[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 31 21:12:16 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35a1762d by security tracker role at 2025-05-31T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-5390 (A vulnerability, which was classified as critical, was found in JeeWMS ...)
+	TODO: check
+CVE-2025-5389 (A vulnerability, which was classified as critical, has been found in J ...)
+	TODO: check
+CVE-2025-5388 (A vulnerability classified as critical was found in JeeWMS up to 20250 ...)
+	TODO: check
+CVE-2025-5387 (A vulnerability classified as critical has been found in JeeWMS up to  ...)
+	TODO: check
+CVE-2025-5386 (A vulnerability was found in JeeWMS up to 20250504. It has been rated  ...)
+	TODO: check
+CVE-2025-5385 (A vulnerability was found in JeeWMS up to 20250504. It has been declar ...)
+	TODO: check
+CVE-2025-5384 (A vulnerability was found in JeeWMS up to 20250504. It has been classi ...)
+	TODO: check
+CVE-2025-5383 (A vulnerability was found in Yifang CMS up to 2.0.2 and classified as  ...)
+	TODO: check
+CVE-2025-5381 (A vulnerability, which was classified as problematic, was found in Yif ...)
+	TODO: check
+CVE-2025-5380 (A vulnerability, which was classified as critical, has been found in a ...)
+	TODO: check
+CVE-2025-5379 (A vulnerability classified as critical was found in NuCom NC-WR744G 8. ...)
+	TODO: check
+CVE-2025-5378 (A vulnerability classified as problematic has been found in Astun Tech ...)
+	TODO: check
+CVE-2025-5377 (A vulnerability was found in Astun Technology iShare Maps 5.4.0. It ha ...)
+	TODO: check
+CVE-2025-5376 (A vulnerability was found in SourceCodester Health Center Patient Reco ...)
+	TODO: check
+CVE-2025-5375 (A vulnerability was found in PHPGurukul HPGurukul Online Birth Certifi ...)
+	TODO: check
+CVE-2025-5374 (A vulnerability was found in PHPGurukul Online Birth Certificate Syste ...)
+	TODO: check
+CVE-2025-5373 (A vulnerability has been found in PHPGurukul Online Birth Certificate  ...)
+	TODO: check
+CVE-2025-4857 (The Newsletters plugin for WordPress is vulnerable to Local File Inclu ...)
+	TODO: check
+CVE-2025-4691 (The Free Booking Plugin for Hotels, Restaurants and Car Rentals \u2013 ...)
+	TODO: check
 CVE-2025-5371 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-5370 (A vulnerability classified as critical was found in PHPGurukul News Po ...)
@@ -51620,18 +51658,22 @@ CVE-2024-53164 (In the Linux kernel, the following vulnerability has been resolv
 	[bookworm] - linux 6.1.123-1
 	NOTE: https://git.kernel.org/linus/5eb7de8cd58e73851cd37ff8d0666517d9926948 (6.13-rc2)
 CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error function lack ...)
+	{DLA-4199-1}
 	- tcpdf 6.8.0+dfsg-1 (bug #1091689)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1 (6.8.0)
 CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag use ...)
+	{DLA-4199-1}
 	- tcpdf 6.8.0+dfsg-1 (bug #1091688)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89 (6.8.0)
 CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CUR ...)
 	- tcpdf 6.8.0+dfsg-1 (bug #1091687)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 (6.8.0)
 CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TC ...)
+	{DLA-4199-1}
 	- tcpdf 6.8.0+dfsg-1 (bug #1091686)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe (6.8.0)
 CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not s ...)
+	{DLA-4199-1}
 	- tcpdf 6.8.0+dfsg-1 (bug #1091685)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4 (6.8.0)
 CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the ecosystem to w ...)
@@ -65487,12 +65529,12 @@ CVE-2024-51736 (Symphony process is a module for the Symphony PHP framework whic
 CVE-2024-51409 (Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote at ...)
 	NOT-FOR-US: Tenda
 CVE-2024-50345 (symfony/http-foundation is a module for the Symphony PHP framework whi ...)
-	{DSA-5809-1}
+	{DSA-5809-1 DLA-4200-1}
 	- symfony 6.4.14+dfsg-1
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819 (v5.4.46, v6.4.14, v7.1.7)
 CVE-2024-50343 (symfony/validator is a module for the Symphony PHP framework which pro ...)
-	{DSA-5809-1}
+	{DSA-5809-1 DLA-4200-1}
 	- symfony 6.4.11+dfsg-1
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f (v5.4.43, v6.4.11, v7.1.4)
@@ -106676,6 +106718,7 @@ CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is impacted byinsecure encrypti
 CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of ...)
 	NOT-FOR-US: HCL
 CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
+	{DLA-4199-1}
 	- tcpdf 6.7.7+dfsg-1 (bug #1072528)
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
 	NOTE: https://github.com/tecnickcom/TCPDF/issues/724
@@ -124306,6 +124349,7 @@ CVE-2024-3701 (The system application (com.transsion.kolun.aiservice) component
 CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to ...)
 	NOT-FOR-US: JFrog Artifactory Self-Hosted
 CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
+	{DLA-4199-1}
 	- tcpdf 6.7.4+dfsg-1
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
@@ -145626,6 +145670,7 @@ CVE-2024-23055 (An issue in Plone Docker Official Image 5.2.13 (5221) open-sourc
 CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows  ...)
 	NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
 CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denia ...)
+	{DLA-4199-1}
 	- tcpdf 6.7.5+dfsg-1
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
@@ -154755,30 +154800,35 @@ CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fa
 CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). ...)
 	NOT-FOR-US: SAS
 CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...)
+	{DLA-4198-1}
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1823
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the ...)
+	{DLA-4198-1}
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1826
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow v ...)
+	{DLA-4198-1}
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1827
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow  ...)
+	{DLA-4198-1}
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
 	[buster] - espeak-ng <no-dsa> (Minor issue)
 	NOTE: https://github.com/espeak-ng/espeak-ng/issues/1825
 	NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...)
+	{DLA-4198-1}
 	- espeak-ng 1.51+dfsg-12 (bug #1059060)
 	[bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
 	[buster] - espeak-ng <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a1762d7723fd7fe3cfaa850cdba380935fd44a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a1762d7723fd7fe3cfaa850cdba380935fd44a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/f2cfae5c/attachment.htm>

More information about the debian-security-tracker-commits mailing list