Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f4a89085 by Markus Koschany at 2025-03-31T00:01:45+02:00
CVE-2025-31160,atop: bullseye is ignored
because atopgpud is not installed by default (disabled via patch). Netatop is
also not part of
Debian.
- - - - -
f8812de2 by Markus Koschany at 2025-03-31T00:01:45+02:00
Add php-horde to dla-needed.txt
- - - - -
6be62ce3 by Markus Koschany at 2025-03-31T00:01:45+02:00
Add varnish to dla-needed.txt
- - - - -
cba65de2 by Markus Koschany at 2025-03-31T00:01:47+02:00
CVE-2025-2312,cifs-utils: bullseye is not affected
The vulnerable code was introduced later
- - - - -
3c28b536 by Markus Koschany at 2025-03-31T00:01:48+02:00
CVE-2025-30472,corosync: bullseye is postponed
Minor issue. Encryption should be the default and if the attacker knows the
encryption key then the whole application is compromised and the key must be
changed ASAP.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1498,6 +1498,7 @@ CVE-2025-30355 (Synapse is an open source Matrix
homeserver implementation. A ma
NOTE:
https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
(v1.127.1)
CVE-2025-31160 (atop through 2.11.0 allows local users to cause a denial of
service (e ...)
- atop <unfixed>
+ [bullseye] - atop <ignored> (atopgpud is not installed by default)
NOTE: https://www.openwall.com/lists/oss-security/2025/03/26/2
NOTE: https://github.com/Atoptool/atop/issues/334
NOTE: https://www.openwall.com/lists/oss-security/2025/03/29/1
@@ -2570,6 +2571,7 @@ CVE-2024-13666 (The Fluent Forms \u2013 Customizable
Contact Forms, Survey, Quiz
NOT-FOR-US: WordPress plugin
CVE-2025-30472 (Corosync through 3.1.9, if encryption is disabled or the
attacker know ...)
- corosync <unfixed>
+ [bullseye] - corosync <postponed> (Minor issue)
NOTE: https://github.com/corosync/corosync/issues/778
CVE-2025-30204 (golang-jwt is a Go implementation of JSON Web Tokens. Prior to
5.2.2 ...)
- golang-github-golang-jwt-jwt-v5 5.2.2-1
@@ -4315,6 +4317,7 @@ CVE-2023-52315
REJECTED
CVE-2025-2312 (A flaw was found in cifs-utils. When trying to obtain Kerberos
credent ...)
- cifs-utils 2:7.2-1
+ [bullseye] - cifs-utils <not-affected> (The vulnerable code was
introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2352604
NOTE: Depends on change on kernel:
https://git.kernel.org/linus/db363b0a1d9e6b9dc556296f1b1007aeb496a8cf (6.13-rc1)
NOTE: Fixed by:
https://git.samba.org/?p=cifs-utils.git;a=commit;h=89b679228cc1be9739d54203d28289b03352c174
(7.2)
=====================================
data/dla-needed.txt
=====================================
@@ -206,6 +206,11 @@ pagure
pgagent
NOTE: 20250117: Added by Front-Desk (rouca)
--
+php-horde
+ NOTE: 20250330: Added by Front-Desk (apo)
+ NOTE: 20250330: Needs more investigation. Project looks stale. Warrants a
+ NOTE: 20250330: warning to disable HTML emails at least. (apo)
+--
php-laravel-framework
NOTE: 20250307: Added by Front-Desk (rouca)
--
@@ -292,6 +297,9 @@ u-boot (dleidert)
NOTE: 20250219: New CVEs, plus it's time to fix all the no-dsa&postponed
CVEs (Beuc/front-desk)
NOTE: 20250327: All patches prepped; currently testing (dleidert)
--
+varnish
+ NOTE: 20250330: Added by Front-Desk (apo)
+--
webkit2gtk (Emilio)
NOTE: 20250321: Added by Front-Desk (pochu)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4396410bd3a31b5cb0855b7756f587140243f947...3c28b536e9e889527a86c9bd2701896c868bedf5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4396410bd3a31b5cb0855b7756f587140243f947...3c28b536e9e889527a86c9bd2701896c868bedf5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
