[Git][security-tracker-team/security-tracker][master] 7 commits: CVE-2025-30219,rabbitmq: bullseye is postponed
Markus Koschany (@apo)
apo at debian.org
Mon Mar 31 12:00:22 BST 2025
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b1abaa4 by Markus Koschany at 2025-03-31T12:47:20+02:00
CVE-2025-30219,rabbitmq: bullseye is postponed
Minor issue
- - - - -
870af6ab by Markus Koschany at 2025-03-31T12:49:00+02:00
Triage libmatio issues as postponed for bullseye
same reasoning as for bookworm, revisit when fixed upstream
- - - - -
322de011 by Markus Koschany at 2025-03-31T12:50:27+02:00
CVE-2024-6827,gunicorn: bullseye is postponed
Minor issue
- - - - -
cb7dae38 by Markus Koschany at 2025-03-31T12:51:38+02:00
Triage fig2dev issues as postponed for bullseye
Minor issues
- - - - -
78c0bba2 by Markus Koschany at 2025-03-31T12:54:50+02:00
Claim commons-vfs in dla-needed.txt
- - - - -
8e793ba8 by Markus Koschany at 2025-03-31T12:57:08+02:00
Triage hoteldruid issues as postponed for bullseye
Minor issues
- - - - -
f1efa5da by Markus Koschany at 2025-03-31T12:59:33+02:00
Triage assimp CVE as postponed for bullseye
Minor issues
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -268,16 +268,19 @@ CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an attacker to ...)
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
+ [bullseye] - fig2dev <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/184/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/ff9aba206a30288f456dfc91584a52ba9927b438/
CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
+ [bullseye] - fig2dev <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/186/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c8a87d22036e62bac0c6f7836078d8103caa6457/
CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an attacke ...)
- fig2dev 1:3.2.9a-2
[bookworm] - fig2dev <no-dsa> (Minor issue)
+ [bullseye] - fig2dev <postponed> (Minor issue)
NOTE: https://sourceforge.net/p/mcj/tickets/185/
NOTE: Fixed by: https://sourceforge.net/u/mcj/fig2dev/ci/da8992f44b84a337b4edaa67fc8b36b55eaef696/
CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -1929,6 +1932,7 @@ CVE-2025-30222 (Shescape is a simple shell escape library for JavaScript. Versio
CVE-2025-30219 (RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 ...)
- rabbitmq-server 4.0.5-1
[bookworm] - rabbitmq-server <no-dsa> (Minor issue)
+ [bullseye] - rabbitmq-server <postponed> (Minor issue)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-g58g-82mw-9m3p
CVE-2025-2576 (The Ayyash Studio \u2014 The kick-start kit plugin for WordPress is vu ...)
NOT-FOR-US: WordPress plugin
@@ -1989,22 +1993,27 @@ CVE-2025-30091 (In Tiny MoxieManager PHP before 4.0.0, remote code execution can
CVE-2025-2757 (A vulnerability classified as critical was found in Open Asset Import ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6019
CVE-2025-2756 (A vulnerability classified as critical has been found in Open Asset Im ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6018
CVE-2025-2755 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6017
CVE-2025-2754 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6015
CVE-2025-2753 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3. I ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6014
CVE-2025-2635 (The Digital License Manager plugin for WordPress is vulnerable to Refl ...)
NOT-FOR-US: WordPress plugin
@@ -2071,14 +2080,17 @@ CVE-2024-10037 (A vulnerability exists in the RTU500 web server component that c
CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp 5.4.3 an ...)
- assimp <unfixed> (bug #1101494)
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6013
CVE-2025-2751 (A vulnerability has been found in Open Asset Import Library Assimp 5.4 ...)
- assimp <unfixed> (bug #1101495)
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6012
CVE-2025-2750 (A vulnerability, which was classified as critical, was found in Open A ...)
- assimp <unfixed> (bug #1101496)
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6011
CVE-2025-2744 (A vulnerability, which was classified as critical, was found in zhijia ...)
NOT-FOR-US: ruoyi-vue-pro
@@ -2752,12 +2764,14 @@ CVE-2025-2593 (A vulnerability has been found in FastCMS up to 0.1.5 and classif
CVE-2025-2592 (A vulnerability, which was classified as critical, has been found in O ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6010
NOTE: https://github.com/assimp/assimp/pull/6052
NOTE: Fixed by: https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743
CVE-2025-2591 (A vulnerability classified as problematic was found in Open Asset Impo ...)
- assimp <unfixed>
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6009
NOTE: https://github.com/assimp/assimp/pull/6047
NOTE: Fixed by: https://github.com/assimp/assimp/commit/bcf11c252a9635af83c0f48b5ebdfad8e1ab5522
@@ -3320,6 +3334,7 @@ CVE-2024-6829 (A vulnerability in aimhubio/aim version 3.19.3 allows an attacker
CVE-2024-6827 (Gunicorn version 21.2.0 does not properly validate the value of the 'T ...)
- gunicorn 23.0.0-1 (bug #1100989)
[bookworm] - gunicorn <no-dsa> (Minor issue)
+ [bullseye] - gunicorn <postponed> (Minor issue)
NOTE: https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7
NOTE: Fixed by: https://github.com/benoitc/gunicorn/commit/555d2fa27f2d891f23bd03890e4a826b5018c6b4 (23.0.0)
CVE-2024-6825 (BerriAI/litellm version 1.40.12 contains a vulnerability that allows r ...)
@@ -4440,10 +4455,12 @@ CVE-2025-2339 (A vulnerability was found in otale Tale Blog 2.0.5. It has been c
CVE-2025-2338 (A vulnerability, which was classified as critical, was found in tbeu m ...)
- libmatio <unfixed> (bug #1100992)
[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/tbeu/matio/issues/269
CVE-2025-2337 (A vulnerability, which was classified as critical, has been found in t ...)
- libmatio <unfixed> (bug #1100992)
[bookworm] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
+ [bullseye] - libmatio <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/tbeu/matio/issues/267
CVE-2025-30077 (Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an i ...)
NOT-FOR-US: onos-lib-go
@@ -5597,14 +5614,17 @@ CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3 B
CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users to set w ...)
- hoteldruid <unfixed> (bug #1101015)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
+ [bullseye] - hoteldruid <postponed> (Minor issue)
NOTE: https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7
CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid ...)
- hoteldruid <unfixed> (bug #1101015)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
+ [bullseye] - hoteldruid <postponed> (Minor issue)
NOTE: https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7
CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 ...)
- hoteldruid <unfixed> (bug #1101015)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
+ [bullseye] - hoteldruid <postponed> (Minor issue)
NOTE: https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7
CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulne ...)
NOT-FOR-US: LSC Smart Connect LSC Indoor PTZ Camera
=====================================
data/dla-needed.txt
=====================================
@@ -56,6 +56,9 @@ ckeditor3
NOTE: 20241002: rouca to check EOL'd ckeditor3 -> ckeditor[v4] upgrade path
NOTE: 20241002: https://lists.debian.org/debian-lts/2024/10/msg00003.html
--
+commons-vfs (Markus Koschany)
+ NOTE: 20250331: Added by Front-Desk (apo)
+--
dcmtk
NOTE: 20250220: Added by Front-Desk (Beuc)
NOTE: 20250220: Previous DLA introduced another regression, this is CVE-2024-47796.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1a58012a16bc21ca7784fe77126b598e98281de0...f1efa5daa7807ff4187fb20234cda6598d87965e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1a58012a16bc21ca7784fe77126b598e98281de0...f1efa5daa7807ff4187fb20234cda6598d87965e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250331/f2f8a3c3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list