[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu May 22 16:42:13 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3583e464 by Moritz Muehlenhoff at 2025-05-22T17:41:54+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2025-4133 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plu
CVE-2025-48070 (Plane is open-source project management software. Versions prior to 0. ...)
NOT-FOR-US: Plane
CVE-2025-47947 (ModSecurity is an open source, cross platform web application firewall ...)
- - modsecurity-apache <unfixed>
+ - modsecurity-apache <unfixed> (bug #1106286)
NOTE: https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-859r-vvv8-rm8r
CVE-2025-47942 (The Open edX Platform is a learning management platform. Prior to comm ...)
NOT-FOR-US: Open edX
@@ -27,7 +27,7 @@ CVE-2025-45753 (A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows
CVE-2025-44040 (An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges ...)
NOT-FOR-US: OrangeHRM
CVE-2025-3887 (GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code E ...)
- - gst-plugins-bad1.0 <unfixed>
+ - gst-plugins-bad1.0 <unfixed> (bug #1106285)
NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d0e18d6353e4e448ccf3b06a967b394e664dd0b5
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-267/
CVE-2025-3885 (Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Serv ...)
@@ -129,7 +129,7 @@ CVE-2025-48064 (GitHub Desktop is an open-source, Electron-based GitHub app desi
CVE-2025-48063 (XWiki is a generic wiki platform. In XWiki 16.10.0, required rights we ...)
NOT-FOR-US: XWiki
CVE-2025-48060 (jq is a command-line JSON processor. In versions up to and including 1 ...)
- - jq <unfixed>
+ - jq <unfixed> (bug #1106288)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-p7rr-28xf-3m5w
CVE-2025-48012 (Authentication Bypass by Capture-replay vulnerability in Drupal One Ti ...)
NOT-FOR-US: Drupal core and addons
@@ -239,7 +239,7 @@ CVE-2024-56428 (The local iLabClient database in itech iLabClient 3.7.1 allows l
CVE-2024-42922 (AAPanel v7.0.7 was discovered to contain an OS command injection vulne ...)
TODO: check
CVE-2024-23337 (jq is a command-line JSON processor. In versions up to and including 1 ...)
- - jq <unfixed> (unimportant)
+ - jq <unfixed> (bug #1106289)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-2q6r-344g-cx46
NOTE: https://github.com/jqlang/jq/issues/3262
NOTE: https://github.com/jqlang/jq/commit/de21386681c0df0104a99d9d09db23a9b2a78b1e
@@ -284,7 +284,7 @@ CVE-2025-4969 (A vulnerability was found in the libsoup package. This flaw stems
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/447
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/467
CVE-2025-4949 (In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestP ...)
- - jgit <unfixed>
+ - jgit <unfixed> (bug #1106287)
NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
NOTE: https://gitlab.eclipse.org/security/cve-assignement/-/issues/64
CVE-2025-4524 (The Madara \u2013 Responsive and modern WordPress theme for manga site ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3583e46458a29e29d9d6553f2e0cc216f1e89234
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3583e46458a29e29d9d6553f2e0cc216f1e89234
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250522/7272af8a/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list