[Git][security-tracker-team/security-tracker][master] 3 commits: Remove entries for viagee (removed from bookworm)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 17 09:42:40 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5e7a3bd5 by Salvatore Bonaccorso at 2025-05-15T23:10:25+02:00
Remove entries for viagee (removed from bookworm)
- - - - -
cfe8edc5 by Salvatore Bonaccorso at 2025-05-17T10:36:38+02:00
Merge changes for updates with CVEs via bookworm 12.11
- - - - -
de8b5e96 by Salvatore Bonaccorso at 2025-05-17T08:42:32+00:00
Merge branch 'bookworm-12.11' into 'master'
Merge changes accepted for bookworm 12.11 release
See merge request security-tracker-team/security-tracker!217
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2961,7 +2961,7 @@ CVE-2025-4207 (Buffer over-read in PostgreSQL GB18030 encoding validation allows
{DLA-4159-1}
- postgresql-17 17.5-1
- postgresql-15 <removed>
- [bookworm] - postgresql-15 <no-dsa> (Minor issue)
+ [bookworm] - postgresql-15 15.13-0+deb12u1
- postgresql-13 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=ec5f89e8a29f32c7dbc4dd8734ed8406d771de2f (REL_17_5)
@@ -7511,7 +7511,7 @@ CVE-2024-11917 (The JobSearch WP Job Board plugin for WordPress is vulnerable to
NOT-FOR-US: WordPress plugin
CVE-2025-23244 (NVIDIA GPU Display Driver for Linux contains a vulnerability which cou ...)
- nvidia-graphics-drivers 535.247.01-1 (bug #1104068)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1104069)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1104070)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <ignored> (Non-free not supported)
@@ -7528,7 +7528,7 @@ CVE-2025-23244 (NVIDIA GPU Display Driver for Linux contains a vulnerability whi
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-graphics-drivers-tesla-535 535.247.01-1 (bug #1104077)
- nvidia-open-gpu-kernel-modules 535.247.01-1 (bug #1104076)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5630
CVE-2025-46617 (Quantum StorNext Web GUI API before 7.2.4 grants access to internal St ...)
NOT-FOR-US: Quantum StorNext
@@ -7796,7 +7796,7 @@ CVE-2025-44134 (A vulnerability was found in Code-Projects Online Class and Exam
NOT-FOR-US: code-projects
CVE-2025-43859 (h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a ...)
- python-h11 0.14.0-1.1 (bug #1104056)
- [bookworm] - python-h11 <no-dsa> (Minor issue)
+ [bookworm] - python-h11 0.14.0-1.1~deb12u1
[bullseye] - python-h11 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
NOTE: Introduced by: https://github.com/python-hyper/h11/commit/26ec787d44aacbff8fbc0fc1af7e3213dd993d46 (v0.14.0)
@@ -8011,7 +8011,7 @@ CVE-2025-45427 (In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security
CVE-2025-43965 (In MIFF image processing in ImageMagick before 7.1.1-44, image depth i ...)
{DLA-4139-1}
- imagemagick 8:7.1.1.46+dfsg1-1
- [bookworm] - imagemagick <no-dsa> (Minor issue)
+ [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/bac413a26073923d3ffb258adaab07fb3fe8fdc9 (7.1.1-44)
NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c99cbc8d8663248bf353cd9042b04d7936e7587a (6.9.13-22)
CVE-2025-43716 (A directory traversal vulnerability exists in Ivanti LANDesk Managemen ...)
@@ -8097,6 +8097,7 @@ CVE-2025-28017 (TOTOLINK A800R V4.1.2cu.5032_B20200408 is vulnerable to Command
CVE-2025-21605 (Redis is an open source, in-memory database that persists on disk. In ...)
{DLA-4162-1}
- redis 5:7.0.15-3.1 (bug #1104010)
+ [bookworm] - redis 5:7.0.15-1~deb12u4
- redict <unfixed> (bug #1104011)
- valkey 8.1.1+dfsg1-1 (bug #1104012)
NOTE: https://github.com/redis/redis/security/advisories/GHSA-r67f-p999-2gff
@@ -12083,7 +12084,7 @@ CVE-2025-3023
CVE-2025-32728 (In sshd in OpenSSH before 10.0, the DisableForwarding directive does n ...)
