[Git][security-tracker-team/security-tracker][master] 2 commits: dla: add python-django

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri May 9 07:34:21 BST 2025 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af07a90e by Sylvain Beucler at 2025-05-09T08:32:56+02:00
dla: add python-django

- - - - -
5628d4cf by Sylvain Beucler at 2025-05-09T08:33:43+02:00
CVE-2025-47256/libxmp: follow stable triage

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1010,6 +1010,7 @@ CVE-2025-47417 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in depack_pha i ...)
 	- libxmp 4.6.2-2
 	[bookworm] - libxmp <no-dsa> (Minor issue)
+	[bullseye] - libxmp <postponed> (Minor issue)
 	NOTE: https://github.com/libxmp/libxmp/issues/847
 	NOTE: https://github.com/libxmp/libxmp/pull/848
 	NOTE: Fixed by: https://github.com/libxmp/libxmp/commit/004a102c5a75ad809fc309ff73ce8d0f9ab3e456


=====================================
data/dla-needed.txt
=====================================
@@ -341,6 +341,11 @@ php-twig
   NOTE: 20250209: Added by Front-Desk (apo)
   NOTE: 20250209: Vulnerable code is in src/Node/Expression/NullCoalesceExpression.php (apo)
 --
+python-django
+  NOTE: 20250507: Added by Front-Desk (Beuc)
+  NOTE: 20250507: Added on request from lamby about CVE-2025-32873.
+  NOTE: 20250507: Many postponed vulnerabilities to fix as well (Beuc/front-desk)
+--
 python-flask-cors (dleidert)
   NOTE: 20250422: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b9bbd19688cc05609a317483e0c656c18af78f41...5628d4cf6f5b376251ffc94573706aa161356266

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b9bbd19688cc05609a317483e0c656c18af78f41...5628d4cf6f5b376251ffc94573706aa161356266
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/15c6bd1a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list