Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0f105ed4 by Moritz Muehlenhoff at 2025-03-17T17:44:46+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4023,10 +4023,10 @@ CVE-2025-25726
CVE-2025-25725
REJECTED
CVE-2025-25724 (list_item_verbose in tar/util.c in libarchive through 3.7.7
does not c ...)
- - libarchive <unfixed>
+ - libarchive <unfixed> (unimportant)
NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
NOTE: https://github.com/libarchive/libarchive/issues/2529
- TODO: check, might be just crashing CLI and so unimportant,
additionally unclear status
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-1810 (A vulnerability was found in Pixsoft Vivaz 6.0.11. It has been
classif ...)
NOT-FOR-US: Pixsoft Vivaz
CVE-2025-1809 (A vulnerability was found in Pixsoft Sol up to 7.6.6c and
classified a ...)
@@ -4618,6 +4618,7 @@ CVE-2024-13148 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2024-10918 (Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10
allows ...)
{DLA-4084-1}
- libmodbus 3.1.11-1
+ [bookworm] - libmodbus <no-dsa> (Minor issue)
NOTE:
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-10918
NOTE:
https://github.com/stephane/libmodbus/commit/df79a02feb253c0a9a009bcdbb21e47581315111
(v3.1.11)
NOTE:
https://github.com/stephane/libmodbus/commit/d8a971e04d52be16bf405b51d934a30b8aa3f2c3
(v3.1.11, follow-up)
@@ -5398,8 +5399,10 @@ CVE-2024-6810 (The Quiz Organizer plugin for WordPress
is vulnerable to Stored C
NOT-FOR-US: WordPress plugin
CVE-2024-53427 (decNumberCopy in decNumber.c in jq through 1.7.1 does not
properly con ...)
- jq <unfixed>
+ [bookworm] - jq <no-dsa> (Minor issue)
[bullseye] - jq <postponed> (Minor issue, wait until it's fixed
upstream)
NOTE: https://github.com/jqlang/jq/issues/3196
+ NOTE:
https://github.com/jqlang/jq/commit/a09a4dfd55e6c24d04b35062ccfe4509748b1dd3
CVE-2024-52925 (In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code
execution ca ...)
NOT-FOR-US: OPSWAT MetaDefender Kiosk
CVE-2024-47053 (This advisory addresses an authorization vulnerability in
Mautic's HTT ...)
@@ -21265,6 +21268,7 @@ CVE-2025-23022 (FreeType 2.8.1 has a signed integer
overflow in cf2_doFlex in cf
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312
CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer
overflow (an ...)
- libfcgi <unfixed> (bug #1092774)
+ [bookworm] - libfcgi <no-dsa> (Minor issue)
[bullseye] - libfcgi <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/FastCGI-Archives/fcgi2/issues/67
CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command
injectio ...)
@@ -75858,6 +75862,7 @@ CVE-2024-1469
CVE-2024-0397 (A defect was discovered in the Python \u201cssl\u201d module
where the ...)
{DSA-5759-1 DLA-3980-1}
- pypy3 7.3.16+dfsg-1
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
- python3.13 <not-affected> (Fixed before initial upload to Debian
unstable)
- python3.12 3.12.3-1
- python3.11 3.11.9-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f105ed4958f514a4306f203c7eadaedfeaeead1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f105ed4958f514a4306f203c7eadaedfeaeead1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