{DLA-4156-1}
- openssh 1:10.0p1-1 (bug #1102603)
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u6
NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html
NOTE: Fixed by: https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367 (V_10_0_P1)
CVE-2025-32387 (Helm is a package manager for Charts for Kubernetes. A JSON Schema fil ...)
@@ -12520,7 +12521,7 @@ CVE-2025-32464 (HAProxy 2.2 through 3.1.6, in certain uncommon configurations, h
{DLA-4135-1}
[experimental] - haproxy 3.1.7-1
- haproxy 3.0.10-1 (bug #1102673)
- [bookworm] - haproxy <no-dsa> (Minor issue; can be fixed via point release)
+ [bookworm] - haproxy 2.6.12-1+deb12u2
NOTE: Introduced with: https://github.com/haproxy/haproxy/commit/07e1e3c93e74e44389545e457f0e1ff2e807cb9a (v2.2-dev3)
NOTE: Fixed by: https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559 (v3.2-dev10)
NOTE: Fixed by: https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=ee1a64c2a04cc2cb38efb7e44f7ea7386d627bf6 (v3.0.10)
@@ -13357,7 +13358,7 @@ CVE-2025-3369 (A vulnerability was found in xxyopen Novel-Plus 5.1.0. It has bee
CVE-2025-3360 (A flaw was found in GLib. An integer overflow and buffer under-read oc ...)
{DLA-4128-1}
- glib2.0 2.84.1-1
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u6
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3647
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/8d60d7dc168aee73a15eb5edeb2deaf196d96114 (2.83.4)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/2fa1e183613bf58d31151ecaceab91607ccc0c6d (2.83.4)
@@ -13740,14 +13741,14 @@ CVE-2025-32366 (In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy len
CVE-2025-32365 (Poppler before 25.04.0 allows crafted input files to trigger out-of-bo ...)
{DLA-4141-1}
- poppler 25.03.0-3 (bug #1102191)
- [bookworm] - poppler <no-dsa> (Minor issue; can be fixed in point release)
+ [bookworm] - poppler 22.12.0-2+deb12u1
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1577
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/1792
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/1f151565bbca5be7449ba8eea6833051cc1baa41 (poppler-25.04.0))
CVE-2025-32364 (A floating-point exception in the PSStack::roll function of Poppler be ...)
{DLA-4141-1}
- poppler 25.03.0-3 (bug #1102190)
- [bookworm] - poppler <no-dsa> (Minor issue; can be fixed in point release)
+ [bookworm] - poppler 22.12.0-2+deb12u1
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1574
NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/d87bc726c7cc98f8c26b60ece5f20236e9de1bc3 (poppler-25.04.0)
CVE-2025-32360 (In Zammad 6.4.x before 6.4.2, there is information exposure. Only agen ...)
@@ -14912,7 +14913,7 @@ CVE-2025-27556 (An issue was discovered in Django 5.1 before 5.1.8 and 5.0 befor
NOTE: https://www.djangoproject.com/weblog/2025/apr/02/security-releases/
CVE-2025-2704 (OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 ...)
- openvpn 2.6.14-1 (bug #1101935)
- [bookworm] - openvpn <no-dsa> (Minor issue)
+ [bookworm] - openvpn 2.6.3-1+deb12u3
[bullseye] - openvpn <not-affected> (vulnerable code introduced later)
NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2025-2704
NOTE: Introduced after: https://github.com/OpenVPN/openvpn/commit/788ce35cf09aff09b79f428cdd6cfc0ff8627934 (v2.6_beta1)
@@ -16597,7 +16598,7 @@ CVE-2025-3051 (Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code f
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28383471/
CVE-2025-30673 (Sub::HandlesVia for Perl before 0.050002 allows untrusted code from th ...)
- libsub-handlesvia-perl 0.050002-1
- [bookworm] - libsub-handlesvia-perl <no-dsa> (Minor issue)
+ [bookworm] - libsub-handlesvia-perl 0.050000-1+deb12u1
[bullseye] - libsub-handlesvia-perl <not-affected> (Mite usage started in 0.026)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28383041/
NOTE: Fixed by: https://github.com/tobyink/p5-sub-handlesvia/commit/9bc3cfb22ade4b407413ae1c746bb331fff52954 (0.050002)
@@ -17200,19 +17201,19 @@ CVE-2025-31432 (Improper Control of Filename for Include/Require Statement in PH
CVE-2025-31164 (heap-buffer overflow in fig2dev in version 3.2.9aallows an attacker to ...)
