[Git][security-tracker-team/security-tracker][master] 4 commits: CVE-2025-27533,activemq: link to fixing commit

Thu May 15 10:29:24 BST 2025


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0aec5d63 by Markus Koschany at 2025-05-15T11:29:14+02:00
CVE-2025-27533,activemq: link to fixing commit

- - - - -
2db7e1f7 by Markus Koschany at 2025-05-15T11:29:14+02:00
Add activemq to dla-needed.txt

- - - - -
660ae813 by Markus Koschany at 2025-05-15T11:29:14+02:00
Add dropbear to dla-needed.txt

- - - - -
24b8d7a6 by Markus Koschany at 2025-05-15T11:29:14+02:00
Add intel-microcode to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2844,6 +2844,7 @@ CVE-2024-12120 (The Royal Elementor Addons and Templates plugin for WordPress is
 CVE-2025-27533 (Memory Allocation with Excessive Size Value vulnerability in Apache Ac ...)
 	- activemq <unfixed> (bug #1104933)
 	NOTE: https://issues.apache.org/jira/browse/AMQ-6596
+	NOTE: Fixed by https://github.com/apache/activemq/pull/1399
 CVE-2025-4372 (Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 all ...)
 	{DSA-5916-1}
 	- chromium 136.0.7103.92-1


=====================================
data/dla-needed.txt
=====================================
@@ -24,6 +24,9 @@ https://lts-team.pages.debian.net/wiki/Development.html#claim-the-issue-in-the-s
 To make it easier to see the entire history of an update, please append notes
 rather than remove/replace existing ones.
 
+--
+activemq
+  NOTE: 20250515: Added by Front-Desk (apo)
 --
 adminer (Utkarsh)
   NOTE: 20250410: Added by Front-Desk (Beuc)
@@ -67,6 +70,9 @@ dcmtk
   NOTE: 20250220: Follow/contribute to in-progress PU #1095854 (Beuc/front-desk)
   NOTE: 20250224: See https://salsa.debian.org/lts-team/packages/dcmtk/-/commits/wip/bullseye (ah)
 --
+dropbear
+  NOTE: 20250515: Added by Front-Desk (apo)
+--
 edk2 (Markus Koschany)
   NOTE: 20240815: Added by Front-Desk (Beuc)
   NOTE: 20240815: bullseye did not get most of DSA 5624-1 security fixes,
@@ -143,6 +149,9 @@ hdf5
 icingaweb2
   NOTE: 20250421: Added by Front-Desk (rouca)
 --
+intel-microcode
+  NOTE: 20250515: Added by Front-Desk (apo)
+--
 ipmctl
   NOTE: 20250112: Added by Front-Desk (ta)
   NOTE: 20250217: I wasn't able to determine a patch for CVE-2023-27517 for any of the series (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93cdbd5c335ca03fd188f2ebadc377ed550386af...24b8d7a6e55fada9ac989ed4a5ab6534fdc1529e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/93cdbd5c335ca03fd188f2ebadc377ed550386af...24b8d7a6e55fada9ac989ed4a5ab6534fdc1529e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/0086b2e7/attachment-0001.htm>
