[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 9 20:12:02 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
79db0cf4 by security tracker role at 2025-02-09T20:11:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
-CVE-2025-21685 [platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race]
+CVE-2025-21685 (In the Linux kernel, the following vulnerability has been resolved:  p ...)
 	- linux 6.12.11-1
 	[bookworm] - linux <not-affected> (Vulnerable code not present)
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/59616a91e5e74833b2008b56c66879857c616006 (6.13)
-CVE-2025-21684 [gpio: xilinx: Convert gpio_lock to raw spinlock]
+CVE-2025-21684 (In the Linux kernel, the following vulnerability has been resolved:  g ...)
 	- linux 6.12.11-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/9860370c2172704b6b4f0075a0c2a29fd84af96a (6.13)
-CVE-2024-57949 [irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()]
+CVE-2024-57949 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
 	- linux 6.12.11-1
 	[bookworm] - linux 6.1.128-1
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -909,7 +909,7 @@ CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to v12 SP2 Build (1204.20
 CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker without access ...)
 	- cassandra <itp> (bug #585905)
 CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From field of ...)
-	{DSA-5861-1}
+	{DSA-5861-1 DLA-4045-1}
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-0510
 CVE-2025-1020 (Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of ...)
@@ -932,7 +932,7 @@ CVE-2025-1016 (Memory safety bugs present in Firefox 134, Thunderbird 134, Firef
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1016
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1016
 CVE-2025-1015 (The Thunderbird Address Book URI fields contained unsanitized links. T ...)
-	{DSA-5861-1}
+	{DSA-5861-1 DLA-4045-1}
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
 CVE-2025-1014 (Certificate length was not properly checked when added to a certificat ...)
@@ -2705,6 +2705,7 @@ CVE-2024-54549 (This issue was addressed with improved redaction of sensitive in
 CVE-2024-54547 (The issue was addressed with improved checks. This issue is fixed in m ...)
 	NOT-FOR-US: Apple
 CVE-2024-54543 (The issue was addressed with improved memory handling. This issue is f ...)
+	{DSA-5835-1}
 	- webkit2gtk 2.46.5-1
 	- wpewebkit 2.46.5-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -5911,6 +5912,7 @@ CVE-2024-55511 (A null pointer dereference vulnerability in Macrium Reflect prio
 CVE-2024-54660 (A JNDI injection issue was discovered in Cloudera JDBC Connector for H ...)
 	NOT-FOR-US: Cloudera JDBC Connector for Haadoop
 CVE-2024-54658 [Processing web content may lead to a denial-of-service]
+	{DSA-5684-1}
 	- webkit2gtk 2.44.0-1
 	- wpewebkit 2.44.1-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -6702,6 +6704,7 @@ CVE-2024-36476 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2024-35280 (A improper neutralization of input during web page generation ('cross- ...)
 	NOT-FOR-US: FortiGuard
 CVE-2024-27856 (The issue was addressed with improved checks. This issue is fixed in m ...)
+	{DSA-5792-1}
 	- webkit2gtk 2.46.0-1
 	- wpewebkit 2.46.0-1
 	[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security support in Bookworm)
@@ -83619,6 +83622,7 @@ CVE-2023-47843 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
 CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev. Group Pe ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is not co ...)
+	{DLA-4047-1}
 	- sssd 2.9.5-1 (bug #1070369)
 	[bookworm] - sssd <no-dsa> (Minor issue)
 	[buster] - sssd <postponed> (Minor issue)
@@ -289374,7 +289378,7 @@ CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attack
 CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name f ...)
 	NOT-FOR-US: PandoraFMS
 CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...)
-	{DLA-3436-1 DLA-2758-1}
+	{DLA-4047-1 DLA-3436-1 DLA-2758-1}
 	- sssd 2.5.2-1 (bug #992710)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
 	NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe (sssd-2-7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79db0cf4973d46520f74d7d5f836b2b3e2c0b0e9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79db0cf4973d46520f74d7d5f836b2b3e2c0b0e9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250209/d7e99e06/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list