{DLA-4134-1}
- fig2dev 1:3.2.9a-2
- [bookworm] - fig2dev <no-dsa> (Minor issue)
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u1
NOTE: https://sourceforge.net/p/mcj/tickets/184/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/ff9aba206a30288f456dfc91584a52ba9927b438/
CVE-2025-31163 (Segmentation fault in fig2dev in version 3.2.9aallows an attacker to a ...)
{DLA-4134-1}
- fig2dev 1:3.2.9a-2
- [bookworm] - fig2dev <no-dsa> (Minor issue)
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u1
NOTE: https://sourceforge.net/p/mcj/tickets/186/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/c8a87d22036e62bac0c6f7836078d8103caa6457/
CVE-2025-31162 (Floating point exception in fig2dev in version 3.2.9aallows an attacke ...)
{DLA-4134-1}
- fig2dev 1:3.2.9a-2
- [bookworm] - fig2dev <no-dsa> (Minor issue)
+ [bookworm] - fig2dev 1:3.2.8b-3+deb12u1
NOTE: https://sourceforge.net/p/mcj/tickets/185/
NOTE: Fixed by: https://sourceforge.net/p/mcj/fig2dev/ci/da8992f44b84a337b4edaa67fc8b36b55eaef696/
CVE-2025-31102 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -17484,7 +17485,7 @@ CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neu
CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand() function as th ...)
{DLA-4100-1}
- libdata-entropy-perl 0.008-1 (bug #1101503)
- [bookworm] - libdata-entropy-perl <no-dsa> (Minor issue)
+ [bookworm] - libdata-entropy-perl 0.007-4+deb12u1
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28284586/
NOTE: Fixed by: https://github.com/robrwo/Data-Entropy/commit/1293c1570507c37aedc5ad631f013170693a2ef4 (v0.008)
CVE-2025-1762 (The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 do ...)
@@ -19854,7 +19855,7 @@ CVE-2025-2582 (A vulnerability was found in SimpleMachines SMF 2.1.4 and classif
NOT-FOR-US: SimpleMachines SMF
CVE-2025-2581 (A vulnerability has been found in xmedcon 0.25.0 and classified as pro ...)
- xmedcon 0.25.1-gtk3+dfsg-1 (bug #1100986)
- [bookworm] - xmedcon <no-dsa> (Minor issue)
+ [bookworm] - xmedcon 0.23.0-gtk3+dfsg-1+deb12u2
[bullseye] - xmedcon <postponed> (Minor issue)
NOTE: https://xmedcon.sourceforge.io/Main/New
NOTE: https://sourceforge.net/p/xmedcon/code/ci/e7a88836fc2277f8ab777f3ef24f917d08415559/
@@ -21065,9 +21066,9 @@ CVE-2023-47539 (An improper access control vulnerability in FortiMail version 7.
CVE-2025-0755 (The various bson_appendfunctions in the MongoDB C driver library may b ...)
{DLA-4160-1}
- libbson-xs-perl <removed>
- [bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
+ [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.27.5-1
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue; can be fixed via point-release)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
NOTE: https://jira.mongodb.org/browse/SERVER-94461
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/63c3d6f70180f151ffd201376eb33793357e5418 (1.28.0)
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/d3cdb626be30748b9360451023c75438ec346a38 (1.27.5)
@@ -25731,7 +25732,7 @@ CVE-2025-1795 (During an address list folding when a separating comma ends up on
- python3.13 3.13.0~b1-1
- python3.12 3.12.9-1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u6
- python3.9 <removed>
NOTE: https://github.com/python/cpython/issues/100884
NOTE: Regression issue: https://github.com/python/cpython/issues/118643
@@ -30694,7 +30695,7 @@ CVE-2025-1402 (The Event Tickets and Registration plugin for WordPress is vulner
CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp. The size ...)
{DLA-4116-1}
- abseil 20240722.0-3 (bug #1098903)
- [bookworm] - abseil <no-dsa> (Minor issue)
+ [bookworm] - abseil 20220623.1-1+deb12u1
NOTE: https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1 (20250127.rc1)
CVE-2025-0728 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before ...)
