Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6111389 by Moritz Muehlenhoff at 2025-03-10T15:08:15+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -193,6 +193,7 @@ CVE-2025-27518 (Cognita is a RAG (Retrieval Augmented
Generation) Framework for
NOT-FOR-US: Cognita
CVE-2025-27152 (axios is a promise based HTTP client for the browser and
node.js. The ...)
- node-axios <unfixed>
+ [bookworm] - node-axios <no-dsa> (Minor issue)
NOTE:
https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
NOTE: Similar to: https://github.com/axios/axios/issues/6463
(CVE-2024-39338)
CVE-2025-26643 (No cwe for this issue in Microsoft Edge (Chromium-based)
allows an una ...)
@@ -1505,6 +1506,7 @@ CVE-2025-27498 (aes-gcm is a pure Rust implementation of
the AES-GCM. In decrypt
NOTE:
https://github.com/RustCrypto/AEADs/commit/d1d749ba57e38e65b0e037cd744d0b17f7254037
CVE-2025-27423 (Vim is an open source, command line text editor. Vim is
distributed wi ...)
- vim <unfixed> (bug #1099610)
+ [bookworm] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
NOTE: Introduced with:
https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29
(v9.1.0858)
NOTE: Fixed by:
https://github.com/vim/vim/commit/334a13bff78aa0ad206bc436885f63e3a0bab399
(v9.1.1164)
@@ -2168,6 +2170,7 @@ CVE-2024-53386 (Stage.js through 0.8.10 allows DOM
Clobbering (with resultant XS
NOT-FOR-US: Stage.js
CVE-2024-53382 (Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with
resulta ...)
- node-prismjs <unfixed> (bug #1099619)
+ [bookworm] - node-prismjs <no-dsa> (Minor issue)
NOTE:
https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660
NOTE: https://github.com/PrismJS/prism/issues/3864
CVE-2025-1801 (A flaw was found in the Ansible aap-gateway. Concurrent
requests handl ...)
@@ -2404,6 +2407,7 @@ CVE-2025-1795 (During an address list folding when a
separating comma ends up on
- python3.13 3.13.0~b1-1
- python3.12 3.12.9-1
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
NOTE: https://github.com/python/cpython/issues/100884
NOTE: Regression issue: https://github.com/python/cpython/issues/118643
@@ -7259,6 +7263,7 @@ CVE-2025-1402 (The Event Tickets and Registration plugin
for WordPress is vulner
NOT-FOR-US: WordPress plugin
CVE-2025-0838 (There exists a heap buffer overflow vulnerable in Abseil-cpp.
The size ...)
- abseil <unfixed> (bug #1098903)
+ [bookworm] - abseil <no-dsa> (Minor issue)
NOTE:
https://github.com/abseil/abseil-cpp/commit/5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
(20250127.rc1)
CVE-2025-0728 (In NetX HTTP server functionality of Eclipse ThreadX NetX Duo
before ...)
NOT-FOR-US: Eclipse ThreadX NetX Duo
@@ -11071,10 +11076,11 @@ CVE-2024-57609 (An issue in Kanaries Inc Pygwalker
before v.0.4.9.9 allows a rem
NOT-FOR-US: Kanaries Inc Pygwalker
CVE-2024-57392 (Buffer Overflow vulnerability in Proftpd commit 4017eff8
allows a remo ...)
{DLA-4077-1}
- - proftpd-dfsg 1.3.8.c+dfsg-2
+ - proftpd-dfsg 1.3.8.c+dfsg-2 (unimportant)
NOTE: https://github.com/proftpd/proftpd/issues/1866
NOTE:
https://github.com/proftpd/proftpd/issues/1866#issuecomment-2645976560
NOTE:
https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d
+ NOTE: Bogus CVE assignment, no security impact
CVE-2024-56889 (Incorrect access control in the endpoint /admin/m_delete.php
of CodeAs ...)
NOT-FOR-US: CodeAstro Complaint Management System
CVE-2024-56467 (IBM EntireX 11.1 could allow a local user to obtain sensitive
informat ...)
@@ -11669,10 +11675,12 @@ CVE-2024-13733 (The SKT Blocks \u2013 Gutenberg based
Page Builder plugin for Wo
CVE-2024-13723 (The "NagVis" component within Checkmk is vulnerable to remote
code exe ...)
- check-mk <removed>
- nagvis 1:1.9.42-1
+ [bookworm] - nagvis <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/04/4
CVE-2024-13722 (The "NagVis" component within Checkmk is vulnerable to
reflected cross ...)
- check-mk <removed>
- nagvis 1:1.9.42-1
+ [bookworm] - nagvis <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/04/3
CVE-2024-13699 (The Qi Addons For Elementor plugin for WordPress is vulnerable
to Stor ...)
NOT-FOR-US: WordPress plugin
=====================================
data/dsa-needed.txt
=====================================
@@ -32,6 +32,8 @@ linux (carnil)
mosquitto (carnil)
Backports of patches for CVEs done, but autopkgtests fail as regression
--
+netty
+--
nodejs
Bastien Roucaries (rouca) showed interest to prepare an update and is
working on it
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d61113899a3b6c2881b2a8954fec41c9da54927f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d61113899a3b6c2881b2a8954fec41c9da54927f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
