[Git][security-tracker-team/security-tracker][master] Mark sslh CVEs as not affecting <= bookworm
Andreas Henriksson (@ah)
gitlab at salsa.debian.org
Sat Jun 21 14:13:15 BST 2025
Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a8887931 by Andreas Henriksson at 2025-06-21T15:12:14+02:00
Mark sslh CVEs as not affecting <= bookworm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6609,16 +6609,28 @@ CVE-2025-47272 (The CE Phoenix eCommerce platform, starting in version 1.0.9.7 a
NOT-FOR-US: CE Phoenix
CVE-2025-46807 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
- sslh <unfixed> (bug #1107213)
+ [bookworm] - sslh <not-affected> (Vulnerable code not present)
+ [bullseye] - sslh <not-affected> (Vulnerable code not present)
+ [buster] - sslh <not-affected> (Vulnerable code not present)
+ [stretch] - sslh <not-affected> (Vulnerable code not present)
+ [jessie] - sslh <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1243122
NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/ff8206f7c8a47f901b78a1b78db5a4c788f6aa6f (v2.2.4)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/13/1
+ NOTE: Introduced in https://github.com/yrutschle/sslh/commit/750e828d (v2.0-rc1)
CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh leads to de ...)
- sslh <unfixed> (bug #1107214)
+ [bookworm] - sslh <not-affected> (Vulnerable code not present)
+ [bullseye] - sslh <not-affected> (Vulnerable code not present)
+ [buster] - sslh <not-affected> (Vulnerable code not present)
+ [stretch] - sslh <not-affected> (Vulnerable code not present)
+ [jessie] - sslh <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1243120
NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/204305a88fb32cffaf1349253a2b052186ca8d39 (v2.2.4)
NOTE: Original fix in 2.2.4 was incomplete.
NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/cd9b85fd4f2dafe4eab01c9d9c0706f00d81c12a
NOTE: https://www.openwall.com/lists/oss-security/2025/06/13/1
+ NOTE: Introduced by: https://github.com/yrutschle/sslh/commit/aa17061e26a06624d7bb375baeffe4a905842a02 (v2.0-rc2)
CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint of CloudC ...)
NOT-FOR-US: CloudClassroom-PHP-Project
CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a888793199d647ddf3964d756d86f4db1dd1b95f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a888793199d647ddf3964d756d86f4db1dd1b95f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250621/3454cd9f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list