NOT-FOR-US: Eclipse ThreadX NetX Duo
@@ -31678,7 +31679,7 @@ CVE-2025-20075 (Server-side request forgery (SSRF) vulnerability exists in FileM
CVE-2025-1390 (The PAM module pam_cap.so of libcap configuration supports group names ...)
{DLA-4092-1}
- libcap2 1:2.73-4 (bug #1098318)
- [bookworm] - libcap2 <no-dsa> (Minor issue)
+ [bookworm] - libcap2 1:2.66-4+deb12u1
NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=18804
NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878 (cap/v1.2.74-rc4)
CVE-2025-0864 (The Active Products Tables for WooCommerce. Use constructor to create ...)
@@ -34195,7 +34196,7 @@ CVE-2024-13010 (The WP Foodbakery plugin for WordPress is vulnerable to Reflecte
NOT-FOR-US: WordPress plugin
CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The vulnerability occurs ...)
- node-serialize-javascript 6.0.2-1 (bug #1095767)
- [bookworm] - node-serialize-javascript <no-dsa> (Minor issue)
+ [bookworm] - node-serialize-javascript 6.0.0-2+deb12u1
[bullseye] - node-serialize-javascript <postponed> (Minor issue, XSS)
NOTE: https://github.com/yahoo/serialize-javascript/pull/173
NOTE: Fixed by: https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e (v6.0.2)
@@ -35966,7 +35967,7 @@ CVE-2025-0938 (The Python standard library functions `urllib.parse.urlsplit` and
- python3.13 3.13.2-1
- python3.12 3.12.9-1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u6
- python3.9 <removed>
- pypy3 7.3.18+dfsg-2
[bookworm] - pypy3 <no-dsa> (Minor issue)
@@ -36573,7 +36574,7 @@ CVE-2024-10309 (The Tracking Code Manager WordPress plugin before 2.4.0 does not
CVE-2025-24528 [Prevent overflow when calculating ulog block size]
{DLA-4065-1}
- krb5 1.21.3-5 (bug #1094730)
- [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bookworm] - krb5 1.20.1-2+deb12u3
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
NOTE: Fixed by: https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0
CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A malicious regis ...)
@@ -38057,7 +38058,7 @@ CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula Injection in the add g
NOT-FOR-US: KWHotel
CVE-2024-0149 (NVIDIA GPU Display Driver for Linux contains a vulnerability which cou ...)
- nvidia-graphics-drivers 535.230.02-1 (bug #1093908)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
@@ -38073,12 +38074,12 @@ CVE-2024-0149 (NVIDIA GPU Display Driver for Linux contains a vulnerability whic
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules 535.230.02-1 (bug #1093916)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
NOTE: https://www.openwall.com/lists/oss-security/2025/03/27/7
CVE-2024-0131 (NVIDIA GPU kernel driver for Windows and Linux contains a vulnerabilit ...)
- nvidia-graphics-drivers 535.230.02-1 (bug #1093908)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
@@ -38094,21 +38095,21 @@ CVE-2024-0131 (NVIDIA GPU kernel driver for Windows and Linux contains a vulnera
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules 535.230.02-1 (bug #1093916)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
- nvidia-graphics-drivers-tesla-535 535.247.01-1 (bug #1093917)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
CVE-2024-53869 (NVIDIA Unified Memory driver for Linux contains a vulnerability where ...)
- nvidia-graphics-drivers 535.230.02-1 (bug #1093908)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
- nvidia-graphics-drivers-tesla-535 535.247.01-1 (bug #1093917)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
- nvidia-open-gpu-kernel-modules 535.230.02-1 (bug #1093916)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
CVE-2024-0147 (NVIDIA GPU display driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers 535.230.02-1 (bug #1093908)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
@@ -38124,13 +38125,13 @@ CVE-2024-0147 (NVIDIA GPU display driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules 535.230.02-1 (bug #1093916)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
- nvidia-graphics-drivers-tesla-535 535.247.01-1 (bug #1093917)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
CVE-2024-0150 (NVIDIA GPU display driver for Windows and Linux contains a vulnerabili ...)
