[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jan 27 09:48:23 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a0b66783 by Moritz Muehlenhoff at 2025-01-27T10:48:03+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -75,13 +75,15 @@ CVE-2017-20196 (A vulnerability was found in Itechscripts School Management Soft
NOT-FOR-US: Itechscripts School Management Software
CVE-2025-24356
- fastd 23-1
+ [bookworm] - fastd <no-dsa> (Minor issue)
NOTE: https://github.com/neocturne/fastd/security/advisories/GHSA-pggg-vpfv-4rcv
CVE-2025-24858 (Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an atta ...)
NOT-FOR-US: Develocity (formerly Gradle Enterprise)
CVE-2025-24814
- - lucene-solr <unfixed>
+ - lucene-solr 3.6.2+dfsg-23
NOTE: https://solr.apache.org/security.html#cve-2025-24814-apache-solr-core-creation-with-trusted-configset-can-use-arbitrary-untrusted-files
NOTE: https://www.openwall.com/lists/oss-security/2025/01/26/1
+ NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version
CVE-2024-46881 (Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect ...)
NOT-FOR-US: Develocity (formerly Gradle Enterprise)
CVE-2024-11090 (The Membership Plugin \u2013 Restrict Content plugin for WordPress is ...)
@@ -888,10 +890,12 @@ CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any p
NOT-FOR-US: Apache Wicket
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
+ [bookworm] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
+ [bookworm] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
CVE-2025-24030 (Envoy Gateway is an open source project for managing Envoy Proxy as a ...)
@@ -1839,7 +1843,8 @@ CVE-2024-13536 (The 1003 Mortgage Application plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2024-13454 (Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allo ...)
- easy-rsa 3.2.0-1
- [bullseye] - easy-rsa <not-affected> (Support for OpenSSL was introduced in 3.1.0)
+ [bookworm] - easy-rsa <no-dsa> (Minor issue)
+ [bullseye] - easy-rsa <not-affected> (Support for OpenSSL 3 was introduced in 3.1.0)
NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2024-13454
CVE-2024-13444 (The wp-greet plugin for WordPress is vulnerable to Cross-Site Request ...)
NOT-FOR-US: WordPress plugin
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b667836b957e6c137b6554af4e4e94dda2c92b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0b667836b957e6c137b6554af4e4e94dda2c92b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/4bae0bc1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list