[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jan 27 19:53:30 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a7c88c7b by Moritz Muehlenhoff at 2025-01-27T20:53:08+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -441,6 +441,7 @@ CVE-2025-24362 (In some circumstances, debug artifacts uploaded by the CodeQL Ac
NOT-FOR-US: CodeQL
CVE-2025-24359 (ASTEVAL is an evaluator of Python expressions and statements. Prior to ...)
- python-asteval <unfixed>
+ [bookworm] - python-asteval <no-dsa> (Minor issue)
NOTE: https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7
CVE-2025-24355 (Updatecli is a tool used to apply file update strategies. Prior to ver ...)
NOT-FOR-US: Updatecli
@@ -6734,6 +6735,7 @@ CVE-2025-0294 (A vulnerability has been found in SourceCodester Home Clean Servi
NOT-FOR-US: SourceCodester Home Clean Services Management System
CVE-2025-0218 (When batch jobs are executed by pgAgent, a script is created in a temp ...)
- pgagent 4.2.3-1 (bug #1092677)
+ [bookworm] - pgagent <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c (master)
NOTE: Fixed by: https://github.com/pgadmin-org/pgagent/commit/5b10c3d435d3f92ccc2f05b69ff10516ef3154e0 (pgagent-4.2.3)
CVE-2024-8361 (In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits ...)
@@ -62746,12 +62748,10 @@ CVE-2024-5225 (An SQL Injection vulnerability exists in the berriai/litellm repo
CVE-2024-5221 (The Qi Blocks plugin for WordPress is vulnerable to Stored Cross-Site ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5206 (A sensitive data leakage vulnerability was identified in scikit-learn' ...)
- - scikit-learn <unfixed> (bug #1074234)
- [bookworm] - scikit-learn <no-dsa> (Minor issue)
- [bullseye] - scikit-learn <no-dsa> (Minor issue)
- [buster] - scikit-learn <postponed> (Minor issue)
+ - scikit-learn <unfixed> (bug #1074234; unimportant)
NOTE: https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c
NOTE: https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8 (1.5.0rc1)
+ NOTE: Works as documented, negiglible security impact
CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor Templates, Wi ...)
NOT-FOR-US: WordPress plugin
CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function of the ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c88c7b0ff28a3ab9fa2d08b6d8c1b5d0b554c5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c88c7b0ff28a3ab9fa2d08b6d8c1b5d0b554c5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250127/842e77d9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list