[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 5 15:23:28 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0980f162 by Moritz Muehlenhoff at 2025-05-05T16:23:10+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,10 +1,12 @@
 CVE-2025-43926 [ZSA-2025-07]
 	[experimental] - znuny 6.5.15-1
 	- znuny <unfixed> (bug #1104739)
+	[bookworm] - znuny <no-dsa> (Non-free not supported)
 	NOTE: https://www.znuny.org/en/advisories/zsa-2025-07
 CVE-2025-26847 [ZSA-2025-06]
 	[experimental] - znuny 6.5.15-1
 	- znuny <unfixed> (bug #1104739)
+	[bookworm] - znuny <no-dsa> (Non-free not supported)
 	NOTE: https://www.znuny.org/en/advisories/zsa-2025-06
 CVE-2025-4273
 	REJECTED
@@ -138,8 +140,9 @@ CVE-2025-4170 (The Xavin's Review Ratings plugin for WordPress is vulnerabl
 CVE-2025-4168 (The Subpage List plugin for WordPress is vulnerable to Stored Cross-Si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-47229 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a d ...)
-	- pspp <unfixed> (bug #1104636)
+	- pspp <unfixed> (unimportant; bug #1104636)
 	NOTE: https://savannah.gnu.org/bugs/?67049
+	NOTE: Crash in CLI tool, no security impact
 CVE-2025-47226 (Grokability Snipe-IT before 8.1.0 has incorrect authorization for acce ...)
 	- snipe-it <itp> (bug #1005172)
 CVE-2025-46723 (OpenVM is a performant and modular zkVM framework built for customizat ...)
@@ -156,9 +159,12 @@ CVE-2025-0782 (A vulnerability in the S3 bucket configuration for h2oai/h2o-3 al
 	NOT-FOR-US: h2oai/h2o-3
 CVE-2024-55069 (ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_ ...)
 	- ffmpeg 7:7.1.1-1
+	[bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
+	[bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
 	NOTE: https://trac.ffmpeg.org/ticket/11326
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4cc1495aca45445181a107a682c32cfe3145
 	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/88126fc4ecff16c8337bab0ff33bee858a18d555 (n7.1.1)
+	NOTE: Introduced in: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b (n7.0)
 CVE-2024-13738 (The The Motors - Car Dealer, Rental & Listing WordPress theme theme fo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4214 (A vulnerability was found in PHPGuruku Online DJ Booking Management Sy ...)
@@ -2339,6 +2345,7 @@ CVE-2025-30202 (vLLM is a high-throughput and memory-efficient inference and ser
 	- vllm <itp> (bug #1095237)
 CVE-2025-29906 (Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 ...)
 	- finit 4.11-1
+	[bookworm] - finit <no-dsa> (Minor issue)
 	NOTE: https://github.com/troglobit/finit/security/advisories/GHSA-563g-p98j-mc9q
 	NOTE: https://github.com/troglobit/finit/commit/6528628b5c771c25ffa0cb1a46c6c89d9d0d69e0 (4.11-rc1)
 CVE-2025-25962 (An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows ...)
@@ -2841,6 +2848,7 @@ CVE-2025-46654 (CodiMD through 2.2.0 has a CSP-based protection mechanism agains
 	NOT-FOR-US: CodiMD
 CVE-2025-46653 (Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies ...)
 	- node-formidable <unfixed> (bug #1104246)
+	[bookworm] - node-formidable <ignored> (Minor issue)
 	NOTE: Fixed by: https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5 (v3.5.3)
 CVE-2025-46580 (There is a code-related vulnerability in the GoldenDB database product ...)
 	NOT-FOR-US: ZTE



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980f162b85c432d0ba8c8dc5eff62717b045c6f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980f162b85c432d0ba8c8dc5eff62717b045c6f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250505/7b3a474b/attachment.htm>

More information about the debian-security-tracker-commits mailing list