[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 17 Mar 2025 14:34:15 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f2bfe395 by Moritz Muehlenhoff at 2025-03-17T22:32:57+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -545,6 +545,7 @@ CVE-2025-XXXX [Parameter manipulation allows the forging of 
signed SAML messages
        NOTE: 
https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=22a610b322e2178abd03e97cdbc8fb50b45efaee
 (3.3.1)
 CVE-2024-8176 (A stack overflow vulnerability exists in the libexpat library 
due to t ...)
        - expat 2.7.0-1
+       [bookworm] - expat <ignored> (Minor issue and too intrusive to impact)
        NOTE: https://blog.hartwork.org/posts/expat-2-7-0-released/
        NOTE: https://github.com/libexpat/libexpat/issues/893
        NOTE: https://github.com/libexpat/libexpat/pull/973
@@ -1853,9 +1854,11 @@ CVE-2025-2151 (A vulnerability classified as critical 
was found in Open Asset Im
        NOTE: Fixed by: 
https://github.com/assimp/assimp/commit/d2c6e64a1122884570caf4aaa589d810f5351f28
 CVE-2025-2149 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been 
rated as ...)
        - pytorch <unfixed>
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/147818
 CVE-2025-2148 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been 
declared ...)
        - pytorch <unfixed>
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/issues/147722
 CVE-2025-2147 (A vulnerability was found in Beijing Zhide Intelligent Internet 
Techno ...)
        NOT-FOR-US: Beijing Zhide Intelligent Internet Technology Modern Farm 
Digital Integrated Management System
@@ -2019,6 +2022,7 @@ CVE-2025-2124 (A vulnerability, which was classified as 
problematic, was found i
        NOT-FOR-US: Control iD RH iD
 CVE-2025-2123 (A vulnerability, which was classified as problematic, has been 
found i ...)
        - geshi <unfixed>
+       [bookworm] - geshi <no-dsa> (Minor issue)
        NOTE: https://github.com/GeSHi/geshi-1.0/issues/159
 CVE-2025-2122 (A vulnerability classified as problematic was found in 
Thinkware Car D ...)
        NOT-FOR-US: Thinkware Car Dashcam F800 Pro
@@ -3337,6 +3341,7 @@ CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the 
URI handling methods (
        {DLA-4082-1}
        - ruby3.3 <unfixed>
        - ruby3.1 <unfixed>
+       [bookworm] - ruby3.1 <no-dsa> (Minor issue)
        - ruby2.7 <removed>
        - rubygems <unfixed>
        NOTE: 
https://github.com/ruby/uri/commit/3675494839112b64d5f082a9068237b277ed1495 
(v1.0.3)
@@ -3347,6 +3352,7 @@ CVE-2025-27220 (In the CGI gem before 0.4.2 for Ruby, a 
Regular Expression Denia
        {DLA-4082-1}
        - ruby3.3 <unfixed>
        - ruby3.1 <unfixed>
+       [bookworm] - ruby3.1 <no-dsa> (Minor issue)
        - ruby2.7 <removed>
        NOTE: 
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27220.yml
        NOTE: 
https://github.com/ruby/cgi/commit/cd1eb08076c8b8e310d4d553d427763f2577a1b6 
(v0.4.2)
@@ -3355,6 +3361,7 @@ CVE-2025-27219 (In the CGI gem before 0.4.2 for Ruby, the 
CGI::Cookie.parse meth
        {DLA-4082-1}
        - ruby3.3 <unfixed>
        - ruby3.1 <unfixed>
+       [bookworm] - ruby3.1 <no-dsa> (Minor issue)
        - ruby2.7 <removed>
        NOTE: 
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cgi/CVE-2025-27219.yml
        NOTE: 
https://github.com/ruby/cgi/commit/9907b76dad0777ee300de236dad4b559e07596ab 
(v0.4.2)
@@ -52703,6 +52710,7 @@ CVE-2024-7254 (Any project that parses untrusted 
Protocol Buffers datacontaining
        [bookworm] - protobuf <no-dsa> (Minor issue)
        [bullseye] - protobuf <postponed> (Minor issue)
        - rust-protobuf <unfixed>
+       [bookworm] - rust-protobuf <no-dsa> (Minor issue)
        NOTE: 
https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa
        NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0437.html
        NOTE: https://github.com/advisories/GHSA-735f-pc8j-v9w8


=====================================
data/dsa-needed.txt
=====================================
@@ -53,6 +53,8 @@ ring
 --
 rsync (carnil)
 --
+ruby-rack
+--
 ruby-saml
 --
 sogo



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2bfe395e0f3f820a2ddcb5e1db686638903e9da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f2bfe395e0f3f820a2ddcb5e1db686638903e9da
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to