[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-61594/ruby2.7: bullseye postponed
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Tue Jan 27 09:07:38 GMT 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d0bf56e5 by Sylvain Beucler at 2026-01-27T10:07:22+01:00
CVE-2025-61594/ruby2.7: bullseye postponed
- - - - -
0e0dac4e by Sylvain Beucler at 2026-01-27T10:07:24+01:00
CVE-2026-23643/cakephp: bullseye not-affected
- - - - -
666e2ccb by Sylvain Beucler at 2026-01-27T10:07:27+01:00
CVE-2023-22727/cakephp: bullseye not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3429,8 +3429,10 @@ CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines dedicat
NOT-FOR-US: GraphQL Modules
CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The PaginatorHelper: ...)
- cakephp <removed>
+ [bullseye] - cakephp <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5
NOTE: https://github.com/cakephp/cakephp/issues/19172
+ NOTE: Introduced by: https://github.com/cakephp/cakephp/commit/87b366cb714f6872e5609a9749ccbfd529886c1b (5.2.10)
NOTE: Fixed by: https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f (5.3.1)
CVE-2026-22865 (Gradle is a build automation tool, and its native-platform tool provid ...)
- gradle <unfixed>
@@ -10570,6 +10572,7 @@ CVE-2025-61594 (URI is a module providing classes to handle Uniform Resource Ide
- ruby3.1 <removed>
[bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
+ [bullseye] - ruby2.7 <postponed> (Minor issue, infoleak in specific scenario)
- rubygems <unfixed>
[trixie] - rubygems <no-dsa> (Minor issue)
[bookworm] - rubygems <no-dsa> (Minor issue)
@@ -298321,7 +298324,9 @@ CVE-2023-22728 (Silverstripe Framework is the Model-View-Controller framework th
NOT-FOR-US: Silverstripe
CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...)
- cakephp <removed>
+ [bullseye] - cakephp <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/cakephp/cakephp/security/advisories/GHSA-6g8q-qfpv-57wp
+ NOTE: Introduced by: https://github.com/cakephp/cakephp/commit/7d4200c36742ed39abf9e1b88f6483b8d7a4af7f (3.0.0-dev1)
NOTE: Fixed by: https://github.com/cakephp/cakephp/commit/3f463e7084b5a15e67205ced3a622577cca7a239 (4.4.10)
CVE-2023-22726 (act is a project which allows for local running of github actions. The ...)
NOT-FOR-US: act
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/505d1f2a751e4f92080a1b57d3c48c96227b3ddb...666e2ccbd21dd7fbec1f4afdf16d16310d1f951c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/505d1f2a751e4f92080a1b57d3c48c96227b3ddb...666e2ccbd21dd7fbec1f4afdf16d16310d1f951c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/e195192c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list