[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon Mar 17 16:45:08 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0f105ed4 by Moritz Muehlenhoff at 2025-03-17T17:44:46+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4023,10 +4023,10 @@ CVE-2025-25726
 CVE-2025-25725
 	REJECTED
 CVE-2025-25724 (list_item_verbose in tar/util.c in libarchive through 3.7.7 does not c ...)
-	- libarchive <unfixed>
+	- libarchive <unfixed> (unimportant)
 	NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
 	NOTE: https://github.com/libarchive/libarchive/issues/2529
-	TODO: check, might be just crashing CLI and so unimportant, additionally unclear status
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-1810 (A vulnerability was found in Pixsoft Vivaz 6.0.11. It has been classif ...)
 	NOT-FOR-US: Pixsoft Vivaz
 CVE-2025-1809 (A vulnerability was found in Pixsoft Sol up to 7.6.6c and classified a ...)
@@ -4618,6 +4618,7 @@ CVE-2024-13148 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2024-10918 (Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows  ...)
 	{DLA-4084-1}
 	- libmodbus 3.1.11-1
+	[bookworm] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918
 	NOTE: https://github.com/stephane/libmodbus/commit/df79a02feb253c0a9a009bcdbb21e47581315111 (v3.1.11)
 	NOTE: https://github.com/stephane/libmodbus/commit/d8a971e04d52be16bf405b51d934a30b8aa3f2c3 (v3.1.11, follow-up)
@@ -5398,8 +5399,10 @@ CVE-2024-6810 (The Quiz Organizer plugin for WordPress is vulnerable to Stored C
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53427 (decNumberCopy in decNumber.c in jq through 1.7.1 does not properly con ...)
 	- jq <unfixed>
+	[bookworm] - jq <no-dsa> (Minor issue)
 	[bullseye] - jq <postponed> (Minor issue, wait until it's fixed upstream)
 	NOTE: https://github.com/jqlang/jq/issues/3196
+	NOTE: https://github.com/jqlang/jq/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3
 CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution ca ...)
 	NOT-FOR-US: OPSWAT MetaDefender Kiosk
 CVE-2024-47053 (This advisory addresses an authorization vulnerability in Mautic's HTT ...)
@@ -21265,6 +21268,7 @@ CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cf
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312
 CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...)
 	- libfcgi <unfixed> (bug #1092774)
+	[bookworm] - libfcgi <no-dsa> (Minor issue)
 	[bullseye] - libfcgi <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/FastCGI-Archives/fcgi2/issues/67
 CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injectio ...)
@@ -75858,6 +75862,7 @@ CVE-2024-1469
 CVE-2024-0397 (A defect was discovered in the Python \u201cssl\u201d module where the ...)
 	{DSA-5759-1 DLA-3980-1}
 	- pypy3 7.3.16+dfsg-1
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- python3.13 <not-affected> (Fixed before initial upload to Debian unstable)
 	- python3.12 3.12.3-1
 	- python3.11 3.11.9-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f105ed4958f514a4306f203c7eadaedfeaeead1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f105ed4958f514a4306f203c7eadaedfeaeead1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250317/9db02678/attachment-0001.htm>
