[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Mar 22 16:28:27 GMT 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a89f079c by Moritz Muehlenhoff at 2025-03-22T17:20:38+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -348,6 +348,7 @@ CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (X
NOT-FOR-US: LocalAI
CVE-2024-9880 (A command injection vulnerability exists in the `pandas.DataFrame.quer ...)
- pandas <unfixed>
+ [bookworm] - pandas <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d
CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request Forge ...)
- flatpress <itp> (bug #466297)
@@ -1044,6 +1045,7 @@ CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL Comma
NOT-FOR-US: CM Informatics CM News
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with ...)
- gnupg2 2.2.46-5 (bug #1100990)
+ [bookworm] - gnupg2 <no-dsa> (Minor issue)
NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
NOTE: https://dev.gnupg.org/T7527
NOTE: https://gitlab.com/freepg/gnupg/-/merge_requests/18
@@ -4248,6 +4250,7 @@ CVE-2025-27622 (Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not reda
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-27516 (Jinja is an extensible templating engine. Prior to 3.1.6, an oversight ...)
- jinja2 <unfixed> (bug #1099690)
+ [bookworm] - jinja2 <no-dsa> (Minor issue)
NOTE: https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
NOTE: Fixed by: https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7 (3.1.6)
CVE-2025-27508 (Emissary is a P2P based data-driven workflow engine. The ChecksumCalcu ...)
@@ -24873,9 +24876,11 @@ CVE-2025-21615 (AAT (Another Activity Tracker) is a GPS-tracking application for
NOT-FOR-US: AAT (Another Activity Tracker)
CVE-2025-21614 (go-git is a highly extensible git implementation library written in pu ...)
- golang-github-go-git-go-git 5.13.2-1 (bug #1092679)
+ [bookworm] - golang-github-go-git-go-git <no-dsa> (Minor issue)
NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
CVE-2025-21613 (go-git is a highly extensible git implementation library written in pu ...)
- golang-github-go-git-go-git 5.13.2-1 (bug #1092678)
+ [bookworm] - golang-github-go-git-go-git <no-dsa> (Minor issue)
NOTE: https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
CVE-2025-21612 (TabberNeue is a MediaWiki extension that allows the wiki to create tab ...)
NOT-FOR-US: MediaWiki extension TabberNeue
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89f079c63c45d4c687a16c821d2675495d34641
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89f079c63c45d4c687a16c821d2675495d34641
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250322/db95ac27/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list