[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-4390/slurm-wlm: bullseye end-of-life

Fri May 9 16:13:38 BST 2025


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c0fedca3 by Sylvain Beucler at 2025-05-09T17:13:29+02:00
CVE-2025-4390/slurm-wlm: bullseye end-of-life

- - - - -
c938c3d3 by Sylvain Beucler at 2025-05-09T17:13:29+02:00
CVE-2025-46712/erlang: bullseye postponed

- - - - -
c54d9203 by Sylvain Beucler at 2025-05-09T17:13:29+02:00
CVE-2024-13009/jetty9: fixed in DLA-4106-1

- - - - -
5b12346f by Sylvain Beucler at 2025-05-09T17:13:29+02:00
dla: gimp status update

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -243,6 +243,7 @@ CVE-2025-46812 (Trix is a what-you-see-is-what-you-get rich text editor for ever
 CVE-2025-46712 (Erlang/OTP is a set of libraries for the Erlang programming language.  ...)
 	- erlang <unfixed> (bug #1104963)
 	[bookworm] - erlang <no-dsa> (Minor issue)
+	[bullseye] - erlang <postponed> (Minor issue, "no immediate security impact")
 	NOTE: https://github.com/erlang/otp/security/advisories/GHSA-934x-xq38-hhqf
 	NOTE: https://github.com/erlang/otp/commit/e4b56a9f4a511aa9990dd86c16c61439c828df83 (OTP-25.3.2.21)
 	NOTE: https://github.com/erlang/otp/commit/816b5f70196486e693dd0a3ce59f9dde7ba558db (OTP-25.3.2.21)
@@ -568,6 +569,7 @@ CVE-2025-0549
 	- gitlab <unfixed>
 CVE-2025-4390
 	- slurm-wlm <unfixed> (bug #1104929)
+	[bullseye] - slurm-wlm <end-of-life> (see #1071127)
 	NOTE: https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce@lists.schedmd.com/message/B73QHKW6TKE2T5KDWVPIWNE5H4KWX667/
 CVE-2025-4104 (The Frontend Dashboard plugin for WordPress is vulnerable to Privilege ...)
 	NOT-FOR-US: WordPress plugin


=====================================
data/DLA/list
=====================================
@@ -159,7 +159,7 @@
 	{CVE-2021-3575 CVE-2021-29338 CVE-2022-1122 CVE-2024-56826 CVE-2024-56827}
 	[bullseye] - openjpeg2 2.4.0-3+deb11u1
 [01 Apr 2025] DLA-4106-1 jetty9 - security update
-	{CVE-2024-6762 CVE-2024-8184 CVE-2024-9823}
+	{CVE-2024-6762 CVE-2024-8184 CVE-2024-9823 CVE-2024-13009}
 	[bullseye] - jetty9 9.4.57-0+deb11u1
 [01 Apr 2025] DLA-4105-1 tzdata - new timezone database
 	[bullseye] - tzdata 2025b-0+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -107,7 +107,9 @@ freeimage
 gimp
   NOTE: 20250410: Added by Front-Desk (Beuc)
   NOTE: 20250410: CVE-2025-2760 may need a custom patch as upstream now focuses on gimp3,
-  NOTE: 20250410: doesn't plan a gimp2 fix, and gimp3 is not affected (Beuc/front-desk)
+  NOTE: 20250410: doesn't plan a gimp2 fix, and gimp3 is not affected (rewritten).
+  NOTE: 20250509: Fix suggestion: (Beuc/front-desk)
+  NOTE: 20250509: https://gitlab.gnome.org/GNOME/gimp/-/issues/12790#note_2328950
 --
 glewlwyd
   NOTE: 20250312: Added by Front-Desk; CVE-2024-25715 to be fixed (lamby)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dccfe06f428f1a7b0fe27b918911ebb4d1e16865...5b12346fe0620799dc9daf7976733dd497b627e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dccfe06f428f1a7b0fe27b918911ebb4d1e16865...5b12346fe0620799dc9daf7976733dd497b627e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/cb1ca5f6/attachment-0001.htm>
