[Git][security-tracker-team/security-tracker][master] Revert "Mark sslh CVEs as not affecting <= bookworm"
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Sat Jun 21 14:38:09 BST 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6c431c40 by Sylvain Beucler at 2025-06-21T15:37:04+02:00
Revert "Mark sslh CVEs as not affecting <= bookworm"
Please coordinate with security team for bookworm, and
report the <= buster in the ELTS tracker.
This reverts commit a888793199d647ddf3964d756d86f4db1dd1b95f.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6609,28 +6609,16 @@ CVE-2025-47272 (The CE Phoenix eCommerce platform, starting in version 1.0.9.7 a
NOT-FOR-US: CE Phoenix
CVE-2025-46807 (A Allocation of Resources Without Limits or Throttling vulnerability i ...)
- sslh <unfixed> (bug #1107213)
- [bookworm] - sslh <not-affected> (Vulnerable code not present)
- [bullseye] - sslh <not-affected> (Vulnerable code not present)
- [buster] - sslh <not-affected> (Vulnerable code not present)
- [stretch] - sslh <not-affected> (Vulnerable code not present)
- [jessie] - sslh <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1243122
NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/ff8206f7c8a47f901b78a1b78db5a4c788f6aa6f (v2.2.4)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/13/1
- NOTE: Introduced in https://github.com/yrutschle/sslh/commit/750e828d (v2.0-rc1)
CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh leads to de ...)
- sslh <unfixed> (bug #1107214)
- [bookworm] - sslh <not-affected> (Vulnerable code not present)
- [bullseye] - sslh <not-affected> (Vulnerable code not present)
- [buster] - sslh <not-affected> (Vulnerable code not present)
- [stretch] - sslh <not-affected> (Vulnerable code not present)
- [jessie] - sslh <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1243120
NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/204305a88fb32cffaf1349253a2b052186ca8d39 (v2.2.4)
NOTE: Original fix in 2.2.4 was incomplete.
NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/cd9b85fd4f2dafe4eab01c9d9c0706f00d81c12a
NOTE: https://www.openwall.com/lists/oss-security/2025/06/13/1
- NOTE: Introduced by: https://github.com/yrutschle/sslh/commit/aa17061e26a06624d7bb375baeffe4a905842a02 (v2.0-rc2)
CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint of CloudC ...)
NOT-FOR-US: CloudClassroom-PHP-Project
CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c431c409bfe21de743bef0b5721ad3982c588d3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c431c409bfe21de743bef0b5721ad3982c588d3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250621/b09b426e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list