[Git][security-tracker-team/security-tracker][master] Reserve DLA-4246-1 for libowasp-esapi-java
Markus Koschany (@apo)
apo at debian.org
Mon Jul 21 11:17:49 BST 2025
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
065c1337 by Markus Koschany at 2025-07-21T12:17:37+02:00
Reserve DLA-4246-1 for libowasp-esapi-java
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -300995,7 +300995,6 @@ CVE-2022-24892 (Shopware is an open source e-commerce software platform. Startin
NOT-FOR-US: Shopware
CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
- [bullseye] - libowasp-esapi-java <no-dsa> (Minor issue)
[buster] - libowasp-esapi-java <no-dsa> (Minor issue)
[stretch] - libowasp-esapi-java <no-dsa> (Minor issue)
NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q
@@ -306210,7 +306209,6 @@ CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions
NOT-FOR-US: Toast UI Grid
CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...)
- libowasp-esapi-java 2.4.0.0-1 (bug #1010339)
- [bullseye] - libowasp-esapi-java <no-dsa> (Minor issue)
[buster] - libowasp-esapi-java <no-dsa> (Minor issue)
[stretch] - libowasp-esapi-java <no-dsa> (Minor issue)
NOTE: https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API/
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[21 Jul 2025] DLA-4246-1 libowasp-esapi-java - security update
+ {CVE-2022-23457 CVE-2022-24891 CVE-2025-5878}
+ [bullseye] - libowasp-esapi-java 2.4.0.0-0+deb11u1
[21 Jul 2025] DLA-4245-1 libcommons-fileupload-java - security update
{CVE-2023-24998 CVE-2025-48976}
[bullseye] - libcommons-fileupload-java 1.4-1+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -184,9 +184,6 @@ libcommons-lang-java (Markus Koschany)
libcommons-lang3-java (Markus Koschany)
NOTE: 20250713: Added by Front-Desk (apo)
--
-libowasp-esapi-java (Markus Koschany)
- NOTE: 20250710: Added by Front-Desk (apo)
---
libsoup2.4
NOTE: 20250408: Added by Front-Desk (Beuc)
NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/065c133789757fea0c2610dcf5b7bcb9595a4874
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/065c133789757fea0c2610dcf5b7bcb9595a4874
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250721/327dbb96/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list