[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 2 12:27:41 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
39030920 by Moritz Muehlenhoff at 2025-06-02T13:27:20+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1164,9 +1164,11 @@ CVE-2025-23393 (A Improper Neutralization of Script-Related HTML Tags in a Web P
NOT-FOR-US: Spacewalk
CVE-2024-47090 (Improper neutralization of input in Nagvis before version 1.9.47 which ...)
- nagvis 1:1.9.47-1 (bug #1106686)
+ [bookworm] - nagvis <no-dsa> (Minor issue)
NOTE: https://github.com/NagVis/nagvis/commit/5baf87d30175357aaa39e42ff0d99fb0abefbc06 (nagvis-1.9.47)
CVE-2024-38866 (Improper neutralization of input in Nagvis before version 1.9.47 which ...)
- nagvis 1:1.9.47-1 (bug #1106686)
+ [bookworm] - nagvis <no-dsa> (Minor issue)
NOTE: https://github.com/NagVis/nagvis/commit/6493722cf52436dbafb2b9f1c20c3ab8b663ad0f (nagvis-1.9.47)
CVE-2025-5222 (A stack buffer overflow was found in Internationl components for unico ...)
- icu 76.1-4 (bug #1106684)
@@ -2068,6 +2070,7 @@ CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all versi
- gitlab <unfixed>
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and application cras ...)
- taglib 2.0.2-1
+ [bookworm] - taglib <no-dsa> (Minor issue)
NOTE: https://github.com/taglib/taglib/issues/1163
NOTE: https://github.com/taglib/taglib/pull/1164
NOTE: Fixed by: https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf (v2.0beta)
@@ -2328,10 +2331,11 @@ CVE-2024-56428 (The local iLabClient database in itech iLabClient 3.7.1 allows l
CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command injection vulne ...)
NOT-FOR-US: AAPanel
CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and including 1 ...)
- - jq 1.7.1-6 (bug #1106289)
+ - jq 1.7.1-6 (bug #1106289; unimportant)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46
NOTE: https://github.com/jqlang/jq/issues/3262
NOTE: https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e
+ NOTE: Crash in CLI tool, no security impact
CVE-2024-12561 (The Affiliate Sales in Google Analytics and other tools plugin for Wor ...)
NOT-FOR-US: WordPress plugin
CVE-2025-40775 (When an incoming DNS protocol message includes a Transaction Signature ...)
@@ -5843,11 +5847,13 @@ CVE-2023-49641 (Billing Software v1.0 is vulnerable to multiple Unauthenticated
NOT-FOR-US: Kashipara Billing Software
CVE-2025-47712
- nbdkit <unfixed> (bug #1105228)
+ [bookworm] - nbdkit <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365724
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/a486f88d1eea653ea88b0bf8804c4825dab25ec7 (v1.43.7)
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/c3ed72811aca5684490b198737b2f0b921741547 (v1.42.3)
CVE-2025-47711
- nbdkit <unfixed> (bug #1105227)
+ [bookworm] - nbdkit <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365687
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/e6f96bd1b77c0cc927ce6aeff650b52238304f39 (v1.43.7)
NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f (v1.42.3)
@@ -6776,6 +6782,7 @@ CVE-2025-44023 (An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212
NOT-FOR-US: D-Link
CVE-2025-44021 (OpenStack Ironic before 29.0.1 can write unintended files to a target ...)
- ironic 1:29.0.0-6 (bug #1104964)
+ [bookworm] - ironic <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/ironic/+bug/2107847
NOTE: https://security.openstack.org/ossa/OSSA-2025-001.html
NOTE: https://www.openwall.com/lists/oss-security/2025/05/08/1
@@ -11602,6 +11609,7 @@ CVE-2025-46435 (Cross-Site Request Forgery (CSRF) vulnerability in Yash Binani T
NOT-FOR-US: WordPress plugin or theme
CVE-2025-46421 (A flaw was found in libsoup. When libsoup clients encounter an HTTP re ...)
- libsoup3 3.6.5-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1104054)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
@@ -11609,6 +11617,7 @@ CVE-2025-46421 (A flaw was found in libsoup. When libsoup clients encounter an H
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/3e5c26415811f19e7737238bb23305ffaf96f66b (3.6.5)
CVE-2025-46420 (A flaw was found in libsoup. It is vulnerable to memory leaks in the s ...)
- libsoup3 3.6.4-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1104055)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/438
@@ -13837,6 +13846,7 @@ CVE-2025-2564 (Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <=
CVE-2025-2291 (Password can be used past expiry in PgBouncer due to auth_query not ta ...)
{DLA-4180-1}
- pgbouncer 1.24.1-1 (bug #1103394)
+ [bookworm] - pgbouncer <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/pgbouncer/pgbouncer/commit/9912ee7f1af2e1b81d4d624a0da1cb49075ee78a (pgbouncer_1_24_1)
CVE-2025-29905 (A vulnerability has been identified in TeleControl Server Basic (All v ...)
NOT-FOR-US: Siemens
@@ -15213,6 +15223,7 @@ CVE-2025-32930
CVE-2025-32914 (A flaw was found in libsoup, where the soup_multipart_new_from_message ...)
{DLA-4140-1}
- libsoup3 <unfixed> (bug #1103267)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103512)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/436
@@ -15221,6 +15232,7 @@ CVE-2025-32914 (A flaw was found in libsoup, where the soup_multipart_new_from_m
CVE-2025-32913 (A flaw was found in libsoup, where the soup_message_headers_get_conten ...)
{DLA-4140-1}
- libsoup3 3.6.4-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103515)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/435
@@ -15229,6 +15241,7 @@ CVE-2025-32913 (A flaw was found in libsoup, where the soup_message_headers_get_
CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a N ...)
{DLA-4140-1}
- libsoup3 3.6.5-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103516)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434
@@ -15240,6 +15253,7 @@ CVE-2025-32912 (A flaw was found in libsoup, where SoupAuthDigest is vulnerable
CVE-2025-32911 (A use-after-free type vulnerability was found in libsoup, in the soup_ ...)
{DLA-4140-1}
- libsoup3 3.6.4-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103515)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433
@@ -15248,6 +15262,7 @@ CVE-2025-32911 (A use-after-free type vulnerability was found in libsoup, in the
CVE-2025-32910 (A flaw was found in libsoup, where soup_auth_digest_authenticate() is ...)
{DLA-4140-1}
- libsoup3 3.6.4-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103516)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432
@@ -15256,12 +15271,14 @@ CVE-2025-32910 (A flaw was found in libsoup, where soup_auth_digest_authenticate
CVE-2025-32909 (A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a ...)
{DLA-4140-1}
- libsoup3 3.6.4-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103517)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92 (3.6.2)
CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may not full ...)
- libsoup3 <unfixed> (bug #1103265)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <not-affected> (Vulnerable code not present)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/451
@@ -15269,6 +15286,7 @@ CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may no
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/commit/a792b23ab87cacbf4dd9462bf7b675fa678efbae
CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range requests ...)
- libsoup3 <unfixed> (bug #1103264)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <unfixed> (bug #1103518)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428
@@ -15277,6 +15295,7 @@ CVE-2025-32907 (A flaw was found in libsoup. The implementation of HTTP range re
CVE-2025-32906 (A flaw was found in libsoup, where the soup_headers_parse_request() fu ...)
{DLA-4140-1}
- libsoup3 3.6.5-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10.1 (bug #1103521)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/404
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39030920e81b3f96fda5848d00f87044335a49a1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39030920e81b3f96fda5848d00f87044335a49a1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/60605e41/attachment.htm>
More information about the debian-security-tracker-commits
mailing list