[Git][security-tracker-team/security-tracker][master] bookworm triage

Wed, 19 Feb 2025 08:17:35 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3abe3307 by Moritz Muehlenhoff at 2025-02-19T17:16:24+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,12 +40,14 @@ CVE-2025-25891 (A buffer overflow vulnerability was 
discovered in D-Link DSL-378
        NOT-FOR-US: D-Link
 CVE-2025-25475 (A NULL pointer dereference in the component 
/libsrc/dcrleccd.cc of DCM ...)
        - dcmtk <unfixed>
+       [bookworm] - dcmtk <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=bffa3e9116abb7038b432443f16b1bd390e80245
 CVE-2025-25474 (DCMTK v3.6.9+ DEV was discovered to contain a buffer overflow 
via the  ...)
        - dcmtk <unfixed>
        NOTE: Fixed by: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=1d205bcd307164c99e0d4bbf412110372658d847
 CVE-2025-25473 (FFmpeg git master before commit c08d30 was discovered to 
contain a NUL ...)
        - ffmpeg <unfixed>
+       [bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in 
the 5.1 branch)
        NOTE: https://trac.ffmpeg.org/ticket/11419
        NOTE: Fixed by: 
https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c08d300481b8ebb846cd43a473988fdbc6793d1b
 CVE-2025-25472 (A buffer overflow in DCMTK git master v3.6.9+ DEV allows 
attackers to  ...)
@@ -84,11 +86,11 @@ CVE-2025-1065 (The Visualizer: Tables and Charts Manager 
for WordPress plugin fo
 CVE-2025-0865 (The WP Media Category Management plugin for WordPress is 
vulnerable to ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-0633 (Heap-based Buffer Overflow vulnerability 
ininiparser_dumpsection_ini() ...)
-       - iniparser 4.2.6-1
-       [bookworm] - iniparser <no-dsa> (Minor issue)
+       - iniparser 4.2.6-1 (unimportant)
        NOTE: https://gitlab.com/iniparser/iniparser/-/issues/177
        NOTE: (updated) Testcase: 
https://gitlab.com/iniparser/iniparser/-/commit/fe09afa96cbbae09f796f797c75ff3b3e60d2e7b
 (v4.2.6)
        NOTE: Fixed by: 
https://gitlab.com/iniparser/iniparser/-/commit/072a39a772a38c475e35a1be311304ca99e9de7f
 (v4.2.6)
+       NOTE: Doesn't cross any security boundary
 CVE-2024-13854 (The Education Addon for Elementor plugin for WordPress is 
vulnerable t ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-13799 (The User Private Files \u2013 File Upload & Download Manager 
with Secu ...)
@@ -2914,6 +2916,7 @@ CVE-2024-13010 (The WP Foodbakery plugin for WordPress is 
vulnerable to Reflecte
        NOT-FOR-US: WordPress plugin
 CVE-2024-11831 (A flaw was found in npm-serialize-javascript. The 
vulnerability occurs ...)
        - node-serialize-javascript <unfixed> (bug #1095767)
+       [bookworm] - node-serialize-javascript <no-dsa> (Minor issue)
        NOTE: https://github.com/yahoo/serialize-javascript/pull/173
        NOTE: Fixed by: 
https://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e
 (v6.0.2)
 CVE-2024-11621 (Missing certificate validation in Devolutions Remote Desktop 
Manager o ...)
@@ -3332,6 +3335,7 @@ CVE-2025-22866 (Due to the usage of a variable time 
instruction in the assembly
        - golang-1.23 1.23.6-1
        - golang-1.22 1.22.12-1
        - golang-1.19 <removed>
+       [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <ignored> (powerpc not supported in LTS)
        NOTE: https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k
@@ -5751,6 +5755,7 @@ CVE-2024-45340 (Credentials provided via the new GOAUTH 
feature were not being p
 CVE-2024-45339 (When logs are written to a widely-writable directory (the 
default), an ...)
        {DLA-4056-1}
        - golang-glog 1.2.4-1 (bug #1094733)
+       [bookworm] - golang-glog <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/golang/glog/commit/a0e3c40a0ed0cecc58c84e7684d9ce55a54044ee 
(v1.2.4)
        NOTE: Complete fix: https://github.com/golang/glog/pull/74
 CVE-2024-44172 (A privacy issue was addressed with improved private data 
redaction for ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3abe33079002fbd71dc60f786b3f65aea105ec85

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3abe33079002fbd71dc60f786b3f65aea105ec85
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to