- nvidia-graphics-drivers 535.230.02-1 (bug #1093908)
- [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
- nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
- nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
[bullseye] - nvidia-graphics-drivers-legacy-390xx <no-dsa> (Non-free not supported)
@@ -38146,7 +38147,7 @@ CVE-2024-0150 (NVIDIA GPU display driver for Windows and Linux contains a vulner
- nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
NOTE: 525.147.05-6 turned the package into a metapackage to aid switching to nvidia-graphics-drivers
- nvidia-open-gpu-kernel-modules 535.230.02-1 (bug #1093916)
- [bookworm] - nvidia-open-gpu-kernel-modules <no-dsa> (Non-free not supported)
+ [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
- nvidia-graphics-drivers-tesla-535 535.247.01-1 (bug #1093917)
[bookworm] - nvidia-graphics-drivers-tesla-535 <no-dsa> (Non-free not supported)
NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5614
@@ -38305,13 +38306,13 @@ CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any p
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
{DLA-4121-1}
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
- [bookworm] - phpmyadmin <no-dsa> (Minor issue)
+ [bookworm] - phpmyadmin 4:5.2.1+dfsg-1+deb12u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
{DLA-4121-1}
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
- [bookworm] - phpmyadmin <no-dsa> (Minor issue)
+ [bookworm] - phpmyadmin 4:5.2.1+dfsg-1+deb12u1
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
CVE-2025-24030 (Envoy Gateway is an open source project for managing Envoy Proxy as a ...)
@@ -39465,7 +39466,7 @@ CVE-2024-22347 (IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 throu
NOT-FOR-US: IBM
CVE-2024-13176 (Issue summary: A timing side-channel which could potentially allow rec ...)
- openssl 3.4.1-1 (bug #1094027)
- [bookworm] - openssl <no-dsa> (Minor issue)
+ [bookworm] - openssl 3.0.16-1~deb12u1
[bullseye] - openssl <postponed> (Minor issue; can be fixed in next update)
NOTE: https://openssl-library.org/news/secadv/20250120.txt
NOTE: https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f (openssl-3.4.1)
@@ -48396,7 +48397,7 @@ CVE-2024-XXXX [RUSTSEC-2024-0429]
CVE-2024-56378 (libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vul ...)
{DLA-4141-1}
- poppler 24.08.0-4 (bug #1091322)
- [bookworm] - poppler <no-dsa> (Minor issue)
+ [bookworm] - poppler 22.12.0-2+deb12u1
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1553
NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
CVE-2024-56375 (An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6 ...)
@@ -76732,7 +76733,7 @@ CVE-2024-43800 (serve-static serves static files. serve-static passes untrusted
NOTE: https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa (2.1.0)
CVE-2024-43799 (Send is a library for streaming files from the file system as a http r ...)
- node-send 1.1.0+~cs1.19.4-1 (bug #1081483)
- [bookworm] - node-send <no-dsa> (Minor issue)
+ [bookworm] - node-send 0.18.0+~cs1.19.1-3+deb12u1
[bullseye] - node-send <postponed> (Minor issue)
NOTE: https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg
NOTE: https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35 (0.19.0)
@@ -83195,7 +83196,7 @@ CVE-2023-34424 (Improper input validation in firmware for some Intel(R) CSME may
CVE-2024-7347 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
{DLA-4091-1}
- nginx 1.26.0-2 (bug #1078971)
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u2
NOTE: https://github.com/nginx/nginx/commit/88955b1044ef38315b77ad1a509d63631a790a0f (release-1.27.1)
NOTE: https://github.com/nginx/nginx/commit/7362d01658b61184108c21278443910da68f93b4 (release-1.27.1)
NOTE: https://forum.nginx.org/read.php?27,300027
@@ -91240,7 +91241,7 @@ CVE-2024-6643
CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes users to ...)
{DLA-4125-1}
- twitter-bootstrap4 4.6.1+dfsg1-5 (bug #1084059)
- [bookworm] - twitter-bootstrap4 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - twitter-bootstrap4 4.6.1+dfsg1-4+deb12u1
- twitter-bootstrap3 <not-affected> (Only affects 4.x)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
NOTE: related to CVE-2024-6484/twitter-bootstrap3
@@ -91251,14 +91252,14 @@ CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that co
{DLA-4124-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
- [bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
NOTE: Non-official patch: https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
{DLA-4124-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
- [bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
NOTE: Non-official patch: https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077
CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...)
@@ -92997,7 +92998,7 @@ CVE-2024-33862 (A buffer-management vulnerability in OPC Foundation OPCFoundatio
NOT-FOR-US: OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core
CVE-2024-6501 (A flaw was found in NetworkManager. When a system running NetworkManag ...)
