[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jun 2 16:40:28 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4028dbfa by Moritz Muehlenhoff at 2025-06-02T17:33:19+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -18308,6 +18308,7 @@ CVE-2025-32052 (A flaw was found in libsoup. A vulnerability in the sniff_unknow
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/f182429e5b1fc034050510da20c93256c4fa9652 (3.6.1)
CVE-2025-32051 (A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() fu ...)
- libsoup3 3.6.1-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <not-affected> (Vulnerable code introduced later, cf #1102213)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/401
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/0713ba4a719da938dc8facc89fca99cd0aa3069f (3.6.1)
@@ -18601,6 +18602,7 @@ CVE-2025-2874 (The User Submitted Posts \u2013 Enable Users to Submit Posts from
CVE-2025-2784 (A flaw was found in libsoup. The package is vulnerable to a heap buffe ...)
{DLA-4140-1}
- libsoup3 3.6.5-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10 (bug #1102208)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
@@ -18610,6 +18612,7 @@ CVE-2025-2784 (A flaw was found in libsoup. The package is vulnerable to a heap
CVE-2025-32053 (A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() a ...)
{DLA-4140-1}
- libsoup3 3.6.1-1
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 2.74.3-10 (bug #1102215)
[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426
=====================================
data/dsa-needed.txt
=====================================
@@ -57,7 +57,7 @@ python-tornado
--
ring
--
-roundcube
+roundcube (jmm)
--
ruby-rack
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4028dbfac7a292152c7ae4b5d10c2d7bf7a9ca07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4028dbfac7a292152c7ae4b5d10c2d7bf7a9ca07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/2a45add5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list