[Git][security-tracker-team/security-tracker][master] Consolidate some notes
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Oct 21 16:56:18 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
07b86630 by Salvatore Bonaccorso at 2025-10-21T17:55:00+02:00
Consolidate some notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11594,7 +11594,7 @@ CVE-2025-30187 (In some circumstances, when DNSdist is configured to use the ngh
[bullseye] - dnsdist <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2025/09/18/1
NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2025-05.html
- NOTE: Fixed by patches https://downloads.powerdns.com/patches/2025-05/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2025-05/
CVE-2025-10500 (Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowe ...)
{DSA-6004-1}
- chromium 140.0.7339.185-1
@@ -260917,7 +260917,7 @@ CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in P
[bullseye] - pdns-recursor <not-affected> (Vulnerable code introduced later)
[buster] - pdns-recursor <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2023/01/20/1
- NOTE: https://downloads.powerdns.com/patches/2023-01/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2023-01/
NOTE: https://github.com/PowerDNS/pdns/pull/12442
CVE-2023-22616 (An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5. ...)
NOT-FOR-US: Insyde
@@ -296972,7 +296972,7 @@ CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, wh
[bullseye] - pdns-recursor <end-of-life> (No longer supported with security updates in Bullseye)
[buster] - pdns-recursor <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1
- NOTE: https://downloads.powerdns.com/patches/2022-02/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2022-02/
NOTE: https://github.com/PowerDNS/pdns/commit/21f3d92144bc6a65483a363f6be7237d714c1936 (rec-4.5.10)
CVE-2022-37427
RESERVED
@@ -567973,7 +567973,7 @@ CVE-2018-14644 (An issue has been found in PowerDNS Recursor from 4.0.0 up to an
[stretch] - pdns-recursor 4.0.4-1+deb9u4
[jessie] - pdns-recursor <ignored> (Minor issue)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html
- NOTE: https://downloads.powerdns.com/patches/2018-07/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2018-07/
NOTE: Patch backported for jessie https://git.fosscommunity.in/bhe/patches/raw/master/CVE-2018-14644.patch
CVE-2018-14643 (An authentication bypass flaw was found in the smart_proxy_dynflow com ...)
- foreman <itp> (bug #663101)
@@ -568045,9 +568045,9 @@ CVE-2018-14626 (PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and Po
[stretch] - pdns-recursor 4.0.4-1+deb9u4
[jessie] - pdns-recursor <not-affected> (Vulnerable code not present)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
- NOTE: https://downloads.powerdns.com/patches/2018-05/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2018-05/
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
- NOTE: https://downloads.powerdns.com/patches/2018-06/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2018-06/
CVE-2018-14625 (A flaw was found in the Linux Kernel where an attacker may be able to ...)
{DLA-1771-1}
- linux 4.19.9-1
@@ -578536,9 +578536,9 @@ CVE-2018-10851 (PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5
[stretch] - pdns-recursor 4.0.4-1+deb9u4
[jessie] - pdns-recursor <ignored> (Minor issue)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
- NOTE: https://downloads.powerdns.com/patches/2018-03/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2018-03/
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html
- NOTE: https://downloads.powerdns.com/patches/2018-04/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2018-04/
CVE-2018-10850 (389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race ...)
{DLA-1428-1}
[experimental] - 389-ds-base 1.4.0.13-1
@@ -615950,35 +615950,35 @@ CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS R
[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
- NOTE: https://downloads.powerdns.com/patches/2017-07/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-07/
CVE-2017-15093 (When api-config-dir is set to a non-empty value, which is not the case ...)
- pdns-recursor 4.0.7-1
[stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor 3.6.2-2+deb8u4
[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced later)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
- NOTE: https://downloads.powerdns.com/patches/2017-06/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-06/
CVE-2017-15092 (A cross-site scripting issue has been found in the web interface of Po ...)
- pdns-recursor 4.0.7-1
[stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
- NOTE: https://downloads.powerdns.com/patches/2017-05/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-05/
CVE-2017-15091 (An issue has been found in the API component of PowerDNS Authoritative ...)
- pdns 4.0.5-1
[stretch] - pdns 4.0.3-1+deb9u2
[jessie] - pdns 3.4.1-4+deb8u8
[wheezy] - pdns <not-affected> (Vulnerable code not present)
NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
- NOTE: https://downloads.powerdns.com/patches/2017-04/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-04/
CVE-2017-15090 (An issue has been found in the DNSSEC validation component of PowerDNS ...)
- pdns-recursor 4.0.7-1
[stretch] - pdns-recursor 4.0.4-1+deb9u2
[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
- NOTE: https://downloads.powerdns.com/patches/2017-03/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-03/
CVE-2017-15089 (It was found that the Hotrod client in Infinispan before 9.2.0.CR1 wou ...)
NOT-FOR-US: infinispan
CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...)
@@ -639009,7 +639009,7 @@ CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication m
- dnsdist 1.2.0-1 (low; bug #872854)
[stretch] - dnsdist 1.1.0-2+deb9u1
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
- NOTE: https://downloads.powerdns.com/patches/2017-02
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-02
CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulne ...)
NOT-FOR-US: hawtio
CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...)
@@ -668328,7 +668328,7 @@ CVE-2016-7069 (An issue has been found in dnsdist before 1.2.0 in the way EDNS0
- dnsdist 1.2.0-1 (low; bug #872854)
[stretch] - dnsdist 1.1.0-2+deb9u1
NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
- NOTE: https://downloads.powerdns.com/patches/2017-01
+ NOTE: Patches: https://downloads.powerdns.com/patches/2017-01
CVE-2016-7068 (An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and Power ...)
{DSA-3764-1 DSA-3763-1 DLA-798-1 DLA-788-1}
- pdns 4.0.2-1
@@ -701148,7 +701148,7 @@ CVE-2015-5230 (The DNS packet parsing/generation code in PowerDNS (aka pdns) Aut
- pdns 3.4.6-1
[wheezy] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
[squeeze] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
- NOTE: https://downloads.powerdns.com/patches/2015-02/
+ NOTE: Patches: https://downloads.powerdns.com/patches/2015-02/
CVE-2015-5229 (The calloc function in the glibc package in Red Hat Enterprise Linux ( ...)
- glibc <not-affected> (RHEL-specific backport)
- eglibc <not-affected> (RHEL-specific backport)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07b86630610d28b11e609427338c84001343002c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07b86630610d28b11e609427338c84001343002c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/188f344e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list