[Git][security-tracker-team/security-tracker][master] Reclaim edk2 and php-twig

Markus Koschany (@apo) apo at debian.org
Sun May 11 00:35:01 BST 2025 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c8832f7e by Markus Koschany at 2025-05-11T01:34:53+02:00
Reclaim edk2 and php-twig

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -67,11 +67,12 @@ dcmtk
   NOTE: 20250220: Follow/contribute to in-progress PU #1095854 (Beuc/front-desk)
   NOTE: 20250224: See https://salsa.debian.org/lts-team/packages/dcmtk/-/commits/wip/bullseye (ah)
 --
-edk2
+edk2 (Markus Koschany)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
   NOTE: 20240815: (10 ipv6-related, postponed CVEs), plus there are older postponed vulnerabilities (Beuc/front-desk)
   NOTE: 20241105: maintainer proposed opu debdiff for CVE-2024-38796 and CVE-2024-1298, https://bugs.debian.org/1086762 (santiago)
+  NOTE: 20250511: WIP. I believe have addressed all remaining issues now. (apo)
 --
 epiphany-browser
   NOTE: 20250429: Added by Front-Desk (lamby)
@@ -326,9 +327,11 @@ php-horde-css-parser
 php-laravel-framework
   NOTE: 20250307: Added by Front-Desk (rouca)
 --
-php-twig
+php-twig (Markus Koschany)
   NOTE: 20250209: Added by Front-Desk (apo)
   NOTE: 20250209: Vulnerable code is in src/Node/Expression/NullCoalesceExpression.php (apo)
+  NOTE: 20250511: I could not fix CVE-2025-24374 and CVE-2024-51755 but will
+  NOTE: 20250511: release the work for CVE-2024-51754 on Monday. (apo)
 --
 python-django
   NOTE: 20250507: Added by Front-Desk (Beuc)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8832f7ea63442b1819497919fa30970c7e88979

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c8832f7ea63442b1819497919fa30970c7e88979
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250510/ae7bbe7f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list