[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 23 19:07:27 GMT 2025



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f36f53ae by Moritz Muehlenhoff at 2025-01-23T20:07:05+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2024-57947 [netfilter: nf_set_pipapo: fix initial map fill]
 	[bookworm] - linux 6.1.106-1
 	NOTE: https://git.kernel.org/linus/791a615b7ad2258c560f91852be54b0480837c93 (6.11-rc1)
 CVE-2025-0650
-	- ovn <unfixed>
+	- ovn <unfixed> (bug #1093884)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
 	NOTE: https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 (v24.09.2)
 CVE-2024-11931
@@ -67,7 +67,7 @@ CVE-2023-32340 (IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0
 CVE-2025-23050
 	- qt6-connectivity 6.7.2-8
 	[bookworm] - qt6-connectivity <no-dsa> (Minor issue)
-	- qtconnectivity-opensource-src <unfixed>
+	- qtconnectivity-opensource-src <unfixed> (bug #1093882)
 	[bookworm] - qtconnectivity-opensource-src <no-dsa> (Minor issue)
 	[bullseye] - qtconnectivity-opensource-src <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux
@@ -274,7 +274,7 @@ CVE-2025-20165 (A vulnerability in the SIP processing subsystem of Cisco BroadWo
 CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management could allo ...)
 	NOT-FOR-US: Cisco
 CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) decryptio ...)
-	- clamav <unfixed>
+	- clamav <unfixed> (bug #1093880)
 	[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
 	NOTE: https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
 CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP on Wind ...)
@@ -406,7 +406,7 @@ CVE-2025-23087 (This CVE has been issued to inform users that they are using End
 CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2 firmware Ver ...)
 	NOT-FOR-US: UD-LT2 firmware
 CVE-2025-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
-	- virtualbox <unfixed>
+	- virtualbox <unfixed> (bug #1093879)
 CVE-2025-21570 (Vulnerability in the Oracle Life Sciences Argus Safety product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21569 (Vulnerability in the Oracle Hyperion Data Relationship Management prod ...)
@@ -438,7 +438,7 @@ CVE-2025-21557 (Vulnerability in Oracle Application Express (component: General)
 CVE-2025-21556 (Vulnerability in the Oracle Agile PLM Framework product of Oracle Supp ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21555 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21554 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21553 (Vulnerability in the Java VM component of Oracle Database Server.  Sup ...)
@@ -452,23 +452,23 @@ CVE-2025-21550 (Vulnerability in the Oracle Financial Services Behavior Detectio
 CVE-2025-21549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21548 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...)
-	- mysql-connector-python <unfixed>
+	- mysql-connector-python <unfixed> (bug #1093881)
 CVE-2025-21547 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21546 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21545 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21544 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21543 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21542 (Vulnerability in the Oracle Communications Order and Service Managemen ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21541 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21540 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21539 (Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21538 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
@@ -482,15 +482,15 @@ CVE-2025-21535 (Vulnerability in the Oracle WebLogic Server product of Oracle Fu
 CVE-2025-21534 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.40-1
 CVE-2025-21533 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
-	- virtualbox <unfixed>
+	- virtualbox <unfixed> (bug #1093879)
 CVE-2025-21532 (Vulnerability in the Oracle Analytics Desktop product of Oracle Analyt ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21531 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21530 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21529 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21528 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21527 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
@@ -502,17 +502,17 @@ CVE-2025-21525 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2025-21524 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21523 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21522 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21521 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.40-1
 CVE-2025-21520 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21519 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21518 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21517 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle  ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21516 (Vulnerability in the Oracle Customer Care product of Oracle E-Business ...)
@@ -538,26 +538,26 @@ CVE-2025-21507 (Vulnerability in the JD Edwards EnterpriseOne Tools product of O
 CVE-2025-21506 (Vulnerability in the Oracle Project Foundation product of Oracle E-Bus ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21505 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.40-1
 CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...)
-	- openjdk-8 <unfixed>
+	- openjdk-8 <unfixed> (bug #1093878)
 	- openjdk-11 11.0.26+4-1
 	- openjdk-17 17.0.14+7-1
 	- openjdk-21 21.0.6+7-1
 CVE-2025-21501 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21500 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21499 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 <not-affected> (Only affects MySQL 8.4 and later)
 CVE-2025-21498 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21497 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21495 (Vulnerability in the MySQL Enterprise Firewall product of Oracle MySQL ...)
 	NOT-FOR-US: Oracle
 CVE-2025-21494 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
@@ -567,9 +567,9 @@ CVE-2025-21493 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
 CVE-2025-21492 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
 	- mysql-8.0 8.0.37-1
 CVE-2025-21491 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21490 (Vulnerability in the MySQL Server product of Oracle MySQL (component:  ...)
-	- mysql-8.0 <unfixed>
+	- mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21489 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
 	NOT-FOR-US: Oracle
 CVE-2025-20617 (Improper neutralization of special elements used in an OS command ('OS ...)
@@ -1119,7 +1119,7 @@ CVE-2025-23214 (Cosmos provides users the ability self-host a home server by act
 CVE-2025-23044 (PwnDoc is a penetration test report generator. There is no CSRF protec ...)
 	NOT-FOR-US: PwnDoc
 CVE-2025-22620 (gitoxide is an implementation of git written in Rust. Prior to 0.17.0, ...)
-	- rust-gix-worktree-state <unfixed>
+	- rust-gix-worktree-state <unfixed> (bug #1093883)
 	NOTE: https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-fqmf-w4xh-33rh
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0001.html
 CVE-2025-22131 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36f53ae67e7287bc7913980a3f64b5268315bee

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36f53ae67e7287bc7913980a3f64b5268315bee
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/9b684491/attachment.htm>


More information about the debian-security-tracker-commits mailing list