[Git][security-tracker-team/security-tracker][master] Update status for duckdb now entered the archive
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Mar 29 12:08:52 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
00e16589 by Salvatore Bonaccorso at 2026-03-29T13:08:14+02:00
Update status for duckdb now entered the archive
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57035,7 +57035,9 @@ CVE-2025-64511 (MaxKB is an open-source AI assistant for enterprise. In versions
CVE-2025-64482 (Tuleap is an Open Source Suite to improve management of software devel ...)
NOT-FOR-US: Tuleap
CVE-2025-64429 (DuckDB is a SQL database management system. DuckDB implemented block-b ...)
- - duckdb <itp> (bug #1036922)
+ - duckdb <not-affected> (Fixed before initial upload to the archive)
+ NOTE: https://github.com/duckdb/duckdb/security/advisories/GHSA-vmp8-hg63-v2hp
+ NOTE: https://github.com/duckdb/duckdb/pull/17275
CVE-2025-64384 (Missing Authorization vulnerability in jetmonsters JetFormBuilder jetf ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2025-64383 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -81247,7 +81249,8 @@ CVE-2025-59039 (Prebid Universal Creative (PUC) is a JavaScript API to render mu
CVE-2025-59038 (Prebid.js is a free and open source library for publishers to quickly ...)
NOT-FOR-US: Prebid.js
CVE-2025-59037 (DuckDB is an analytical in-process SQL database management system. On ...)
- - duckdb <itp> (bug #1036922)
+ - duckdb <not-affected> (Fixed before initial upload to the archive)
+ NOTE: https://github.com/duckdb/duckdb-node/security/advisories/GHSA-w62p-hx95-gf2c
CVE-2025-59036 (Infrahub offers a central hub to manage data, templates, and playbooks ...)
NOT-FOR-US: Infrahub
CVE-2025-59035 (Indico is an event management system that uses Flask-Multipass, a mult ...)
@@ -205559,7 +205562,8 @@ CVE-2024-5818 (The Royal Elementor Addons and Templates plugin for WordPress is
CVE-2024-41914 (A vulnerability in the web-based management interface of EdgeConnect S ...)
NOT-FOR-US: HPE EdgeConnect SD-WAN Orchestrator
CVE-2024-41672 (DuckDB is a SQL database management system. In versions 1.0.0 and prio ...)
- - duckdb <itp> (bug #1036922)
+ - duckdb <not-affected> (Fixed before initial upload to the archive)
+ NOTE: https://github.com/duckdb/duckdb/security/advisories/GHSA-w2gf-jxc9-pf2q
CVE-2024-41667 (OpenAM is an open access management solution. In versions 15.0.3 and p ...)
NOT-FOR-US: OpenAM
CVE-2024-41666 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e1658932cc9a0f41797a873af1a8e7cf42d8e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e1658932cc9a0f41797a873af1a8e7cf42d8e6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260329/b69e00be/attachment.htm>
More information about the debian-security-tracker-commits
mailing list