[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jul 28 21:12:17 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1dae8f7b by security tracker role at 2025-07-28T20:12:10+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,105 +1,233 @@
-CVE-2025-38497 [usb: gadget: configfs: Fix OOB read on empty string write]
+CVE-2025-8283 (A vulnerability was found in the netavark package, a network stack for ...)
+ TODO: check
+CVE-2025-8279 (Insufficient input validation within GitLab Language Server 7.6.0 and ...)
+ TODO: check
+CVE-2025-8275 (A vulnerability, which was classified as problematic, has been found i ...)
+ TODO: check
+CVE-2025-8274 (A vulnerability classified as critical was found in Campcodes Online R ...)
+ TODO: check
+CVE-2025-8273 (A vulnerability classified as critical has been found in code-projects ...)
+ TODO: check
+CVE-2025-8272 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
+ TODO: check
+CVE-2025-8271 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
+ TODO: check
+CVE-2025-8270 (A vulnerability was found in code-projects Exam Form Submission 1.0. I ...)
+ TODO: check
+CVE-2025-8269 (A vulnerability was found in code-projects Exam Form Submission 1.0 an ...)
+ TODO: check
+CVE-2025-8266 (A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and ...)
+ TODO: check
+CVE-2025-8265 (A vulnerability classified as critical has been found in 299Ko CMS 2.0 ...)
+ TODO: check
+CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module affecting ...)
+ TODO: check
+CVE-2025-7676 (DLL hijacking of all PE32 executables when run on Windows for ARM64 CP ...)
+ TODO: check
+CVE-2025-6918 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2025-6250 (Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token ...)
+ TODO: check
+CVE-2025-5997 (Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro all ...)
+ TODO: check
+CVE-2025-54569 (In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the ...)
+ TODO: check
+CVE-2025-54538 (In JetBrains TeamCity before 2025.07 password exposure was possible vi ...)
+ TODO: check
+CVE-2025-54537 (In JetBrains TeamCity before 2025.07 user credentials were stored in p ...)
+ TODO: check
+CVE-2025-54536 (In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL en ...)
+ TODO: check
+CVE-2025-54535 (In JetBrains TeamCity before 2025.07 password reset and email verifica ...)
+ TODO: check
+CVE-2025-54534 (In JetBrains TeamCity before 2025.07 reflected XSS was possible on the ...)
+ TODO: check
+CVE-2025-54533 (In JetBrains TeamCity before 2025.07 improper access control allowed d ...)
+ TODO: check
+CVE-2025-54532 (In JetBrains TeamCity before 2025.07 improper access control allowed d ...)
+ TODO: check
+CVE-2025-54531 (In JetBrains TeamCity before 2025.07 path traversal was possible via p ...)
+ TODO: check
+CVE-2025-54530 (In JetBrains TeamCity before 2025.07 privilege escalation was possible ...)
+ TODO: check
+CVE-2025-54529 (In JetBrains TeamCity before 2025.07 a CSRF was possible in external O ...)
+ TODO: check
+CVE-2025-54528 (In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App ...)
+ TODO: check
+CVE-2025-54527 (In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.8734 ...)
+ TODO: check
+CVE-2025-54423 (copyparty is a portable file server. In versions up to and including v ...)
+ TODO: check
+CVE-2025-54419 (A SAML library not dependent on any frameworks that runs in Node. In v ...)
+ TODO: check
+CVE-2025-54418 (CodeIgniter is a PHP full-stack web framework. A command injection vul ...)
+ TODO: check
+CVE-2025-54299 (A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0 ...)
+ TODO: check
+CVE-2025-54298 (A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joo ...)
+ TODO: check
+CVE-2025-53696 (iSTAR Ultra performs a firmware verification on boot, however the veri ...)
+ TODO: check
+CVE-2025-53695 (OS Command Injection in iSTAR Ultra products web application allows an ...)
+ TODO: check
+CVE-2025-50494 (Improper session invalidation in the component /doctor/change-password ...)
+ TODO: check
+CVE-2025-50493 (Improper session invalidation in the component /doctor/change-password ...)
