[Git][security-tracker-team/security-tracker][master] Reserve DSA number for shibboleth-sp update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 7 15:09:05 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9f742cd1 by Salvatore Bonaccorso at 2025-09-07T16:08:29+02:00
Reserve DSA number for shibboleth-sp update
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -76,6 +76,8 @@ CVE-2023-31306 (Improper validation of an array index in the AMD graphics driver
TODO: check
CVE-2025-XXXX [SQL injection vulnerability in Service Provider ODBC plugin]
- shibboleth-sp 3.5.1+dfsg-1 (bug #1114506)
+ [trixie] - shibboleth-sp 3.5.0+dfsg-2+deb13u1
+ [bookworm] - shibboleth-sp 3.4.1+dfsg-2+deb12u1
NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-1014
NOTE: https://shibboleth.net/community/advisories/secadv_20250903.txt
CVE-2025-9961 (An authenticated attacker may remotely execute arbitrary code via the ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[07 Sep 2025] DSA-5994-1 shibboleth-sp - security update
+ [bookworm] - shibboleth-sp 3.4.1+dfsg-2+deb12u1
+ [trixie] - shibboleth-sp 3.5.0+dfsg-2+deb13u1
[05 Sep 2025] DSA-5993-1 chromium - security update
{CVE-2025-9864 CVE-2025-9865 CVE-2025-9866 CVE-2025-9867}
[bookworm] - chromium 140.0.7339.80-1~deb12u1
=====================================
data/dsa-needed.txt
=====================================
@@ -63,9 +63,6 @@ ruby-rack/oldstable
ruby-saml/oldstable
Utkarsh Gupta might work on an update
--
-shibboleth-sp (carnil)
- Maintainer prepared update, acked for uploads
---
sogo/oldstable
--
sympa/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f742cd1c151fdbb1b0176605c42b41176b5bedc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f742cd1c151fdbb1b0176605c42b41176b5bedc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250907/31ca29f2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list