[Git][security-tracker-team/security-tracker][master] 4 commits: Add djvulibre to dla-needed.txt

[Markus Koschany (@apo)]

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31838631 by Markus Koschany at 2025-07-07T12:23:52+02:00
Add djvulibre to dla-needed.txt

- - - - -
fe4fb8dd by Markus Koschany at 2025-07-07T12:23:54+02:00
CVE-2025-4949,jgit: bullseye is postponed

Minor issue. The Amazon protocol is experimental and I am not aware of any real
use case in Debian. The problem can be fixed by explicitly disabling XXE in the
XML parser which can be postponed.

- - - - -
fd546a61 by Markus Koschany at 2025-07-07T12:23:54+02:00
Add pam to dla-needed.txt

- - - - -
889fee04 by Markus Koschany at 2025-07-07T12:23:55+02:00
CVE-2025-50181,python-urllib3: bullseye is postponed

Minor issue

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4363,6 +4363,7 @@ CVE-2025-50182 (urllib3 is a user-friendly HTTP client library for Python. Start
 CVE-2025-50181 (urllib3 is a user-friendly HTTP client library for Python. Prior to 2. ...)
 	- python-urllib3 <unfixed> (bug #1108076)
 	[bookworm] - python-urllib3 <no-dsa> (Minor issue)
+	[bullseye] - python-urllib3 <postponed> (Minor issue)
 	NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v
 	NOTE: https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 (2.5.0)
 CVE-2025-4965 (The WPBakery Page Builder for WordPress plugin for WordPress is vulner ...)
@@ -12926,6 +12927,7 @@ CVE-2025-4969 (A vulnerability was found in the libsoup package. This flaw stems
 CVE-2025-4949 (In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestP ...)
 	- jgit <unfixed> (bug #1106287)
 	[bookworm] - jgit <no-dsa> (Minor issue)
+	[bullseye] - jgit <postponed> (Minor issue)
 	NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
 	NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/64
 CVE-2025-4524 (The Madara \u2013 Responsive and modern WordPress theme for manga site ...)


=====================================
data/dla-needed.txt
=====================================
@@ -67,6 +67,9 @@ ckeditor
   NOTE: 20241002: Added by Front-Desk (Beuc)
   NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
 --
+djvulibre
+  NOTE: 20250707: Added by Front-Desk (apo)
+--
 dnsdist
   NOTE: 20250521: Added by Front-Desk (Beuc)
   NOTE: 20250521: Also fix postponed issue (Beuc/front-desk)
@@ -247,6 +250,9 @@ pagure
   NOTE: 20250216: The second issue is outside of my field of expertise. Returning to pool and send message to list (dleidert)
   NOTE: 20250217: Upcoming DSA, coordinate with security team (Beuc/front-desk)
 --
+pam
+  NOTE: 20250707: Added by Front-Desk (apo)
+--
 pgagent (abhijith)
   NOTE: 20250117: Added by Front-Desk (rouca)
   NOTE: 20250619: https://people.debian.org/~abhijith/upload/gss/CVE-2025-0218.patch (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f990c3d534a16911179cb69697fc0baad9e2f84a...889fee04c4ed3faac93870692bc98947ee14e4e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f990c3d534a16911179cb69697fc0baad9e2f84a...889fee04c4ed3faac93870692bc98947ee14e4e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250707/be5db5c8/attachment-0001.htm>