[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 28 14:49:07 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
38391a1f by Moritz Muehlenhoff at 2025-03-28T15:46:35+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2025-22739 (Missing Authorization vulnerability in ThimPress LearnPress allo
 CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand() function as th ...)
-	- libdata-entropy-perl <unfixed>
+	- libdata-entropy-perl <unfixed> (bug #1101503)
 CVE-2025-1762 (The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 do ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-49601 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
@@ -83,7 +83,7 @@ CVE-2024-49564 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neu
 CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutraliz ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is vulnerable to  ...)
-	- libstring-compare-constanttime-perl <unfixed>
+	- libstring-compare-constanttime-perl <unfixed> (bug #1101502)
 	NOTE: https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
 CVE-2024-56325
 	NOT-FOR-US: Apache Pinot
@@ -369,7 +369,7 @@ CVE-2025-30358 (Mesop is a Python-based UI framework that allows users to build
 CVE-2025-30221 (Pitchfork is a preforking HTTP server for Rack applications. Versions  ...)
 	NOT-FOR-US: Pitchfork
 CVE-2025-30093 (HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before ...)
-	- condor <unfixed>
+	- condor <unfixed> (bug #1101498)
 	NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html
 CVE-2025-2867 (An issue has been discovered in the GitLab Duo with Amazon Q affecting ...)
 	NOT-FOR-US: GitLab Duo with Amazon Q
@@ -384,7 +384,7 @@ CVE-2025-2854 (A vulnerability classified as critical was found in code-projects
 CVE-2025-2852 (A vulnerability has been found in SourceCodester Food Ordering Managem ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-2849 (A vulnerability, which was classified as problematic, was found in UPX ...)
-	- upx-ucl <unfixed>
+	- upx-ucl <unfixed> (bug #1101500)
 	NOTE: https://github.com/upx/upx/issues/898
 	NOTE: https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2
 CVE-2025-2847 (A vulnerability, which was classified as critical, has been found in C ...)
@@ -544,7 +544,7 @@ CVE-2024-55072 (A Broken Object Level Authorization vulnerability in the compone
 CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the component /ho ...)
 	NOT-FOR-US: hay-kot mealie
 CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link Following") and  ...)
-	- node-tar-fs <unfixed>
+	- node-tar-fs <unfixed> (bug #1101501)
 	NOTE: https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed (v3.0.7)
 CVE-2023-38272 (IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5 ...)
 	NOT-FOR-US: IBM
@@ -1606,15 +1606,15 @@ CVE-2024-11499 (A vulnerability exists in RTU500 IEC 60870-4-104 controlled stat
 CVE-2024-10037 (A vulnerability exists in the RTU500 web server component that can cau ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3 an ...)
-	- assimp <unfixed>
+	- assimp <unfixed> (bug #1101494)
 	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6013
 CVE-2025-2751 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
-	- assimp <unfixed>
+	- assimp <unfixed> (bug #1101495)
 	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6012
 CVE-2025-2750 (A vulnerability, which was classified as critical, was found in Open A ...)
-	- assimp <unfixed>
+	- assimp <unfixed> (bug #1101496)
 	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://github.com/assimp/assimp/issues/6011
 CVE-2025-2744 (A vulnerability, which was classified as critical, was found in zhijia ...)
@@ -1704,11 +1704,11 @@ CVE-2025-29135 (A stack-based buffer overflow vulnerability in Tenda AC7 V15.03.
 CVE-2025-29100 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the fromSet ...)
 	NOT-FOR-US: Tenda
 CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed  ...)
-	- mbedtls <unfixed>
+	- mbedtls <unfixed> (bug #1101499)
 	[bookworm] - mbedtls <no-dsa> (Minor issue)
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
 CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, acce ...)
-	- mbedtls <unfixed>
+	- mbedtls <unfixed> (bug #1101499)
 	NOTE: https://github.com/Mbed-TLS/mbedtls/issues/466
 	NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
 CVE-2025-26512 (SnapCenter versions prior to  6.0.1P1 and 6.1P1 are susceptible to a v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38391a1fff617eb0c9adc8324ad2fd2981235dac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38391a1fff617eb0c9adc8324ad2fd2981235dac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250328/5ae936c7/attachment.htm>

More information about the debian-security-tracker-commits mailing list