[Git][security-tracker-team/security-tracker][master] bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue May 13 09:06:41 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
09d5c152 by Moritz Muehlenhoff at 2025-05-13T10:06:32+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -244,7 +244,8 @@ CVE-2025-47828 (Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call f
CVE-2025-47817 (In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit req ...)
NOT-FOR-US: BlueWave Checkmate
CVE-2025-47816 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an ...)
- - pspp <unfixed> (bug #1105104)
+ - pspp <unfixed> (unimportant; bug #1105104)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://savannah.gnu.org/bugs/?67073
CVE-2025-47815 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a h ...)
- pspp <unfixed> (bug #1105105)
@@ -8548,6 +8549,7 @@ CVE-2025-30723 (Vulnerability in the Oracle BI Publisher product of Oracle Analy
CVE-2025-30722 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.42-1 (bug #1103385)
- mariadb <unfixed>
+ [bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point release)
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 <postponed> (Minor issue, follow bookworm PU, possible performance regression #1104874)
NOTE: https://mariadb.com/kb/en/security/
@@ -8621,6 +8623,7 @@ CVE-2025-30694 (Vulnerability in the XML Database component of Oracle Database S
CVE-2025-30693 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 8.0.42-1 (bug #1103385)
- mariadb <unfixed>
+ [bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point release)
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 <postponed> (Minor issue, follow bookworm PU, possible performance regression #1104874)
NOTE: https://mariadb.com/kb/en/security/
@@ -10881,6 +10884,7 @@ CVE-2025-32460 (GraphicsMagick before 8e56520 has a heap-based buffer over-read
NOTE: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
CVE-2025-31672 (Improper Input Validation vulnerability in Apache POI. The issue affec ...)
- libapache-poi-java <unfixed> (bug #1103629)
+ [bookworm] - libapache-poi-java <no-dsa> (Minor issue)
[bullseye] - libapache-poi-java <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/08/2
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=69620
=====================================
data/dsa-needed.txt
=====================================
@@ -56,17 +56,21 @@ ring
ruby-saml
Utkarsh Gupta might work on an update
--
+slurm-wlm
+--
sogo
--
sympa
--
tcpdf
--
-varnish
+varnish (jmm)
Maintainer has prepared an update
--
wordpress
--
+xen
+--
yelp
--
zabbix
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09d5c152bc39acde92cdf85a27e16bdf4b498752
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09d5c152bc39acde92cdf85a27e16bdf4b498752
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/067c5cee/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list