[Git][security-tracker-team/security-tracker][master] 5 commits: mark CVE-2025-44021 as postponed for Bullseye

Thorsten Alteholz (@alteholz) alteholz at debian.org
Fri Jun 6 18:35:10 BST 2025 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e2edb1fe by Thorsten Alteholz at 2025-06-06T19:34:47+02:00
mark CVE-2025-44021 as postponed for Bullseye

- - - - -
6d3f8da1 by Thorsten Alteholz at 2025-06-06T19:34:49+02:00
mark CVE-2025-40911 as postponed for Bullseye

- - - - -
be60f437 by Thorsten Alteholz at 2025-06-06T19:34:51+02:00
mark CVE-2025-40909 as postponed for Bullseye

- - - - -
724e42e5 by Thorsten Alteholz at 2025-06-06T19:34:53+02:00
mark CVE-2024-56521 as postponed for Bullseye

- - - - -
e0c9e0cd by Thorsten Alteholz at 2025-06-06T19:34:53+02:00
add roundcube

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1326,6 +1326,7 @@ CVE-2025-1499 (IBM InfoSphere Information Server 11.7 stores credential informat
 CVE-2025-40908 (YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing exis ...)
 	- libyaml-libyaml-perl 0.903.0+ds-1
 	[bookworm] - libyaml-libyaml-perl <no-dsa> (Minor issue)
+	[bullseye] - libyaml-libyaml-perl <postponed> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/30071726/
 	NOTE: https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
 	NOTE: https://github.com/ingydotnet/yaml-libyaml-pm/pull/121
@@ -2077,6 +2078,7 @@ CVE-2025-4947 (libcurl accidentally skips the certificate verification for QUIC
 CVE-2025-40911 (Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly h ...)
 	- libnet-cidr-set-perl 0.15-1 (bug #1106699)
 	[bookworm] - libnet-cidr-set-perl <no-dsa> (Minor issue)
+	[bullseye] - libnet-cidr-set-perl <postponed> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29942240/
 	NOTE: Fixed by: https://github.com/robrwo/perl-Net-CIDR-Set/commit/be7d91e8446ad8013b08b4be313d666dab003a8a (v0.14)
 CVE-2025-5278 (A flaw was found in GNU Coreutils. The sort utility's begfield() funct ...)
@@ -8014,6 +8016,7 @@ CVE-2025-44023 (An issue in dlink DNS-320 v.1.00 and DNS-320LW v.1.01.0914.20212
 CVE-2025-44021 (OpenStack Ironic before 29.0.1 can write unintended files to a target  ...)
 	- ironic 1:29.0.0-6 (bug #1104964)
 	[bookworm] - ironic <no-dsa> (Minor issue)
+	[bullseye] - ironic <postponed> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2107847
 	NOTE: https://security.openstack.org/ossa/OSSA-2025-001.html
 	NOTE: https://www.openwall.com/lists/oss-security/2025/05/08/1
@@ -53086,6 +53089,7 @@ CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFt
 CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CUR ...)
 	- tcpdf 6.8.0+dfsg-1 (bug #1091687)
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
+	[bullseye] - tcpdf <postponed> (Minor issue)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 (6.8.0)
 CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TC ...)
 	{DSA-5933-1 DLA-4199-1}


=====================================
data/dla-needed.txt
=====================================
@@ -303,6 +303,10 @@ rails
   NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
   NOTE: 20250323: rails DSA has been released. (utkarsh)
 --
+roundcube
+  NOTE: 20250606: Added by Front-Desk (ta)
+  NOTE: 20250606: issue should be in program/steps/settings/upload.inc
+--
 ruby-graphql
   NOTE: 20250422: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c787077374e5401a124766504a5000c5b25cfd1b...e0c9e0cd294704294e3dc519100cc990d01a03af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c787077374e5401a124766504a5000c5b25cfd1b...e0c9e0cd294704294e3dc519100cc990d01a03af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250606/abf1e15c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list