+ TODO: check
+CVE-2025-50492 (Improper session invalidation in the component /edms/change-password.p ...)
+ TODO: check
+CVE-2025-50491 (Improper session invalidation in the component /banker/change-password ...)
+ TODO: check
+CVE-2025-50490 (Improper session invalidation in the component /elms/emp-changepasswor ...)
+ TODO: check
+CVE-2025-50489 (Improper session invalidation in the component /srms/change-password.p ...)
+ TODO: check
+CVE-2025-50488 (Improper session invalidation in the component /library/change-passwor ...)
+ TODO: check
+CVE-2025-50487 (Improper session invalidation in the component /bbdms/change-password. ...)
+ TODO: check
+CVE-2025-50486 (Improper session invalidation in the component /carrental/update-passw ...)
+ TODO: check
+CVE-2025-50485 (Improper session invalidation in the component /crm/change-password.ph ...)
+ TODO: check
+CVE-2025-50484 (Improper session invalidation in the component /crm/change-password.ph ...)
+ TODO: check
+CVE-2025-43023 (A potential security vulnerability has been identified in the HP Linux ...)
+ TODO: check
+CVE-2025-40730 (HTML injection in Vox Media's Chorus CMS. This vulnerability allows an ...)
+ TODO: check
+CVE-2025-32731 (A reflected cross-site scripting (xss) vulnerability exists in the rad ...)
+ TODO: check
+CVE-2025-30133 (An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device ...)
+ TODO: check
+CVE-2025-30126 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via ...)
+ TODO: check
+CVE-2025-30125 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All ...)
+ TODO: check
+CVE-2025-30124 (An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Whe ...)
+ TODO: check
+CVE-2025-2297 (Prior to version 25.4.270.0, a local authenticated attacker can manipu ...)
+ TODO: check
+CVE-2025-29534 (An authenticated remote code execution vulnerability in PowerStick Wav ...)
+ TODO: check
+CVE-2025-27802 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
+ TODO: check
+CVE-2025-27801 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
+ TODO: check
+CVE-2025-27800 (The Episerver Content Management System (CMS) by Optimizely was affect ...)
+ TODO: check
+CVE-2025-27724 (A privilege escalation vulnerability exists in the login.php functiona ...)
+ TODO: check
+CVE-2025-26469 (An incorrect default permissions vulnerability exists in the CServerSe ...)
+ TODO: check
+CVE-2025-24485 (A server-side request forgery vulnerability exists in the cecho.php fu ...)
+ TODO: check
+CVE-2024-49343 (IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML inje ...)
+ TODO: check
+CVE-2024-49342 (IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account ...)
+ TODO: check
+CVE-2025-38497 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/3014168731b7930300aab656085af784edc861f6 (6.16-rc7)
-CVE-2025-38496 [dm-bufio: fix sched in atomic context]
+CVE-2025-38496 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/b1bf1a782fdf5c482215c0c661b5da98b8e75773 (6.16-rc7)
-CVE-2025-38495 [HID: core: ensure the allocated report buffer can contain the reserved report ID]
+CVE-2025-38495 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4f15ee98304b96e164ff2340e1dfd6181c3f42aa (6.16-rc7)
-CVE-2025-38494 [HID: core: do not bypass hid_hw_raw_request]
+CVE-2025-38494 (In the Linux kernel, the following vulnerability has been resolved: H ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/c2ca42f190b6714d6c481dfd3d9b62ea091c946b (6.16-rc7)
-CVE-2025-38493 [tracing/osnoise: Fix crash in timerlat_dump_stack()]
+CVE-2025-38493 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/85a3bce695b361d85fc528e6fbb33e4c8089c806 (6.16-rc7)
-CVE-2025-38492 [netfs: Fix race between cache write completion and ALL_QUEUED being set]
+CVE-2025-38492 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/89635eae076cd8eaa5cb752f66538c9dc6c9fdc3 (6.16-rc7)
-CVE-2025-38491 [mptcp: make fallback action and fallback decision atomic]
