[Git][security-tracker-team/security-tracker][master] dla: drop icingaweb2

Sat Nov 8 12:40:55 GMT 2025


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d18c2f83 by Sylvain Beucler at 2025-11-08T13:40:26+01:00
dla: drop icingaweb2

Only minor issues

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -75724,6 +75724,7 @@ CVE-2025-30217 (Frappe is a full-stack web application framework. Prior to versi
 	NOT-FOR-US: Frappe Framework
 CVE-2025-30164 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.12.4-1
+	[bullseye] - icingaweb2 <postponed> (Minor issue, open redirect, unknown patch)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q
 CVE-2025-30073 (An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. Th ...)
 	NOT-FOR-US: OPC cardsystems Webapp Aufwertung
@@ -75811,6 +75812,7 @@ CVE-2025-28361 (Unauthorized stack overflow vulnerability in Telesquare TLR-2005
 	NOT-FOR-US: Telesquare TLR-2005KSH
 CVE-2025-27609 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.12.4-1
+	[bullseye] - icingaweb2 <postponed> (Minor issue, reflected XSS, unknown patch)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5cjw-fwjc-8j38
 CVE-2025-27406 (Icinga Reporting is the central component for reporting related functi ...)
 	- icingaweb2-module-reporting 1.0.4-1 (bug #1101885)
@@ -75818,9 +75820,11 @@ CVE-2025-27406 (Icinga Reporting is the central component for reporting related
 	NOTE: https://github.com/Icinga/icingaweb2-module-reporting/security/advisories/GHSA-7qvq-54vm-r7hx
 CVE-2025-27405 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.12.4-1
+	[bullseye] - icingaweb2 <postponed> (Minor issue, reflected XSS, unknown patch)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-3x37-fjc3-ch8w
 CVE-2025-27404 (Icinga Web 2 is an open source monitoring web interface, framework and ...)
 	- icingaweb2 2.12.4-1
+	[bullseye] - icingaweb2 <postponed> (Minor issue, reflected XSS, unknown patch)
 	NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-c6pg-h955-wf66
 CVE-2025-27267 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme


=====================================
data/dla-needed.txt
=====================================
@@ -136,12 +136,6 @@ hdf5
   NOTE: 20251014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117607
   NOTE: 20251107: Please fix what can be reasonably fixed, and add a README.Debian as requested in #1117607 (Beuc/front-desk)
 --
-icingaweb2
-  NOTE: 20250421: Added by Front-Desk (rouca)
-  NOTE: 20250603: I checked the CVEs fixed with the latest release but cannot find the related patches (dleidert)
-  NOTE: 20250603: I also saw in the release log that multiple issues were fixed without mentioning any CVE (dleidert)
-  NOTE: 20250603: upstream should be asked about the patches for CVE 2025-* (dleidert)
---
 jackson-core
   NOTE: 20250707: Added by Front-Desk (apo)
   NOTE: 20251016: A single patch is not possible to apply to fix the CVE. I'm working on backporting more than one.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18c2f83b0c686e452c7b4aa74f0143986ee84fc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18c2f83b0c686e452c7b4aa74f0143986ee84fc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251108/be0cb456/attachment.htm>
