[Git][security-tracker-team/security-tracker][master] 2 commits: new java issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
345fcda0 by Moritz Muehlenhoff at 2025-01-22T10:26:10+01:00
new java issues

- - - - -
337396ee by Moritz Muehlenhoff at 2025-01-22T11:05:47+01:00
new vbox issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-0509
+	- openjdk-8 <not-affected> (Specific to MacOS packaging of Oracle Java)
 CVE-2025-23237 (Improper neutralization of special elements used in an OS command ('OS ...)
 	NOT-FOR-US: UD-LT2 firmware
 CVE-2025-23090 (With the aid of the diagnostics_channel utility, an event can be hooke ...)
@@ -11,7 +13,7 @@ CVE-2025-23087 (This CVE has been issued to inform users that they are using End
 CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2 firmware Ver ...)
 	NOT-FOR-US: UD-LT2 firmware
 CVE-2025-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
-	TODO: check
+	- virtualbox <unfixed>
 CVE-2025-21570 (Vulnerability in the Oracle Life Sciences Argus Safety product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21569 (Vulnerability in the Oracle Hyperion Data Relationship Management prod ...)
@@ -87,7 +89,7 @@ CVE-2025-21535 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2025-21534 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2025-21533 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
-	TODO: check
+	- virtualbox <unfixed>
 CVE-2025-21532 (Vulnerability in the Oracle Analytics Desktop product of Oracle Analyt ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21531 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -149,7 +151,10 @@ CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	TODO: check
+	- openjdk-8 <unfixed>
+	- openjdk-11 <unfixed>
+	- openjdk-17 <unfixed>
+	- openjdk-21 <unfixed>
 CVE-2025-21501 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	TODO: check
 CVE-2025-21500 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4823e45c873aac793fdf72c5917ddf7d954b14ed...337396eed5cdcc5cc138315dab0b638d3fe022b0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4823e45c873aac793fdf72c5917ddf7d954b14ed...337396eed5cdcc5cc138315dab0b638d3fe022b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250122/273b7c5b/attachment.htm>