[Git][security-tracker-team/security-tracker][master] Add libjson-xs-perl and libcpanel-json-xs-perl to dsa-needed list
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Sep 8 18:16:06 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c3dc5497 by Salvatore Bonaccorso at 2025-09-08T19:15:50+02:00
Add libjson-xs-perl and libcpanel-json-xs-perl to dsa-needed list
Revert "Mark JSON::XS related CVEs as no-dsa"
This reverts commit b7bda88d42cf79f80bc9f5fe6e0ab851a2d6d30b.
Add then to dsa-needed list. The modules are widely used enough in
various web frameworks to handle JSON input.
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2,14 +2,10 @@ CVE-2025-40930
NOT-FOR-US: JSON::SIMD Perl module
CVE-2025-40929
- libcpanel-json-xs-perl <unfixed>
- [trixie] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
- [bookworm] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608920/
NOTE: Fixed by: https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2 (4.40)
CVE-2025-40928
- libjson-xs-perl 4.030-3
- [trixie] - libjson-xs-perl <no-dsa> (Minor issue)
- [bookworm] - libjson-xs-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608909/
NOTE: https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch
CVE-2025-58782
=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,10 @@ jetty9/oldstable
--
jetty12/stable
--
+libcpanel-json-xs-perl (carnil)
+--
+libjson-xs-perl (carnil)
+--
libreswan/oldstable
Waiting on feedback from maintainer
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dc5497210d951dad5570d8c8496dc873ce5420
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dc5497210d951dad5570d8c8496dc873ce5420
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250908/59a5bfe3/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list