+CVE-2025-38491 (In the Linux kernel, the following vulnerability has been resolved: m ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/f8a1d9b18c5efc76784f5a326e905f641f839894 (6.16-rc7)
-CVE-2025-38490 [net: libwx: remove duplicate page_pool_put_full_page()]
+CVE-2025-38490 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 (6.16-rc7)
-CVE-2025-38489 [s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again]
+CVE-2025-38489 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/6a5abf8cf182f577c7ae6c62f14debc9754ec986 (6.16-rc7)
-CVE-2025-38488 [smb: client: fix use-after-free in crypt_message when using async crypto]
+CVE-2025-38488 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b220bed63330c0e1733dc06ea8e75d5b9962b6b6 (6.16-rc7)
-CVE-2025-38487 [soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled]
+CVE-2025-38487 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/56448e78a6bb4e1a8528a0e2efe94eff0400c247 (6.16-rc7)
-CVE-2025-38486 [soundwire: Revert "soundwire: qcom: Add set_channel_map api support"]
+CVE-2025-38486 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/834bce6a715ae9a9c4dce7892454a19adf22b013 (6.16-rc7)
-CVE-2025-38485 [iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush]
+CVE-2025-38485 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/1fe16dc1a2f5057772e5391ec042ed7442966c9a (6.16-rc7)
-CVE-2025-38484 [iio: backend: fix out-of-bound write]
+CVE-2025-38484 (In the Linux kernel, the following vulnerability has been resolved: i ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/da9374819eb3885636934c1006d450c3cb1a02ed (6.16-rc7)
-CVE-2025-38483 [comedi: das16m1: Fix bit shift out of bounds]
+CVE-2025-38483 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/ed93c6f68a3be06e4e0c331c6e751f462dee3932 (6.16-rc7)
-CVE-2025-38482 [comedi: das6402: Fix bit shift out of bounds]
+CVE-2025-38482 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/70f2b28b5243df557f51c054c20058ae207baaac (6.16-rc7)
-CVE-2025-38481 [comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large]
+CVE-2025-38481 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/08ae4b20f5e82101d77326ecab9089e110f224cc (6.16-rc7)
-CVE-2025-38480 [comedi: Fix use of uninitialized data in insn_rw_emulate_bits()]
+CVE-2025-38480 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/e9cb26291d009243a4478a7ffb37b3a9175bfce9 (6.16-rc7)
-CVE-2025-38478 [comedi: Fix initialization of data for instructions that write to subdevice]
+CVE-2025-38478 (In the Linux kernel, the following vulnerability has been resolved: c ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/46d8c744136ce2454aa4c35c138cc06817f92b8e (6.16-rc7)
-CVE-2025-38477 [net/sched: sch_qfq: Fix race condition on qfq_aggregate]
+CVE-2025-38477 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/5e28d5a3f774f118896aec17a3a20a9c5c9dfc64 (6.16-rc7)
-CVE-2025-38476 [rpl: Fix use-after-free in rpl_do_srh_inline().]
+CVE-2025-38476 (In the Linux kernel, the following vulnerability has been resolved: r ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/b640daa2822a39ff76e70200cb2b7b892b896dce (6.16-rc7)
-CVE-2025-38475 [smc: Fix various oops due to inet_sock type confusion.]
+CVE-2025-38475 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/60ada4fe644edaa6c2da97364184b0425e8aeaf5 (6.16-rc7)
-CVE-2025-38474 [usb: net: sierra: check for no status endpoint]
+CVE-2025-38474 (In the Linux kernel, the following vulnerability has been resolved: u ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158 (6.16-rc7)
-CVE-2025-38473 [Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()]
+CVE-2025-38473 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a0075accbf0d76c2dad1ad3993d2e944505d99a0 (6.16-rc7)
-CVE-2025-38472 [netfilter: nf_conntrack: fix crash due to removal of uninitialised entry]
+CVE-2025-38472 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/2d72afb340657f03f7261e9243b44457a9228ac7 (6.16-rc7)
-CVE-2025-38471 [tls: always refresh the queue when reading sock]
+CVE-2025-38471 (In the Linux kernel, the following vulnerability has been resolved: t ...)
