[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2025-20128 in clamav for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Fri Jan 24 12:17:19 GMT 2025
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35a60def by Chris Lamb at 2025-01-24T12:11:56+00:00
Triage CVE-2025-20128 in clamav for bullseye LTS.
- - - - -
98e67cde by Chris Lamb at 2025-01-24T12:12:26+00:00
Triage CVE-2025-0395 in glibc for bullseye LTS.
- - - - -
837cdc74 by Chris Lamb at 2025-01-24T12:14:38+00:00
Triage CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150 & CVE-2024-53869 in nvidia-graphics-drivers for bullseye LTS.
- - - - -
66e7f3b0 by Chris Lamb at 2025-01-24T12:16:35+00:00
Triage CVE-2024-0131, CVE-2024-0147, CVE-2024-0149 & CVE-2024-0150 in nvidia-graphics-drivers-tesla-470 for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56,6 +56,7 @@ CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add g
CVE-2024-0149
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -65,6 +66,7 @@ CVE-2024-0149
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not supported)
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -73,6 +75,7 @@ CVE-2024-0149
CVE-2024-0131
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -82,6 +85,7 @@ CVE-2024-0131
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not supported)
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -94,6 +98,7 @@ CVE-2024-53869
CVE-2024-0147
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -103,6 +108,7 @@ CVE-2024-0147
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not supported)
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -111,6 +117,7 @@ CVE-2024-0147
CVE-2024-0150
- nvidia-graphics-drivers <unfixed> (bug #1093908)
[bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
- nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -120,6 +127,7 @@ CVE-2024-0150
NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470
- nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
[bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not supported)
+ [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not supported)
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -540,6 +548,7 @@ CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management coul
CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) decryptio ...)
- clamav <unfixed> (bug #1093880)
[bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
+ [bullseye] - clamav <postponed> (Minor issue; can be fixed in next update)
NOTE: https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP on Wind ...)
NOT-FOR-US: Cloudflare
@@ -558,6 +567,7 @@ CVE-2025-0604 (A flaw was found in Keycloak. When an Active Directory user reset
CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13 to 2.40 ...)
- glibc 2.40-6
[bookworm] - glibc <no-dsa> (Minor issue)
+ [bullseye] - glibc <postponed> (Minor issue; can be fixed in next update)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32582
NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/4
NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-branch)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/14bfbb842fe3ef229373206b3000e8e5f816296b...66e7f3b0124200dc408c87ab578cfb9e19043a40
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/14bfbb842fe3ef229373206b3000e8e5f816296b...66e7f3b0124200dc408c87ab578cfb9e19043a40
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250124/1d164c10/attachment.htm>
More information about the debian-security-tracker-commits
mailing list