[Git][security-tracker-team/security-tracker][master] bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7709d922 by Moritz Muehlenhoff at 2025-03-25T13:13:26+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3500,12 +3500,15 @@ CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 B
 	NOT-FOR-US: Openmrs
 CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users to set w ...)
 	- hoteldruid <unfixed> (bug #1101015)
+	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7
 CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid ...)
 	- hoteldruid <unfixed> (bug #1101015)
+	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7
 CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7  ...)
 	- hoteldruid <unfixed> (bug #1101015)
+	[bookworm] - hoteldruid <no-dsa> (Minor issue)
 	NOTE: https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7
 CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulne ...)
 	NOT-FOR-US: LSC Smart Connect LSC Indoor PTZ Camera
@@ -15748,6 +15751,7 @@ CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure default credentials for th
 	NOT-FOR-US: Zyxel
 CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF chara ...)
 	- cpp-httplib <unfixed>
+	[bookworm] - cpp-httplib <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/yhirose/cpp-httplib/commit/9c36aae4b73e2b6e493f4133e4173103c9266289 (v0.18.4)
 CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web interface that ...)
 	NOT-FOR-US: Western Telematic
@@ -348640,6 +348644,7 @@ CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumen
 	NOT-FOR-US: Zyxel
 CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for  ...)
 	- kotlin <unfixed> (bug #1001037)
+	[bookworm] - kotlin <no-dsa> (Minor issue)
 	NOTE: https://youtrack.jetbrains.com/issue/KT-42181 (not public)
 CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...)
 	NOT-FOR-US: spiped Docker images


=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ jpeg-xl
 libreswan
   Waiting on feedback from maintainer
 --
+libxml2 (aron)
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more 6.1.y versions
@@ -54,6 +56,8 @@ ruby-rack (jmm)
 ruby-saml
   Utkarsh Gupta might work on an update
 --
+simplesamlphp
+--
 sogo
 --
 sympa



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7709d9228bc3f1a675b7327b7e08f389351b8488

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7709d9228bc3f1a675b7327b7e08f389351b8488
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250325/a12db540/attachment-0001.htm>