[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 13 14:44:03 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54d3944b by Moritz Muehlenhoff at 2025-05-13T15:43:48+02:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -677,8 +677,10 @@ CVE-2025-47732 (Microsoft Dataverse Remote Code Execution Vulnerability)
 	NOT-FOR-US: Microsoft
 CVE-2025-46392 (Uncontrolled Resource Consumption vulnerability in Apache Commons Conf ...)
 	- commons-configuration <unfixed> (bug #1105107)
+	[trixie] - commons-configuration <ignored> (Minor issue)
+	[bookworm] - commons-configuration <ignored> (Minor issue)
+	- commons-configuration2 <not-affected> (Apache Commons Configuration 1.x specific issue)
 	NOTE: https://lists.apache.org/thread/y1pl0mn3opz6kwkm873zshjdxq3dwq5s
-	NOTE: Apache Commons Configuration 1.x specific issue
 CVE-2025-46193 (SourceCodester Client Database Management System 1.0 is vulnerable to  ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-46192 (SourceCodester Client Database Management System 1.0 is vulnerable to  ...)
@@ -2641,10 +2643,12 @@ CVE-2025-37799 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/4c2227656d9003f4d77afc76f34dd81b95e4c2c4
 CVE-2024-58135 (Mojolicious versions from 7.28 through 9.40 for Perl may generate weak ...)
 	- libmojolicious-perl <unfixed> (bug #1104633)
+	[bookworm] - libmojolicious-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29241187/
 	NOTE: https://github.com/mojolicious/mojo/pull/2200
 CVE-2024-58134 (Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard c ...)
 	- libmojolicious-perl <unfixed> (bug #1104648)
+	[bookworm] - libmojolicious-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29247502/
 	NOTE: https://github.com/mojolicious/mojo/pull/1791
 	NOTE: https://github.com/mojolicious/mojo/pull/2200
@@ -407505,6 +407509,7 @@ CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decrypti
 	NOTE: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30 (version-4.1)
 CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
 	- php-horde-css-parser <unfixed> (bug #1104702)
+	[bookworm] - php-horde-css-parser <ignored> (Horde is non-functional in Bookworm)
 	NOTE: https://github.com/MyIntervals/PHP-CSS-Parser/commit/2ebf59e8bfbf6cfc1653a5f0ed743b95062c62a4
 	NOTE: php-horde-css-parser embeds Sabberworm CSS Parser
 CVE-2020-13755



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d3944b5333ff5a27464290240ea935e08efa8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54d3944b5333ff5a27464290240ea935e08efa8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250513/f8ad4c9a/attachment.htm>

More information about the debian-security-tracker-commits mailing list