[Git][security-tracker-team/security-tracker][master] 5 commits: Add php-twig to dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8de1254 by Markus Koschany at 2025-02-09T11:17:22+01:00
Add php-twig to dla-needed.txt

- - - - -
32decab1 by Markus Koschany at 2025-02-09T11:30:20+01:00
Add rust-openssl to dla-needed.txt

- - - - -
aaadc1b4 by Markus Koschany at 2025-02-09T11:32:31+01:00
CVE-2025-0938,python3.9: bullseye is postponed

Minor issue

- - - - -
c26341a8 by Markus Koschany at 2025-02-09T11:42:58+01:00
rust-kvm-ioctls,bullseye is ignored

The issue cannot be triggered by rust versions < 1.82

- - - - -
985e20d0 by Markus Koschany at 2025-02-09T11:48:37+01:00
Add python-werkzeug to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1663,6 +1663,7 @@ CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and
 	- python3.11 <removed>
 	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
+	[bullseye] - python3.9 <postponed> (Minor issue)
 	- pypy3 <unfixed>
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	[bullseye] - pypy3 <postponed> (Minor issue)
@@ -13741,6 +13742,7 @@ CVE-2024-12902 (ANCHOR from Global Wisdom Software is an integrated product runn
 	NOT-FOR-US: ANCHOR from Global Wisdom Software
 CVE-2024-XXXX [RUSTSEC-2024-0428]
 	- rust-kvm-ioctls 0.19.1-1 (bug #1091632)
+	[bullseye] - rust-kvm-ioctls <ignored> (Cannot be triggered with rust < 1.82)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0428.html
 	NOTE: https://github.com/rust-vmm/kvm/pull/298
 CVE-2024-XXXX [RUSTSEC-2024-0429]


=====================================
data/dla-needed.txt
=====================================
@@ -208,9 +208,17 @@ pgagent
 php-nesbot-carbon
   NOTE: 20250119: Added by Front-Desk (rouca)
 --
+php-twig
+  NOTE: 20250209: Added by Front-Desk (apo)
+  NOTE: 20250209: Vulnerable code is in src/Node/Expression/NullCoalesceExpression.php (apo)
+--
 phpmyadmin
   NOTE: 20250209: Added by Front-Desk (apo)
 --
+python-werkzeug
+  NOTE: 20250209: Added by Front-Desk (apo)
+  NOTE: 20250209: CVE-2024-34069 was already fixed in bookworm. (apo)
+--
 qemu (santiago)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)
@@ -227,6 +235,9 @@ rails
 rsync (Thorsten Alteholz)
   NOTE: 20250121: Added by Front-Desk re. potential regression outlined in #1093696. (lamby)
 --
+rust-openssl
+  NOTE: 20250209: Added by Front-Desk (apo)
+--
 shadow
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: shadow is a high-profile package. Upstream discussion for CVE-2024-56433 is



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d8c71bf25d7ef826a0b76483f798d5936aebaa54...985e20d097f3034c27655a1ed91301fed6914bdb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d8c71bf25d7ef826a0b76483f798d5936aebaa54...985e20d097f3034c27655a1ed91301fed6914bdb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/7978f6a3/attachment-0001.htm>