- network-manager 1.49.90-2 (bug #1076294)
- [bookworm] - network-manager <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - network-manager 1.42.4-1+deb12u1
[bullseye] - network-manager <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2295734
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1550
@@ -93129,7 +93130,7 @@ CVE-2024-39936 (An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x befor
- qt6-base 6.8.2+dfsg-5 (bug #1076292)
[bookworm] - qt6-base <no-dsa> (Minor issue)
- qtbase-opensource-src 5.15.13+dfsg-3 (bug #1076293)
- [bookworm] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u3
[bullseye] - qtbase-opensource-src <no-dsa> (Minor issue)
[experimental] - qtbase-opensource-src-gles 5.15.15+dfsg-1
- qtbase-opensource-src-gles <unfixed> (unimportant; bug #1077544)
@@ -93272,9 +93273,9 @@ CVE-2024-6461
CVE-2024-6383 (The bson_string_append function in MongoDB C Driver may be vulnerable ...)
{DLA-4160-1}
- libbson-xs-perl <removed>
- [bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
+ [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.27.1-1
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5628
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/1d642e461e7c0e26abe3a90c7bbac081ac4a0053 (1.28.0)
@@ -93517,9 +93518,9 @@ CVE-2024-6382 (Incorrect handling of certain string inputs may result in MongoDB
CVE-2024-6381 (The bson_strfreev function in the MongoDB C driver library may be susc ...)
{DLA-4160-1}
- libbson-xs-perl <removed>
- [bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
+ [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.26.2-1
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-5622
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/361c2e669be1c41f9638530b3867f316e96692bb (1.27.0)
@@ -95545,14 +95546,14 @@ CVE-2024-27136 (XSS in Upload page in Apache JSPWiki 2.12.1 and priors allows th
- jspwiki <removed>
CVE-2024-28882 (OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple ex ...)
- openvpn 2.6.11-1 (bug #1074488)
- [bookworm] - openvpn <no-dsa> (Minor issue)
+ [bookworm] - openvpn 2.6.3-1+deb12u3
[bullseye] - openvpn <not-affected> (Vulnerable code not present)
NOTE: Introduced by: https://github.com/OpenVPN/openvpn/commit/d468dff7bdfd79059818c190ddf41b125bb658de (v2.6_beta1)
NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/65fb67cd6c320a426567b2922c4282fb8738ba3f (v2.6.11)
CVE-2024-5594 (OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly wh ...)
{DLA-4079-1}
- openvpn 2.6.11-1 (bug #1074488)
- [bookworm] - openvpn <no-dsa> (Minor issue)
+ [bookworm] - openvpn 2.6.3-1+deb12u3
NOTE: https://github.com/OpenVPN/openvpn/commit/90e7a858e5594d9a019ad2b4ac6154124986291a (v2.6.11)
CVE-2024-4877 (OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, le ...)
- openvpn <not-affected> (Only affects Windows)
@@ -135357,7 +135358,7 @@ CVE-2024-26465 (A DOM based cross-site scripting (XSS) vulnerability in the comp
NOT-FOR-US: beep.js
CVE-2024-26462 (Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in / ...)
- krb5 1.21.3-1 (bug #1064965)
- [bookworm] - krb5 <no-dsa> (Minor issue)
+ [bookworm] - krb5 1.20.1-2+deb12u3
[bullseye] - krb5 <not-affected> (Vulnerable code introduced later)
[buster] - krb5 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md
@@ -166012,6 +166013,7 @@ CVE-2023-34984 (A protection mechanism failure in Fortinet FortiWeb 7.2.0 throug
CVE-2023-4039 (**DISPUTED**A failure in the -fstack-protector feature in GCC-based to ...)
- gcc-13 13.2.0-4 (unimportant)
- gcc-12 12.3.0-9 (unimportant)
+ [bookworm] - gcc-12 12.2.0-14+deb12u1
- gcc-11 11.4.0-4 (unimportant)
- gcc-10 10.5.0-3 (unimportant)
- gcc-9 9.5.0-6 (unimportant)
@@ -168030,7 +168032,7 @@ CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior to
CVE-2023-4641 (A flaw was found in shadow-utils. When asking for a new password, shad ...)
