dsa> (Minor issue)
NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p
CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json endpoint ...)
NOT-FOR-US: Emoncms
@@ -1413,8 +1414,10 @@ CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and
- python3.13 <unfixed>
- python3.12 <unfixed>
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- pypy3 <unfixed>
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
NOTE: https://github.com/python/cpython/issues/105704
NOTE: https://github.com/python/cpython/pull/129418
@@ -2000,6 +2003,7 @@ CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does not
NOT-FOR-US: WordPress plugin
CVE-2025-24528 [Prevent overflow when calculating ulog block size]
- krb5 <unfixed> (bug #1094730)
+ [bookworm] - krb5 <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
NOTE: Fixed by: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0
CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A malicious regis ...)
@@ -11758,6 +11762,7 @@ CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time a
NOTE: https://savannah.gnu.org/bugs/?66603
CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in ...)
- grub2 <unfixed>
+ [bookworm] - grub2 <no-dsa> (Minor issue)
NOTE: https://savannah.gnu.org/bugs/?66599
CVE-2024-13006 (A vulnerability, which was classified as critical, has been found in 1 ...)
NOT-FOR-US: 1000 Projects Human Resource Management System
=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ opennds
--
pagure
--
+pam-pkcs11 (carnil)
+--
php-laravel-framework
--
python-django
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521e05b92cfd2bb24d9fd5e62e2117fce4cce126
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521e05b92cfd2bb24d9fd5e62e2117fce4cce126
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250207/db5ff8a4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list