Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ad8cb8e by Moritz Muehlenhoff at 2025-03-24T11:51:49+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -171,6 +171,7 @@ CVE-2025-30472 (Corosync through 3.1.9, if encryption is
disabled or the attacke
CVE-2025-30204 (golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 ...)
- golang-github-golang-jwt-jwt-v5 5.2.2-1
- golang-github-golang-jwt-jwt 5.0.0+really4.5.2-1
+ [bookworm] - golang-github-golang-jwt-jwt <no-dsa> (Minor issue)
NOTE:
https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
NOTE: Fixed by:
https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
(v5.2.2)
NOTE: Fixed by:
https://github.com/golang-jwt/jwt/commit/2f0e9add62078527821828c76865661aa7718a84
(v4.5.2)
@@ -222,7 +223,9 @@ CVE-2025-26796 (** UNSUPPORTED WHEN ASSIGNED ** Improper
Neutralization of Input
NOT-FOR-US: Apache Oozie
CVE-2025-30349 (Horde IMP through 6.2.27, as used with Horde Application
Framework thr ...)
- php-horde <unfixed>
+ [bookworm] - php-horde <ignored> (Horde in Bookworm is broken due to
PHP 8 issues and will be removed in the next point release)
- php-horde-imp <unfixed>
+ [bookworm] - php-horde-imp <ignored> (Horde in Bookworm is broken due
to PHP 8 issues and will be removed in the next point release)
NOTE:
https://web.archive.org/web/20250321152616/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057781.html
NOTE:
https://web.archive.org/web/20250321162434/https://lists.horde.org/archives/imp/Week-of-Mon-20250317/057784.html
CVE-2025-30179 (Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x
<= 9.11 ...)
@@ -245,11 +248,13 @@ CVE-2025-2593 (A vulnerability has been found in FastCMS
up to 0.1.5 and classif
NOT-FOR-US: FastCMS
CVE-2025-2592 (A vulnerability, which was classified as critical, has been
found in O ...)
- assimp <unfixed>
+ [bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6010
NOTE: https://github.com/assimp/assimp/pull/6052
NOTE: Fixed by:
https://github.com/assimp/assimp/commit/2690e354da0c681db000cfd892a55226788f2743
CVE-2025-2591 (A vulnerability classified as problematic was found in Open
Asset Impo ...)
- assimp <unfixed>
+ [bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6009
NOTE: https://github.com/assimp/assimp/pull/6047
NOTE: Fixed by:
https://github.com/assimp/assimp/commit/bcf11c252a9635af83c0f48b5ebdfad8e1ab5522
@@ -259,6 +264,7 @@ CVE-2025-2589 (A vulnerability was found in code-projects
Human Resource Managem
NOT-FOR-US: code-projects
CVE-2025-2588 (A vulnerability has been found in Hercules Augeas 1.14.1 and
classifie ...)
- augeas <unfixed>
+ [bookworm] - augeas <no-dsa> (Minor issue)
NOTE: https://github.com/hercules-team/augeas/issues/852
CVE-2025-2587 (A vulnerability, which was classified as critical, was found in
Jinher ...)
NOT-FOR-US: Jinher OA C6
@@ -3736,14 +3742,17 @@ CVE-2025-1362 (The URL Shortener | Conversion Tracking
| AB Testing | WooComme
NOT-FOR-US: WordPress plugin
CVE-2023-52971 (MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.*
crashes i ...)
- mariadb <unfixed> (bug #1100437)
+ [bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-32084 (not public)
CVE-2023-52970 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7
through ...)
- mariadb <unfixed> (bug #1100437)
+ [bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-32086 (not public)
CVE-2023-52969 (MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7
through ...)
- mariadb <unfixed> (bug #1100437)
+ [bookworm] - mariadb <no-dsa> (Minor issue)
- mariadb-10.5 <removed>
NOTE: https://jira.mariadb.org/browse/MDEV-32083 (not public)
CVE-2023-52968 (MariaDB Server 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6
before 1 ...)
@@ -16808,6 +16817,7 @@ CVE-2025-24527 (An issue was discovered in Akamai
Enterprise Application Access
NOT-FOR-US: Akamai
CVE-2025-24374 (Twig is a template language for PHP. When using the ??
operator, outpu ...)
- php-twig 3.19.0-1~bootstrap
+ [bookworm] - php-twig <no-dsa> (Minor issue)
- twig <removed>
NOTE:
https://github.com/twigphp/Twig/security/advisories/GHSA-3xg3-cgvq-2xwr
NOTE:
https://github.com/twigphp/Twig/commit/38576b12f05df3cc871bf68f39ccb46b418334a3
(v3.19.0)
@@ -44944,6 +44954,7 @@ CVE-2024-49761 (REXML is an XML toolkit for Ruby. The
REXML gem before 3.3.9 has
- ruby3.3 <unfixed>
- ruby3.2 <removed>
- ruby3.1 <unfixed>
+ [bookworm] - ruby3.1 <no-dsa> (Minor issue)
- ruby2.7 <removed>
NOTE:
https://github.com/ruby/rexml/security/advisories/GHSA-2rxp-v6pw-ch6m
NOTE:
https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
(v3.3.9)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad8cb8ea52a62b9ede9548abf4e53c3c6340a37
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ad8cb8ea52a62b9ede9548abf4e53c3c6340a37
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
