[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 20 22:16:03 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6cdc03e7 by Moritz Muehlenhoff at 2025-05-20T23:15:46+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1163,6 +1163,7 @@ CVE-2025-47931 (LibreNMS is PHP/MySQL/SNMP based network monitoring software. Li
 	NOT-FOR-US: LibreNMS
 CVE-2025-47273 (setuptools is a package that allows users to download, build, install, ...)
 	- setuptools <unfixed> (bug #1105970)
+	[bookworm] - setuptools <no-dsa> (Minor issue)
 	NOTE: https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf
 	NOTE: https://github.com/pypa/setuptools/issues/4946
 	NOTE: Fixed by: https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b (v78.1.1)
@@ -1353,6 +1354,7 @@ CVE-2025-47793 (Nextcloud Server is a self hosted personal cloud system, and the
 	- nextcloud-server <itp> (bug #941708)
 CVE-2025-47792 (Nextcloud Desktop is the desktop sync client for Nextcloud. In version ...)
 	- nextcloud-desktop 3.15.0-1
+	[bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
 	NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65
 	NOTE: https://github.com/nextcloud/desktop/pull/7517
 	NOTE: https://hackerone.com/reports/1995856
@@ -2215,6 +2217,7 @@ CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contain
 CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
 	- twitter-bootstrap3 <unfixed> (bug #1105899)
+	[bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-1647
 CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack Debug Tools. ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -3611,9 +3614,11 @@ CVE-2025-47816 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cau
 	NOTE: https://savannah.gnu.org/bugs/?67073
 CVE-2025-47815 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a h ...)
 	- pspp <unfixed> (bug #1105105)
+	[bookworm] - pspp <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?67075
 CVE-2025-47814 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause a h ...)
 	- pspp <unfixed> (bug #1105106)
+	[bookworm] - pspp <no-dsa> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?67074
 CVE-2025-4514 (A vulnerability, which was classified as critical, has been found in Z ...)
 	NOT-FOR-US: Zhengzhou Jiuhua Electronic Technology mayicms
@@ -5028,6 +5033,7 @@ CVE-2025-20122 (A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, for
 	NOT-FOR-US: Cisco
 CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildc ...)
 	- syslog-ng 4.8.1-5 (bug #1104890)
+	[bookworm] - syslog-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
 	NOTE: https://github.com/syslog-ng/syslog-ng/issues/5360
 	NOTE: Fixed by: https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006 (develop)
@@ -5825,6 +5831,7 @@ CVE-2025-4218 (A vulnerability was found in handrew browserpilot up to 0.2.51. I
 	NOT-FOR-US: handrew browserpilot
 CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It ...)
 	- ublock-origin <unfixed> (bug #1104635)
+	[bookworm] - ublock-origin <no-dsa> (Minor issue)
 	NOTE: https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c (1.63.3b17)
 CVE-2025-4199 (The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Sit ...)
 	NOT-FOR-US: WordPress plugin
@@ -10787,6 +10794,7 @@ CVE-2025-43703 (An issue was discovered in Ankitects Anki through 25.02. A craft
 	NOTE: Issue exists because of an incomplete fix for CVE-2024-32484
 CVE-2025-3730 (A vulnerability, which was classified as problematic, was found in PyT ...)
 	- pytorch <unfixed> (bug #1103455)
+	[bookworm] - pytorch <no-dsa> (Minor issue)
 	[bullseye] - pytorch <postponed> (Minor issue; DoS)
 	NOTE: https://github.com/pytorch/pytorch/issues/150835
 	NOTE: https://github.com/pytorch/pytorch/pull/150981


=====================================
data/dsa-needed.txt
=====================================
@@ -57,8 +57,12 @@ php-laravel-framework
 python-django
   Chris is working on it
 --
+python-tornado
+--
 ring
 --
+ruby-rack
+--
 ruby-saml
   Utkarsh Gupta might work on an update
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cdc03e7776c959b97843c67b36e6d6bf9744fe8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cdc03e7776c959b97843c67b36e6d6bf9744fe8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250520/f841e843/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list