[Git][security-tracker-team/security-tracker][master] 9 commits: Add Debian bug reference for CVE-2025-46727

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu May 8 20:51:02 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2280b37b by Salvatore Bonaccorso at 2025-05-08T21:47:07+02:00
Add Debian bug reference for CVE-2025-46727

- - - - -
ace59d47 by Salvatore Bonaccorso at 2025-05-08T21:47:44+02:00
Add Debian bug reference for CVE-2025-46336

- - - - -
685657a8 by Salvatore Bonaccorso at 2025-05-08T21:48:02+02:00
Add Debian bug reference for CVE-2025-4390

- - - - -
3b0cb97c by Salvatore Bonaccorso at 2025-05-08T21:48:20+02:00
Add Debian bug reference for CVE-2025-27533

- - - - -
2333f1d8 by Salvatore Bonaccorso at 2025-05-08T21:48:37+02:00
Add Debian bug reference for CVE-2025-4373

- - - - -
3204ea39 by Salvatore Bonaccorso at 2025-05-08T21:49:12+02:00
Add Debian bug reference for CVE-2025-32022

- - - - -
8898cd07 by Salvatore Bonaccorso at 2025-05-08T21:49:48+02:00
Add Debian bug reference for CVE-2025-46728

- - - - -
7f7fbf42 by Salvatore Bonaccorso at 2025-05-08T21:50:05+02:00
Add Debian bug reference for CVE-2025-2509

- - - - -
634cc679 by Salvatore Bonaccorso at 2025-05-08T21:50:24+02:00
Add Debian bug reference for CVE-2025-4287

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2025-46826 (insa-auth is an authentication server for INSA Rouen. A minor is
 CVE-2025-46821 (Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1 ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2025-46727 (Rack is a modular Ruby web server interface. Prior to versions 2.2.14, ...)
-	- ruby-rack <unfixed>
+	- ruby-rack <unfixed> (bug #1104927)
 	NOTE: https://github.com/rack/rack/security/advisories/GHSA-gjh7-p2fx-99vx
 	NOTE: Fixed by: https://github.com/rack/rack/commit/cd6b70a1f2a1016b73dc906f924869f4902c2d74 (v3.1.14)
 	NOTE: Fxied by: https://github.com/rack/rack/commit/2bb5263b464b65ba4b648996a579dbd180d2b712 (v3.0.16)
@@ -41,7 +41,7 @@ CVE-2025-35995 (When a BIG-IP PEM system is licensed with URL categorization, an
 CVE-2025-35939 (Craft CMS stores arbitrary content provided by unauthenticated users i ...)
 	NOT-FOR-US: Craft CMS
 CVE-2025-46336
-	- ruby-rack-session <unfixed>
+	- ruby-rack-session <unfixed> (bug #1104928)
 	NOTE: https://github.com/rack/rack-session/security/advisories/GHSA-9j94-67jr-4cqj
 	NOTE: Fixed by: https://github.com/rack/rack-session/commit/c58ad7952cc7d0649f0ea9c78d55049739c49e5a (v2.1.1)
 CVE-2025-32441 (Rack is a modular Ruby web server interface. Prior to version 2.2.14,  ...)
@@ -218,7 +218,7 @@ CVE-2024-8973
 CVE-2025-0549
 	- gitlab <unfixed>
 CVE-2025-4390
-	- slurm-wlm <unfixed>
+	- slurm-wlm <unfixed> (bug #1104929)
 	NOTE: https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/
 CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
 	NOT-FOR-US: WordPress plugin
@@ -816,7 +816,7 @@ CVE-2025-0649 (Incorrect JSON input stringificationin Google's Tensorflow servin
 CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is vulne ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
-	- activemq <unfixed>
+	- activemq <unfixed> (bug #1104933)
 	NOTE: https://issues.apache.org/jira/browse/AMQ-6596
 CVE-2025-4372 (Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 all ...)
 	{DSA-5916-1}
@@ -829,7 +829,7 @@ CVE-2025-4384 (The MQTT add-on of PcVue fails to verify that a remote device\u20
 CVE-2025-4374 (A flaw was found in Quay. When an organization acts as a proxy cache,  ...)
 	NOT-FOR-US: Quay
 CVE-2025-4373 (A flaw was found in GLib, which is vulnerable to an integer overflow i ...)
-	- glib2.0 <unfixed>
+	- glib2.0 <unfixed> (bug #1104930)
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3677
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4588
 	NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4592
@@ -934,7 +934,7 @@ CVE-2025-3782 (The Cision Block plugin for WordPress is vulnerable to Stored Cro
 CVE-2025-37730 (Improper certificate validation in Logstash's TCP output could lead to ...)
 	- logstash <itp> (bug #664841)
 CVE-2025-32022 (Finit provides fast init for Linux systems. Finit's urandom plugin has ...)
-	- finit <unfixed>
+	- finit <unfixed> (bug #1104932)
 	[bookworm] - finit <no-dsa> (Minor issue)
 	NOTE: https://github.com/troglobit/finit/security/advisories/GHSA-fv6v-vw8h-9x79
 	NOTE: Fixed by: https://github.com/troglobit/finit/commit/3feff37ba51fa0a6a0a06f59682a0918aa5b04de (4.12)
@@ -1139,7 +1139,7 @@ CVE-2025-47297
 CVE-2025-47296
 	REJECTED
 CVE-2025-46728 (cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. ...)
-	- cpp-httplib <unfixed>
+	- cpp-httplib <unfixed> (bug #1104926)
 	NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-px83-72rx-v57c
 	NOTE: Fixed by: https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e (v0.20.1)
 CVE-2025-46593 (Process residence vulnerability in abnormal scenarios in the print mod ...)
@@ -1179,7 +1179,7 @@ CVE-2025-3020 (An low privileged remote Attacker can execute arbitrary web scrip
 CVE-2025-2802 (The LayoutBoxx plugin for WordPress is vulnerable to arbitrary shortco ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-2509 (Out-of-Bounds Read in Virglrenderer in ChromeOS  16093.57.0 allows a m ...)
-	- virglrenderer <unfixed>
+	- virglrenderer <unfixed> (bug #1104934)
 CVE-2025-1493 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1 ...)
 	NOT-FOR-US: IBM
 CVE-2025-1000 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...)
@@ -1197,7 +1197,7 @@ CVE-2025-4318 (The AWS Amplify Studio UI component property expressions in the a
 CVE-2025-4316 (Improper access control in PAM feature in Devolutions Server 2025.1.6. ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-4287 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as ...)
-	- pytorch <unfixed>
+	- pytorch <unfixed> (bug #1104931)
 	NOTE: https://github.com/pytorch/pytorch/issues/150836
 	NOTE: https://github.com/pytorch/pytorch/pull/150923
 CVE-2025-4286 (A vulnerability was found in Intelbras InControl up to 2.21.59. It has ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23267eb91e2e129d4259140b9df64e872d70d83f...634cc679a36cee73c4dcec7fd879942086813eca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/23267eb91e2e129d4259140b9df64e872d70d83f...634cc679a36cee73c4dcec7fd879942086813eca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250508/b1e01239/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list