- linux <unfixed>
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/4ab26bce3969f8fd925fe6f6f551e4d1a508c68b (6.16-rc7)
-CVE-2025-38470 [net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime]
+CVE-2025-38470 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/579d4f9ca9a9a605184a9b162355f6ba131f678d (6.16-rc7)
-CVE-2025-38469 [KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls]
+CVE-2025-38469 (In the Linux kernel, the following vulnerability has been resolved: K ...)
- linux <unfixed>
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/5a53249d149f48b558368c5338b9921b76a12f8c (6.16)
-CVE-2025-38468 [net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree]
+CVE-2025-38468 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/0e1d5d9b5c5966e2e42e298670808590db5ed628 (6.16-rc7)
CVE-2025-8267 (Versions of the package ssrfcheck before 1.2.0 are vulnerable to Serve ...)
@@ -6902,21 +7030,21 @@ CVE-2025-49087 (In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepan
[bullseye] - mbedtls <not-affected> (Vulnerable code not present)
NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2025-06-5.md
CVE-2025-6491 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
- {DLA-4254-1}
+ {DSA-5967-1 DLA-4254-1}
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-453j-q27h-5p8x
NOTE: Fixed by: https://github.com/php/php-src/commit/9cb3d8d200f0c822b17bda35a2a67a97b039d3e1 (php-8.1.33)
CVE-2025-1220 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
- {DLA-4254-1}
+ {DSA-5967-1 DLA-4254-1}
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r
NOTE: Fixed by: https://github.com/php/php-src/commit/cac8f7f1cf4939f55f06b68120040f057682d89c (php-8.1.33)
CVE-2025-1735 (In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before ...)
- {DLA-4254-1}
+ {DSA-5967-1 DLA-4254-1}
- php8.4 8.4.10-1
- php8.2 <removed>
- php7.4 <removed>
@@ -27614,7 +27742,7 @@ CVE-2025-47153 (Certain build processes for libuv and Node.js for 32-bit systems
- nodejs 20.19.0+dfsg1-1 (bug #922075; bug #1076350)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892601
NOTE: https://github.com/nodejs/node-v0.x-archive/issues/4549
-CVE-2025-4056
+CVE-2025-4056 (A flaw was found in GLib. A denial of service on Windows platforms may ...)
- glib2.0 <not-affected> (Only affects Glib on Windows)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2362826
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3668
@@ -161955,7 +162083,7 @@ CVE-2023-37527 (A reflected cross-site scripting (XSS) vulnerability in the Web
NOT-FOR-US: HCL
CVE-2023-32967 (An incorrect authorization vulnerability has been reported to affect s ...)
NOT-FOR-US: QNAP
-CVE-2024-58265 [GHSA-7g9j-g5jg-3vv3: Unauthenticated Nonce Increment in snow]
+CVE-2024-58265 (The snow crate before 0.9.5 for Rust, when stateful TransportState is ...)
- rust-snow 0.9.6-1 (bug #1062663)
NOTE: https://github.com/mcginty/snow/security/advisories/GHSA-7g9j-g5jg-3vv3
NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0011.html
@@ -163663,7 +163791,7 @@ CVE-2024-23898 (Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 throug
- jenkins <removed>
CVE-2024-23897 (Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a ...)
- jenkins <removed>
-CVE-2024-58266 [RUSTSEC-2024-0006]
+CVE-2024-58266 (The shlex crate before 1.2.1 for Rust allows unquoted and unescaped in ...)
- rust-shlex 1.3.0-1
[bookworm] - rust-shlex <no-dsa> (Minor issue)
[bullseye] - rust-shlex <no-dsa> (Minor issue)
@@ -199510,7 +199638,7 @@ CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silic
NOT-FOR-US: Silicon Labs Gecko SDK
CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allo ...)
NOT-FOR-US: silabs Bluetooth SDK
-CVE-2023-53160 [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic]
+CVE-2023-53160 (The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds ...)
