[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Mar 27 11:29:32 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7634602 by Moritz Muehlenhoff at 2025-03-27T12:29:03+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,7 @@ CVE-2025-30355 (Synapse is an open source Matrix homeserver implementation. A ma
 	NOTE: https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
 	NOTE: https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389 (v1.127.1)
 CVE-2025-31160 (atop through 2.11.0 allows local users to cause a denial of service (e ...)
-	- atop <unfixed>
+	- atop <undetermined>
 	NOTE: https://rachelbythebay.com/w/2025/03/26/atop/
 	NOTE: https://www.openwall.com/lists/oss-security/2025/03/26/2
 CVE-2025-30524 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -192,6 +192,7 @@ CVE-2025-27609 (Icinga Web 2 is an open source monitoring web interface, framewo
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5cjw-fwjc-8j38
 CVE-2025-27406 (Icinga Reporting is the central component for reporting related functi ...)
 	- icingaweb2-module-reporting <unfixed>
+	[bookworm] - icingaweb2-module-reporting <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icingaweb2-module-reporting/security/advisories/GHSA-7qvq-54vm-r7hx
 CVE-2025-27405 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.12.4-1
@@ -329,6 +330,7 @@ CVE-2025-23459 (Improper Neutralization of Input During Web Page Generation ('Cr
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-23203 (Icinga Director is an Icinga config deployment tool. A Security vulner ...)
 	- icingaweb2-module-director <unfixed>
+	[bookworm] - icingaweb2-module-director <no-dsa> (Minor issue)
 	NOTE: https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3233-ggc5-m3qg
 CVE-2025-22283 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -398,9 +400,11 @@ CVE-2022-XXXX [RUSTSEC-2022-0094]
 	NOTE: https://github.com/purpleprotocol/mimalloc_rust/issues/87
 CVE-2025-27551 (DBIx::Class::EncodedColumn use the rand() function, which is not crypt ...)
 	- libdbix-class-encodedcolumn-perl <unfixed>
+	[bookworm] - libdbix-class-encodedcolumn-perl <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://github.com/wreis/DBIx-Class-EncodedColumn/commit/5e9e51f574f7e64e8c014e9e4f00ee8fd87a5335 (0.11)
 CVE-2025-27552 (DBIx::Class::EncodedColumn use the rand() function, which is not crypt ...)
 	- libdbix-class-encodedcolumn-perl <unfixed>
+	[bookworm] - libdbix-class-encodedcolumn-perl <ignored> (Minor issue, too intrusive to backport)
 	NOTE: https://github.com/wreis/DBIx-Class-EncodedColumn/commit/5e9e51f574f7e64e8c014e9e4f00ee8fd87a5335 (0.11)
 CVE-2025-30742 (httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-o ...)
 	NOT-FOR-US: atophttpd
@@ -410,6 +414,7 @@ CVE-2025-30222 (Shescape is a simple shell escape library for JavaScript. Versio
 	NOT-FOR-US: Shescape
 CVE-2025-30219 (RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3  ...)
 	- rabbitmq-server 4.0.5-1
+	[bookworm] - rabbitmq-server <no-dsa> (Minor issue)
 	NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p
 CVE-2025-2576 (The Ayyash Studio \u2014 The kick-start kit plugin for WordPress is vu ...)
 	NOT-FOR-US: WordPress plugin
@@ -469,18 +474,23 @@ CVE-2025-30091 (In Tiny MoxieManager PHP before 4.0.0, remote code execution can
 	NOT-FOR-US: Tiny MoxieManager PHP
 CVE-2025-2757 (A vulnerability classified as critical was found in Open Asset Import  ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6019
 CVE-2025-2756 (A vulnerability classified as critical has been found in Open Asset Im ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6018
 CVE-2025-2755 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6017
 CVE-2025-2754 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6015
 CVE-2025-2753 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
 	- assimp <unfixed>
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6014
 CVE-2025-2635 (The Digital License Manager plugin for WordPress is vulnerable to Refl ...)
 	NOT-FOR-US: WordPress plugin
@@ -644,6 +654,7 @@ CVE-2025-29100 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the f
 	NOT-FOR-US: Tenda
 CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed  ...)
 	- mbedtls <unfixed>
+	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
 CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...)
 	- mbedtls <unfixed>
@@ -32464,6 +32475,7 @@ CVE-2024-47537 (GStreamer is a library for constructing graphs of media-handling
 CVE-2024-45337 (Applications and libraries which misuse connection.serverAuthenticate  ...)
 	[experimental] - golang-go.crypto 1:0.33.0-1~exp1
 	- golang-go.crypto <unfixed> (bug #1089754)
+	[bookworm] - golang-go.crypto <no-dsa> (Minor issue)
 	[bullseye] - golang-go.crypto <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://github.com/golang/go/issues/70779
 	NOTE: https://go-review.googlesource.com/c/crypto/+/635315/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7634602a93fc8c392f3510b243928eba569f2e4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7634602a93fc8c392f3510b243928eba569f2e4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250327/554eb823/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list