[Git][security-tracker-team/security-tracker][master] Update status for commons-vfs, will be fixed via point release

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jul 20 07:09:05 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cee4c4be by Salvatore Bonaccorso at 2025-07-20T08:08:29+02:00
Update status for commons-vfs, will be fixed via point release

- - - - -


3 changed files:

- data/CVE/list
- data/dsa-needed.txt
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -38437,6 +38437,7 @@ CVE-2025-29795 (Improper link resolution before file access ('link following') i
 CVE-2025-27553 (Relative Path Traversal vulnerability in Apache Commons VFS before 2.1 ...)
 	{DLA-4111-1}
 	- commons-vfs 2.1-5 (bug #1101204)
+	[bookworm] - commons-vfs <no-dsa> (Minor issue; will be fixed via point release)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/23/1
 	NOTE: Fixed by: https://github.com/apache/commons-vfs/commit/83d815afad4057234d9f928f6f00701bb7b51e86 (commons-vfs-2.10.0-RC1)
 CVE-2025-2644 (A vulnerability was found in PHPGurukul Art Gallery Management System  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,8 +20,6 @@ apache2
 --
 ark (jmm)
 --
-commons-vfs (apo)
---
 frr
   coordination with the maintainer ongoing, Daniel Baumann proposing an update
 --


=====================================
data/next-point-update.txt
=====================================
@@ -250,3 +250,5 @@ CVE-2025-0716
 	[bookworm] - angular.js 1.8.3-1+deb12u1
 CVE-2025-2336
 	[bookworm] - angular.js 1.8.3-1+deb12u1
+CVE-2025-27553
+	[bookworm] - commons-vfs 2.1-4+deb12u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee4c4beecf4732bb81ec5304070b304d9b9f0fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cee4c4beecf4732bb81ec5304070b304d9b9f0fe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250720/ef4e9a00/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list