[Git][security-tracker-team/security-tracker][master] 6 commits: lts: add ghostscript

Fri Mar 21 18:00:25 GMT 2025


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c1bfe84b by Emilio Pozuelo Monfort at 2025-03-21T18:15:12+01:00
lts: add ghostscript

- - - - -
61b624ba by Emilio Pozuelo Monfort at 2025-03-21T18:15:54+01:00
lts: add webkit2gtk

- - - - -
6cffa9ed by Emilio Pozuelo Monfort at 2025-03-21T18:19:53+01:00
lts: add ruby-rack

- - - - -
5591ab5d by Emilio Pozuelo Monfort at 2025-03-21T18:21:27+01:00
lts: postpone CVE-2025-29786/golang-github-antonmedv-expr

- - - - -
c9ffe5f5 by Emilio Pozuelo Monfort at 2025-03-21T18:31:20+01:00
lts: CVE-2024-8176/expat ignored

- - - - -
52a08129 by Emilio Pozuelo Monfort at 2025-03-21T18:33:50+01:00
lts: CVE-2025-2581/xmedcon postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -37,6 +37,7 @@ CVE-2025-2582 (A vulnerability was found in SimpleMachines SMF 2.1.4 and classif
 CVE-2025-2581 (A vulnerability has been found in xmedcon 0.25.0 and classified as pro ...)
 	- xmedcon <unfixed> (bug #1100986)
 	[bookworm] - xmedcon <no-dsa> (Minor issue)
+	[bullseye] - xmedcon <postponed> (Minor issue)
 	NOTE: https://xmedcon.sourceforge.io/Main/New
 	NOTE: https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
 CVE-2025-2574 (Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect i ...)
@@ -1387,6 +1388,7 @@ CVE-2025-29787 (`zip` is a zip library for rust which supports reading and writi
 CVE-2025-29786 (Expr is an expression language and expression evaluation for Go. Prior ...)
 	- golang-github-antonmedv-expr <unfixed>
 	[bookworm] - golang-github-antonmedv-expr <no-dsa> (Minor issue)
+	[bullseye] - golang-github-antonmedv-expr <postponed> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-93mq-9ffx-83m2
 	NOTE: https://github.com/expr-lang/expr/pull/762
 	NOTE: Fixed by: https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e (v1.17.0)
@@ -1872,7 +1874,8 @@ CVE-2025-XXXX [Parameter manipulation allows the forging of signed SAML messages
 	NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee (3.3.1)
 CVE-2024-8176 (A stack overflow vulnerability exists in the libexpat library due to t ...)
 	- expat 2.7.0-1
-	[bookworm] - expat <ignored> (Minor issue and too intrusive to impact)
+	[bookworm] - expat <ignored> (Minor issue and too intrusive to backport)
+	[bullseye] - expat <ignored> (Minor issue and too intrusive to backport)
 	NOTE: https://blog.hartwork.org/posts/expat-2-7-0-released/
 	NOTE: https://github.com/libexpat/libexpat/issues/893
 	NOTE: https://github.com/libexpat/libexpat/pull/973


=====================================
data/dla-needed.txt
=====================================
@@ -104,6 +104,9 @@ freetype (Adrian Bunk)
 fwupd
   NOTE: 20250217: Added by Front-Desk (Beuc)
 --
+ghostscript
+  NOTE: 20250321: Added by Front-Desk (pochu)
+--
 glewlwyd
   NOTE: 20250312: Added by Front-Desk; CVE-2024-25715 to be fixed (lamby)
 --
@@ -246,6 +249,10 @@ rails
   NOTE: 20250105: Added by Front-Desk (apo)
   NOTE: 20250305: Utkarsh uploaded the CVE fixes to unstable via rails/7.2.2.1. (utkarsh)
 --
+ruby-rack
+  NOTE: 20250321: Added by Front-Desk (pochu)
+  NOTE: 20250321: also look at postponed issues (pochu)
+--
 ruby-saml
   NOTE: 20250314: Added by Front-Desk (lamby)
 --
@@ -313,6 +320,9 @@ vim (Sean Whitton)
   NOTE: 20250228: week because there was a bad arbitrary code execution CVE to
   NOTE: 20250228: fix.  (spwhitton)
 --
+webkit2gtk (Emilio)
+  NOTE: 20250321: Added by Front-Desk (pochu)
+--
 xrdp
   NOTE: 20250207: Added by Front-Desk (apo)
   NOTE: 20250227: https://people.debian.org/~abhijith/upload/xrdp_patches/ (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4ef24a2da97072943db2e70b9ce7ff6860d86d8f...52a0812963506e9c4c463f8ee90c238c37fd3e11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4ef24a2da97072943db2e70b9ce7ff6860d86d8f...52a0812963506e9c4c463f8ee90c238c37fd3e11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250321/f095d653/attachment-0001.htm>