{DLA-4130-1}
- shadow 1:4.13+dfsg1-2 (bug #1051062)
- [bookworm] - shadow <no-dsa> (Minor issue)
+ [bookworm] - shadow 1:4.13+dfsg1-1+deb12u1
[buster] - shadow <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2215945
NOTE: https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 (4.14.0-rc1)
@@ -172557,7 +172559,7 @@ CVE-2023-34916 (Fuge CMS v1.0 contains an Open Redirect vulnerability via /front
CVE-2023-34872 (A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a re ...)
[experimental] - poppler 23.08.0-1
- poppler 24.02.0-2 (bug #1042811)
- [bookworm] - poppler <no-dsa> (Minor issue)
+ [bookworm] - poppler 22.12.0-2+deb12u1
[bullseye] - poppler <not-affected> (Vulnerable code introduced later)
[buster] - poppler <not-affected> (Vulnerable code introduced later)
NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/fa494b780ab69ef04ba7447ab6d8fc3b46373e59 (poppler-21.08.0)
@@ -188162,7 +188164,7 @@ CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniA
CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...)
{DLA-4130-1}
- shadow 1:4.13+dfsg1-2 (bug #1034482)
- [bookworm] - shadow <no-dsa> (Minor issue)
+ [bookworm] - shadow 1:4.13+dfsg1-1+deb12u1
[buster] - shadow <no-dsa> (Minor issue)
NOTE: https://github.com/shadow-maint/shadow/pull/687
NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d (4.14.0-rc1)
@@ -203980,9 +203982,9 @@ CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/mo
CVE-2023-0437 (When calling bson_utf8_validateon some inputs a loop with an exit cond ...)
{DLA-4160-1}
- libbson-xs-perl <removed>
- [bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
+ [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.25.0-1
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
[bullseye] - mongo-c-driver <no-dsa> (Minor issue)
[buster] - mongo-c-driver <ignored> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-4747
@@ -383569,7 +383571,6 @@ CVE-2020-24905
RESERVED
CVE-2020-24904 (An issue was discovered in attach parameter in GNOME Gmail version 2.5 ...)
- viagee 3.7-1 (bug #1051726)
- [bookworm] - viagee <ignored> (Minor issue)
- gnome-gmail <removed>
[bullseye] - gnome-gmail <no-dsa> (Minor issue)
[buster] - gnome-gmail <no-dsa> (Minor issue)
@@ -511131,7 +511132,7 @@ CVE-2018-16790 (_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as us
- libbson <removed> (bug #913896)
[stretch] - libbson <no-dsa> (Minor issue)
- libbson-xs-perl <removed>
- [bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
+ [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
- mongo-c-driver 1.13.0-1 (bug #913963)
NOTE: https://jira.mongodb.org/browse/CDRIVER-2819
NOTE: https://github.com/mongodb/mongo-c-driver/commit/0d9a4d98bfdf4acd2c0138d4aaeb4e2e0934bd84
@@ -567253,7 +567254,7 @@ CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in b
- libbson 1.8.0-1 (bug #874754)
[stretch] - libbson <no-dsa> (Minor issue)
- libbson-xs-perl <removed>
- [bookworm] - libbson-xs-perl <no-dsa> (Minor issue)
+ [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362
=====================================
data/next-point-update.txt
=====================================
@@ -1,127 +1,3 @@
-CVE-2024-26462
- [bookworm] - krb5 1.20.1-2+deb12u3
-CVE-2025-24528
- [bookworm] - krb5 1.20.1-2+deb12u3
-CVE-2024-7347
- [bookworm] - nginx 1.22.1-9+deb12u2
-CVE-2023-4039
- [bookworm] - gcc-12 12.2.0-14+deb12u1
-CVE-2025-1390
- [bookworm] - libcap2 1:2.66-4+deb12u1
-CVE-2025-2581
- [bookworm] - xmedcon 0.23.0-gtk3+dfsg-1+deb12u2
-CVE-2024-6501
- [bookworm] - network-manager 1.42.4-1+deb12u1
-CVE-2024-39936
- [bookworm] - qtbase-opensource-src 5.15.8+dfsg-11+deb12u3
-CVE-2025-31162
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u1
-CVE-2025-31163
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u1
-CVE-2025-31164
- [bookworm] - fig2dev 1:3.2.8b-3+deb12u1
