[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Mar 17 15:59:48 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f01e6b90 by Moritz Muehlenhoff at 2025-03-17T16:59:23+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,6 +31,7 @@ CVE-2025-2358 (A vulnerability was found in Shenzhen Mingyuan Cloud Technology M
 	NOT-FOR-US: Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System
 CVE-2025-2357 (A vulnerability was found in DCMTK 3.6.9. It has been declared as crit ...)
 	- dcmtk <unfixed>
+	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://support.dcmtk.org/redmine/issues/1155
 CVE-2025-2356 (A vulnerability was found in BlackVue App 3.65 on Android. It has been ...)
 	NOT-FOR-US: BlackVue
@@ -176,15 +177,19 @@ CVE-2025-2320 (A vulnerability has been found in 274056675 springboot-openai-cha
 	NOT-FOR-US: springboot-openai-chatgpt
 CVE-2025-2310 (A vulnerability was found in HDF5 1.14.6 and classified as critical. T ...)
 	- hdf5 <unfixed>
+	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md
 CVE-2025-2309 (A vulnerability has been found in HDF5 1.14.6 and classified as critic ...)
 	- hdf5 <unfixed>
+	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md
 CVE-2025-2308 (A vulnerability, which was classified as critical, was found in HDF5 1 ...)
 	- hdf5 <unfixed>
+	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc2.md
 CVE-2025-2295 (EDK2 contains a vulnerability in BIOS where a user may cause an Intege ...)
 	- edk2 <unfixed> (bug #1100594)
+	[bookworm] - edk2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/tianocore/edk2/security/advisories/GHSA-8522-69fh-w74x
 CVE-2025-2267 (The WP01 plugin for WordPress is vulnerable to Arbitrary File Download ...)
 	NOT-FOR-US: WordPress plugin
@@ -1632,12 +1637,15 @@ CVE-2025-1828 (Crypt::Random Perl package 1.05 through 1.55 may use rand() funct
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/27835115/
 CVE-2025-2153 (A vulnerability, which was classified as critical, was found in HDF5 1 ...)
 	- hdf5 <unfixed> (bug #1100440)
+	[bookworm] - hdf5 <no-dsa> (Minor issue)
 	NOTE: https://github.com/HDFGroup/hdf5/issues/5329
 CVE-2025-2152 (A vulnerability, which was classified as critical, has been found in O ...)
 	- assimp <unfixed> (bug #1100438)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6027
 CVE-2025-2151 (A vulnerability classified as critical was found in Open Asset Import  ...)
 	- assimp <unfixed> (bug #1100439)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6016
 	NOTE: https://github.com/assimp/assimp/issues/6026
 	NOTE: https://github.com/sae-as-me/Crashes/raw/refs/heads/main/assimp/assimp_crash_1
@@ -9186,6 +9194,7 @@ CVE-2025-27091 (OpenH264 is a free license codec library which supports H.264 en
 	NOTE: Fixed by: https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for building massi ...)
 	- erlang 1:27.2.4+dfsg-1
+	[bookworm] - erlang <no-dsa> (Minor issue)
 	[bullseye] - erlang <postponed> (Minor issue)
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
 	NOTE: https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 (OTP-25.3.2.18, OTP-26.2.5.9, OTP-27.2.4)
@@ -15084,6 +15093,7 @@ CVE-2024-8401 (CWE-79: Improper Neutralization of Input During Web Page Generati
 	NOT-FOR-US: Schneider Electric
 CVE-2024-7881 (An unprivileged context can trigger a data memory-dependent prefetch e ...)
 	- arm-trusted-firmware 2.12.1+dfsg-1
+	[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
 	NOTE: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
 CVE-2024-6351 (A malformed packet can cause a buffer overflow in the NWK/APS layer of ...)
 	NOT-FOR-US: Ember ZNet
@@ -29961,6 +29971,7 @@ CVE-2024-7572 (Insufficient permissions in Ivanti DSM before version 2024.3.5740
 	NOT-FOR-US: Ivanti
 CVE-2024-5660 (Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 tran ...)
 	- arm-trusted-firmware 2.12.1+dfsg-1
+	[bookworm] - arm-trusted-firmware <no-dsa> (Minor issue)
 	NOTE: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
 CVE-2024-55602 (PwnDoc is a penetration test report generator. Prior to commit 1d4219c ...)
 	NOT-FOR-US: PwnDoc



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f01e6b903d8e3958ea47715a143515f5f3566b16

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f01e6b903d8e3958ea47715a143515f5f3566b16
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250317/3de3104d/attachment.htm>

More information about the debian-security-tracker-commits mailing list