[Git][security-tracker-team/security-tracker][master] new ruby-saml issues
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Mar 13 12:20:19 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be2c5f56 by Moritz Muehlenhoff at 2025-03-13T13:19:57+01:00
new ruby-saml issues
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,11 +9,20 @@ CVE-2025-2106 (The ArielBrailovsky-ViralAd plugin for WordPress is vulnerable to
CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder plugi ...)
NOT-FOR-US: WordPress plugin
CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) single si ...)
- TODO: check
+ - ruby-saml <unfixed>
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1 (v1.12.4)
CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) single si ...)
- TODO: check
+ - ruby-saml <unfixed>
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (v1.18.0)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9 (v1.12.4)
CVE-2025-25291 (ruby-saml provides security assertion markup language (SAML) single si ...)
- TODO: check
+ - ruby-saml <unfixed>
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-4vc4-m8qh-g8jm
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e9c1cdbd0f9afa467b585de279db0cbd0fb8ae97 (v1.18.0)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e76c5b36bac40aedbf1ba7ffaaf495be63328cd9 (v1.12.4)
CVE-2025-1785 (The Download Manager plugin for WordPress is vulnerable to Directory T ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1561 (The AppPresser \u2013 Mobile App Framework plugin for WordPress is vul ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -53,6 +53,8 @@ ring
--
rsync (carnil)
--
+ruby-saml
+--
sogo
--
sympa
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be2c5f563125d6bd685aa8f1e0ae25982b576b6e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/be2c5f563125d6bd685aa8f1e0ae25982b576b6e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250313/15b90279/attachment.htm>
More information about the debian-security-tracker-commits
mailing list