-CVE-2025-1860
- [bookworm] - libdata-entropy-perl 0.007-4+deb12u1
-CVE-2025-30673
- [bookworm] - libsub-handlesvia-perl 0.050000-1+deb12u1
-CVE-2025-0838
- [bookworm] - abseil 20220623.1-1+deb12u1
-CVE-2023-4641
- [bookworm] - shadow 1:4.13+dfsg1-1+deb12u1
-CVE-2023-29383
- [bookworm] - shadow 1:4.13+dfsg1-1+deb12u1
-CVE-2024-43799
- [bookworm] - node-send 0.18.0+~cs1.19.1-3+deb12u1
-CVE-2025-24529
- [bookworm] - phpmyadmin 4:5.2.1+dfsg-1+deb12u1
-CVE-2025-24530
- [bookworm] - phpmyadmin 4:5.2.1+dfsg-1+deb12u1
-CVE-2024-11831
- [bookworm] - node-serialize-javascript 6.0.0-2+deb12u1
-CVE-2024-6531
- [bookworm] - twitter-bootstrap4 4.6.1+dfsg1-4+deb12u1
-CVE-2024-6485
- [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
-CVE-2024-6484
- [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
-CVE-2025-3360
- [bookworm] - glib2.0 2.74.6-2+deb12u6
-CVE-2024-13176
- [bookworm] - openssl 3.0.16-1~deb12u1
-CVE-2023-0437
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-CVE-2024-6381
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-CVE-2024-6383
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-CVE-2025-0755
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u1
-CVE-2025-32728
- [bookworm] - openssh 1:9.2p1-2+deb12u6
-CVE-2023-34872
- [bookworm] - poppler 22.12.0-2+deb12u1
-CVE-2024-56378
- [bookworm] - poppler 22.12.0-2+deb12u1
-CVE-2025-32364
- [bookworm] - poppler 22.12.0-2+deb12u1
-CVE-2025-32365
- [bookworm] - poppler 22.12.0-2+deb12u1
-CVE-2025-43859
- [bookworm] - python-h11 0.14.0-1.1~deb12u1
-CVE-2025-0938
- [bookworm] - python3.11 3.11.2-6+deb12u6
-CVE-2025-1795
- [bookworm] - python3.11 3.11.2-6+deb12u6
-CVE-2025-32464
- [bookworm] - haproxy 2.6.12-1+deb12u2
-CVE-2025-2704
- [bookworm] - openvpn 2.6.3-1+deb12u3
-CVE-2024-5594
- [bookworm] - openvpn 2.6.3-1+deb12u3
-CVE-2024-28882
- [bookworm] - openvpn 2.6.3-1+deb12u3
-CVE-2017-14227
- [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
-CVE-2018-16790
- [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
-CVE-2023-0437
- [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
-CVE-2024-6381
- [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
-CVE-2024-6383
- [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
-CVE-2025-0755
- [bookworm] - libbson-xs-perl 0.8.4-2+deb12u1
-CVE-2025-23244
- [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
-CVE-2024-0150
- [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
-CVE-2024-0147
- [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
-CVE-2024-53869
- [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
-CVE-2024-0131
- [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
-CVE-2024-0149
- [bookworm] - nvidia-graphics-drivers 535.247.01-1~deb12u1
-CVE-2025-23244
- [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
-CVE-2024-0150
- [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
-CVE-2024-0147
- [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
-CVE-2024-53869
- [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
-CVE-2024-0131
- [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
-CVE-2024-0149
- [bookworm] - nvidia-open-gpu-kernel-modules 535.247.01-1~deb12u1
-CVE-2025-43965
- [bookworm] - imagemagick 8:6.9.11.60+dfsg-1.6+deb12u3
-CVE-2025-4207
- [bookworm] - postgresql-15 15.13-0+deb12u1
-CVE-2025-21605
- [bookworm] - redis 5:7.0.15-1~deb12u4
CVE-2025-46712
[bookworm] - erlang 1:25.2.3+dfsg-1+deb12u2
CVE-2025-46397
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b656e1d8382120054b678263914c156b3b3404db...de8b5e96d6b57e99149aedf283d1372cf5240ce5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b656e1d8382120054b678263914c156b3b3404db...de8b5e96d6b57e99149aedf283d1372cf5240ce5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250517/f9889ba6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list