[Git][security-tracker-team/security-tracker][master] 2 commits: mark CVE-2024-25715 as postponed for Bullseye

Thu Feb 27 23:01:50 GMT 2025


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9efe244 by Thorsten Alteholz at 2025-02-28T00:01:40+01:00
mark CVE-2024-25715 as postponed for Bullseye

- - - - -
83c24e6f by Thorsten Alteholz at 2025-02-28T00:01:40+01:00
add libaws

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -112121,7 +112121,7 @@ CVE-2024-25718 (In the Samly package before 1.4.0 for Elixir, Samly.State.Store.
 CVE-2024-25715 (Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redi ...)
 	- glewlwyd 2.7.6+ds-2
 	[bookworm] - glewlwyd 2.7.5-3+deb12u1
-	[bullseye] - glewlwyd <no-dsa> (Minor issue)
+	[bullseye] - glewlwyd <postponed> (Minor issue, upstream project abandoned, lots of stuff reworked)
 	NOTE: https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754
 	NOTE: https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75
 CVE-2024-25714 (In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -96,12 +96,6 @@ freeimage
 fwupd
   NOTE: 20250217: Added by Front-Desk (Beuc)
 --
-glewlwyd (Thorsten Alteholz)
-  NOTE: 20240815: Added by Front-Desk (Beuc)
-  NOTE: 20240815: A couple minor issues could be sync'd from bookworm, and a few postponed, but this can wait.
-  NOTE: 20240815: pu scheduled https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007884 (Beuc/front-desk)
-  NOTE: 20250219: testing package (ta)
---
 grub2
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250105: high-profile package but not enough details yet. (apo)
@@ -135,6 +129,10 @@ knot-resolver
 lemonldap-ng
   NOTE: 20250206: CVE-2024-52948
 --
+libaws
+  NOTE: 20250227: Added by Front-Desk (ta)
+  NOTE: 20250227: package is only available in Bullseye
+--
 libcap2 (Chris Lamb)
   NOTE: 20250220: Added by Front-Desk (Beuc)
   NOTE: 20250220: Also fix postponed/no-dsa issues (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7c5be92cd1190ed5a076694a48d97ece005b6207...83c24e6fa838ff26631edfacac7c03dcf3cc247a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7c5be92cd1190ed5a076694a48d97ece005b6207...83c24e6fa838ff26631edfacac7c03dcf3cc247a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250227/316abfce/attachment-0001.htm>
