[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon Mar 24 10:51:58 GMT 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ad8cb8e by Moritz Muehlenhoff at 2025-03-24T11:51:49+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -171,6 +171,7 @@ CVE-2025-30472 (Corosync through 3.1.9, if encryption is disabled or the attacke
 CVE-2025-30204 (golang-jwt is a Go implementation of JSON Web Tokens. Prior to  5.2.2  ...)
 	- golang-github-golang-jwt-jwt-v5 5.2.2-1
 	- golang-github-golang-jwt-jwt 5.0.0+really4.5.2-1
+	[bookworm] - golang-github-golang-jwt-jwt <no-dsa> (Minor issue)
 	NOTE: https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
 	NOTE: Fixed by: https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3 (v5.2.2)
 	NOTE: Fixed by: https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84 (v4.5.2)
@@ -222,7 +223,9 @@ CVE-2025-26796 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input
 	NOT-FOR-US: Apache Oozie
 CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application Framework thr ...)
 	- php-horde <unfixed>
+	[bookworm] - php-horde <ignored> (Horde in Bookworm is broken due to PHP 8 issues and will be removed in the next point release)
 	- php-horde-imp <unfixed>
+	[bookworm] - php-horde-imp <ignored> (Horde in Bookworm is broken due to PHP 8 issues and will be removed in the next point release)
 	NOTE: https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
 	NOTE: https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
 CVE-2025-30179 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11 ...)
@@ -245,11 +248,13 @@ CVE-2025-2593 (A vulnerability has been found in FastCMS up to 0.1.5 and classif
 	NOT-FOR-US: FastCMS
 CVE-2025-2592 (A vulnerability, which was classified as critical, has been found in O ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6010
 	NOTE: https://github.com/assimp/assimp/pull/6052
 	NOTE: Fixed by: https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743
 CVE-2025-2591 (A vulnerability classified as problematic was found in Open Asset Impo ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6009
 	NOTE: https://github.com/assimp/assimp/pull/6047
 	NOTE: Fixed by: https://github.com/assimp/assimp/commit/bcf11c252a9635af83c0f48b5ebdfad8e1ab5522
@@ -259,6 +264,7 @@ CVE-2025-2589 (A vulnerability was found in code-projects Human Resource Managem
 	NOT-FOR-US: code-projects
 CVE-2025-2588 (A vulnerability has been found in Hercules Augeas 1.14.1 and classifie ...)
 	- augeas <unfixed>
+	[bookworm] - augeas <no-dsa> (Minor issue)
 	NOTE: https://github.com/hercules-team/augeas/issues/852
 CVE-2025-2587 (A vulnerability, which was classified as critical, was found in Jinher ...)
 	NOT-FOR-US: Jinher OA C6
@@ -3736,14 +3742,17 @@ CVE-2025-1362 (The URL Shortener | Conversion Tracking  | AB Testing  | WooComme
 	NOT-FOR-US: WordPress plugin
 CVE-2023-52971 (MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes i ...)
 	- mariadb <unfixed> (bug #1100437)
+	[bookworm] - mariadb <no-dsa> (Minor issue)
 	- mariadb-10.5 <removed>
 	NOTE: https://jira.mariadb.org/browse/MDEV-32084 (not public)
 CVE-2023-52970 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through  ...)
 	- mariadb <unfixed> (bug #1100437)
+	[bookworm] - mariadb <no-dsa> (Minor issue)
 	- mariadb-10.5 <removed>
 	NOTE: https://jira.mariadb.org/browse/MDEV-32086 (not public)
 CVE-2023-52969 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through  ...)
 	- mariadb <unfixed> (bug #1100437)
+	[bookworm] - mariadb <no-dsa> (Minor issue)
 	- mariadb-10.5 <removed>
 	NOTE: https://jira.mariadb.org/browse/MDEV-32083 (not public)
 CVE-2023-52968 (MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 1 ...)
@@ -16808,6 +16817,7 @@ CVE-2025-24527 (An issue was discovered in Akamai Enterprise Application Access
 	NOT-FOR-US: Akamai
 CVE-2025-24374 (Twig is a template language for PHP. When using the ?? operator, outpu ...)
 	- php-twig 3.19.0-1~bootstrap
+	[bookworm] - php-twig <no-dsa> (Minor issue)
 	- twig <removed>
 	NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr
 	NOTE: https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3 (v3.19.0)
@@ -44944,6 +44954,7 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has
 	- ruby3.3 <unfixed>
 	- ruby3.2 <removed>
 	- ruby3.1 <unfixed>
+	[bookworm] - ruby3.1 <no-dsa> (Minor issue)
 	- ruby2.7 <removed>
 	NOTE: https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
 	NOTE: https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f (v3.3.9)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad8cb8ea52a62b9ede9548abf4e53c3c6340a37

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad8cb8ea52a62b9ede9548abf4e53c3c6340a37
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250324/47f09c8e/attachment.htm>
