Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a89f079c by Moritz Muehlenhoff at 2025-03-22T17:20:38+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -348,6 +348,7 @@ CVE-2024-9900 (mudler/localai version v2.21.1 contains a
Cross-Site Scripting (X
NOT-FOR-US: LocalAI
CVE-2024-9880 (A command injection vulnerability exists in the
`pandas.DataFrame.quer ...)
- pandas <unfixed>
+ [bookworm] - pandas <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d
CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site
Request Forge ...)
- flatpress <itp> (bug #466297)
@@ -1044,6 +1045,7 @@ CVE-2024-12016 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: CM Informatics CM News
CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a
certificate with ...)
- gnupg2 2.2.46-5 (bug #1100990)
+ [bookworm] - gnupg2 <no-dsa> (Minor issue)
NOTE:
https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
NOTE: https://dev.gnupg.org/T7527
NOTE: https://gitlab.com/freepg/gnupg/-/merge_requests/18
@@ -4248,6 +4250,7 @@ CVE-2025-27622 (Jenkins 2.499 and earlier, LTS 2.492.1
and earlier does not reda
NOT-FOR-US: Jenkins (core or plugin)
CVE-2025-27516 (Jinja is an extensible templating engine. Prior to 3.1.6, an
oversight ...)
- jinja2 <unfixed> (bug #1099690)
+ [bookworm] - jinja2 <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
NOTE: Fixed by:
https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7
(3.1.6)
CVE-2025-27508 (Emissary is a P2P based data-driven workflow engine. The
ChecksumCalcu ...)
@@ -24873,9 +24876,11 @@ CVE-2025-21615 (AAT (Another Activity Tracker) is a
GPS-tracking application for
NOT-FOR-US: AAT (Another Activity Tracker)
CVE-2025-21614 (go-git is a highly extensible git implementation library
written in pu ...)
- golang-github-go-git-go-git 5.13.2-1 (bug #1092679)
+ [bookworm] - golang-github-go-git-go-git <no-dsa> (Minor issue)
NOTE:
https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
CVE-2025-21613 (go-git is a highly extensible git implementation library
written in pu ...)
- golang-github-go-git-go-git 5.13.2-1 (bug #1092678)
+ [bookworm] - golang-github-go-git-go-git <no-dsa> (Minor issue)
NOTE:
https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
CVE-2025-21612 (TabberNeue is a MediaWiki extension that allows the wiki to
create tab ...)
NOT-FOR-US: MediaWiki extension TabberNeue
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89f079c63c45d4c687a16c821d2675495d34641
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89f079c63c45d4c687a16c821d2675495d34641
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
