[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Feb 19 16:17:05 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3abe3307 by Moritz Muehlenhoff at 2025-02-19T17:16:24+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,12 +40,14 @@ CVE-2025-25891 (A buffer overflow vulnerability was discovered in D-Link DSL-378
 	NOT-FOR-US: D-Link
 CVE-2025-25475 (A NULL pointer dereference in the component /libsrc/dcrleccd.cc of DCM ...)
 	- dcmtk <unfixed>
+	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
 CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow via the  ...)
 	- dcmtk <unfixed>
 	NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to contain a NUL ...)
 	- ffmpeg <unfixed>
+	[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in the 5.1 branch)
 	NOTE: https://trac.ffmpeg.org/ticket/11419
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows attackers to  ...)
@@ -84,11 +86,11 @@ CVE-2025-1065 (The Visualizer: Tables and Charts Manager for WordPress plugin fo
 CVE-2025-0865 (The WP Media Category Management plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-0633 (Heap-based Buffer Overflow vulnerability ininiparser_dumpsection_ini() ...)
-	- iniparser 4.2.6-1
-	[bookworm] - iniparser <no-dsa> (Minor issue)
+	- iniparser 4.2.6-1 (unimportant)
 	NOTE: https://gitlab.com/iniparser/iniparser/-/issues/177
 	NOTE: (updated) Testcase: https://gitlab.com/iniparser/iniparser/-/commit/fe09afa96cbbae09f796f797c75ff3b3e60d2e7b (v4.2.6)
 	NOTE: Fixed by: https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f (v4.2.6)
+	NOTE: Doesn't cross any security boundary
 CVE-2024-13854 (The Education Addon for Elementor plugin for WordPress is vulnerable t ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-13799 (The User Private Files \u2013 File Upload & Download Manager with Secu ...)
@@ -2914,6 +2916,7 @@ CVE-2024-13010 (The WP Foodbakery plugin for WordPress is vulnerable to Reflecte
 	NOT-FOR-US: WordPress plugin
 CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The vulnerability occurs ...)
 	- node-serialize-javascript <unfixed> (bug #1095767)
+	[bookworm] - node-serialize-javascript <no-dsa> (Minor issue)
 	NOTE: https://github.com/yahoo/serialize-javascript/pull/173
 	NOTE: Fixed by: https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e (v6.0.2)
 CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop Manager o ...)
@@ -3332,6 +3335,7 @@ CVE-2025-22866 (Due to the usage of a variable time instruction in the assembly
 	- golang-1.23 1.23.6-1
 	- golang-1.22 1.22.12-1
 	- golang-1.19 <removed>
+	[bookworm] - golang-1.19 <no-dsa> (Minor issue)
 	- golang-1.15 <removed>
 	[bullseye] - golang-1.15 <ignored> (powerpc not supported in LTS)
 	NOTE: https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k
@@ -5751,6 +5755,7 @@ CVE-2024-45340 (Credentials provided via the new GOAUTH feature were not being p
 CVE-2024-45339 (When logs are written to a widely-writable directory (the default), an ...)
 	{DLA-4056-1}
 	- golang-glog 1.2.4-1 (bug #1094733)
+	[bookworm] - golang-glog <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee (v1.2.4)
 	NOTE: Complete fix: https://github.com/golang/glog/pull/74
 CVE-2024-44172 (A privacy issue was addressed with improved private data redaction for ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3abe33079002fbd71dc60f786b3f65aea105ec85

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3abe33079002fbd71dc60f786b3f65aea105ec85
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250219/5afe8d3d/attachment.htm>

More information about the debian-security-tracker-commits mailing list