[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Jan 27 19:53:30 GMT 2025



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7c88c7b by Moritz Muehlenhoff at 2025-01-27T20:53:08+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -441,6 +441,7 @@ CVE-2025-24362 (In some circumstances, debug artifacts uploaded by the CodeQL Ac
 	NOT-FOR-US: CodeQL
 CVE-2025-24359 (ASTEVAL is an evaluator of Python expressions and statements. Prior to ...)
 	- python-asteval <unfixed>
+	[bookworm] - python-asteval <no-dsa> (Minor issue)
 	NOTE: https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7
 CVE-2025-24355 (Updatecli is a tool used to apply file update strategies. Prior to ver ...)
 	NOT-FOR-US: Updatecli
@@ -6734,6 +6735,7 @@ CVE-2025-0294 (A vulnerability has been found in SourceCodester Home Clean Servi
 	NOT-FOR-US: SourceCodester Home Clean Services Management System
 CVE-2025-0218 (When batch jobs are executed by pgAgent, a script is created in a temp ...)
 	- pgagent 4.2.3-1 (bug #1092677)
+	[bookworm] - pgagent <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c (master)
 	NOTE: Fixed by: https://github.com/pgadmin-org/pgagent/commit/5b10c3d435d3f92ccc2f05b69ff10516ef3154e0 (pgagent-4.2.3)
 CVE-2024-8361 (In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits  ...)
@@ -62746,12 +62748,10 @@ CVE-2024-5225 (An SQL Injection vulnerability exists in the berriai/litellm repo
 CVE-2024-5221 (The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5206 (A sensitive data leakage vulnerability was identified in scikit-learn' ...)
-	- scikit-learn <unfixed> (bug #1074234)
-	[bookworm] - scikit-learn <no-dsa> (Minor issue)
-	[bullseye] - scikit-learn <no-dsa> (Minor issue)
-	[buster] - scikit-learn <postponed> (Minor issue)
+	- scikit-learn <unfixed> (bug #1074234; unimportant)
 	NOTE: https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c
 	NOTE: https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 (1.5.0rc1)
+	NOTE: Works as documented, negiglible security impact
 CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function of the ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c88c7b0ff28a3ab9fa2d08b6d8c1b5d0b554c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c88c7b0ff28a3ab9fa2d08b6d8c1b5d0b554c5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/842e77d9/attachment.htm>


More information about the debian-security-tracker-commits mailing list