[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-30258,gnupg2: bullseye is postponed
Markus Koschany (@apo)
apo at debian.org
Wed Mar 26 12:29:27 GMT 2025
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f588885f by Markus Koschany at 2025-03-26T13:28:17+01:00
CVE-2025-30258,gnupg2: bullseye is postponed
Minor issue.
- - - - -
604c5531 by Markus Koschany at 2025-03-26T13:28:18+01:00
CVE-2024-9880,pandas: bullseye is ignored
According to the panda developers the query function works as intended.
https://github.com/pandas-dev/pandas/issues/60602
Not a security problem
- - - - -
b66327b2 by Markus Koschany at 2025-03-26T13:28:51+01:00
CVE-2022-49737,xorg-server: bullseye is postponed
Minor issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1103,6 +1103,7 @@ CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (X
CVE-2024-9880 (A command injection vulnerability exists in the `pandas.DataFrame.quer ...)
- pandas <unfixed>
[bookworm] - pandas <no-dsa> (Minor issue)
+ [bullseye] - pandas <ignored> (Minor issue)
NOTE: https://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d
CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request Forge ...)
- flatpress <itp> (bug #466297)
@@ -1803,6 +1804,7 @@ CVE-2024-12016 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a certificate with ...)
- gnupg2 2.2.46-5 (bug #1100990)
[bookworm] - gnupg2 <no-dsa> (Minor issue)
+ [bullseye] - gnupg2 <postponed> (Minor issue)
NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
NOTE: https://dev.gnupg.org/T7527
NOTE: https://gitlab.com/freepg/gnupg/-/merge_requests/18
@@ -2588,6 +2590,7 @@ CVE-2024-13126 (The Download Manager WordPress plugin before 3.3.07 doesn't prev
CVE-2022-49737 (In X.Org X server 20.11 through 21.1.16, when a client application use ...)
- xorg-server <unfixed> (bug #1081338)
[bookworm] - xorg-server <postponed> (Minor issue, can be fixed along in future DSA)
+ [bullseye] - xorg-server <postponed> (Minor issue)
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/dc7cb45482cea6ccec22d117ca0b489500b4d0a0
CVE-2025-2333
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f736483264955217b2bdca44c4cfe9d9f5f6f898...b66327b2abebb7b4c6abff779be754f428f71ec5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f736483264955217b2bdca44c4cfe9d9f5f6f898...b66327b2abebb7b4c6abff779be754f428f71ec5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250326/492a68e3/attachment.htm>
More information about the debian-security-tracker-commits
mailing list