- rust-sequoia-openpgp 1.16.0-1
[bookworm] - rust-sequoia-openpgp <no-dsa> (Minor issue)
[bullseye] - rust-sequoia-openpgp <no-dsa> (Minor issue)
@@ -201126,7 +201254,7 @@ CVE-2015-10109 (A vulnerability was found in Video Playlist and Gallery Plugin u
NOT-FOR-US: WordPress plugin
CVE-2014-125104 (A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPres ...)
NOT-FOR-US: WordPress plugin
-CVE-2023-53161 [RUSTSEC-2023-0039]
+CVE-2023-53161 (The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds a ...)
- rust-buffered-reader 1.2.0-1 (bug #1037018)
[bookworm] - rust-buffered-reader <no-dsa> (Minor issue)
[bullseye] - rust-buffered-reader <no-dsa> (Minor issue)
@@ -240941,7 +241069,7 @@ CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4
CVE-2022-45786 (There are issues with the AGE drivers for Golang and Python that enabl ...)
NOT-FOR-US: Apache AGE
CVE-2022-4121 (In libetpan a null pointer dereference in mailimap_mailbox_data_status ...)
- {DLA-3261-1}
+ {DLA-4256-1 DLA-3261-1}
- libetpan 1.9.4-3.1 (bug #1025120)
NOTE: https://github.com/dinhvh/libetpan/issues/420
NOTE: https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba
@@ -300099,7 +300227,7 @@ CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out
NOT-FOR-US: Node fast-string-search
CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...)
NOT-FOR-US: Node querymen
-CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...)
+CVE-2022-25869 (All versions of the package angular; all versions of the package angul ...)
- angular.js <unfixed> (bug #1036694)
[trixie] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - angular.js <postponed> (Minor issue, revisit when fixed upstream)
@@ -304329,7 +304457,7 @@ CVE-2022-24601 (Luocms v2.0 is affected by SQL Injection in /admin/manager/admin
CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through /admin/login.php. An ...)
NOT-FOR-US: Luocms
CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory leak vul ...)
- {DLA-3650-1}
+ {DLA-4255-1 DLA-3650-1}
- audiofile 0.3.6-6 (bug #1008017; unimportant)
[bookworm] - audiofile 0.3.6-5+deb12u1
NOTE: https://github.com/mpruett/audiofile/issues/60
@@ -358957,13 +359085,13 @@ CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpac
NOTE: https://github.com/upx/upx/issues/485
NOTE: https://github.com/upx/upx/commit/be050693f229d629f56650f67f612fc68e285600 (v3.99)
CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...)
- {DLA-3784-1}
+ {DLA-4257-1 DLA-3784-1}
- libcaca 0.99.beta19-3 (bug #987278)
[stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/cacalabs/libcaca/issues/54
NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20)
CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...)
- {DLA-3784-1}
+ {DLA-4257-1 DLA-3784-1}
- libcaca 0.99.beta19-3 (bug #987278)
[stretch] - libcaca <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/cacalabs/libcaca/issues/53
@@ -433437,7 +433565,7 @@ CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.)
CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
NOT-FOR-US: TRENDnet ProView
CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
- {DSA-4741-1 DLA-3461-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
+ {DSA-4741-1 DLA-4258-1 DLA-3461-1 DLA-2301-1 DLA-2228-2 DLA-2228-1}
- json-c 0.13.1+dfsg-8 (bug #960326)
- libfastjson 1.2304.0-1 (bug #1035302)
NOTE: https://github.com/json-c/json-c/pull/592
@@ -487708,7 +487836,7 @@ CVE-2019-13149 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2
CVE-2019-13148 (An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11 ...)
NOT-FOR-US: TRENDnet TEW-827DRU firmware
CVE-2019-13147 (In Audio File Library (aka audiofile) 0.3.6, there exists one NULL poi ...)
- {DLA-3650-1}
+ {DLA-4255-1 DLA-3650-1}
- audiofile 0.3.6-6 (low; bug #931343)
[bookworm] - audiofile 0.3.6-5+deb12u1
[stretch] - audiofile <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dae8f7bf94a8fd21506cdeb4566bddafcd8d85e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dae8f7bf94a8fd21506cdeb4566bddafcd8d85e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250728/2c5d2f37/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list