[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Sat, 05 Apr 2025 07:48:30 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
bf3b42d4 by Moritz Muehlenhoff at 2025-04-05T16:48:00+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -436,6 +436,7 @@ CVE-2025-3197 (Versions of the package expand-object from 
0.0.0 are vulnerable t
        TODO: check
 CVE-2025-3196 (A vulnerability, which was classified as critical, was found in 
Open A ...)
        - assimp <unfixed>
+       [bookworm] - assimp <no-dsa> (Minor issue)
        NOTE: https://github.com/assimp/assimp/issues/6069
        TODO: fixed upstream in master, need to identify upstream commit
 CVE-2025-3195 (A vulnerability, which was classified as critical, has been 
found in i ...)
@@ -576,16 +577,19 @@ CVE-2025-3161 (A vulnerability was found in Tenda AC10 
16.03.10.13 and classifie
        NOT-FOR-US: Tenda
 CVE-2025-3160 (A vulnerability has been found in Open Asset Import Library 
Assimp 5.4 ...)
        - assimp <unfixed>
+       [bookworm] - assimp <no-dsa> (Minor issue)
        NOTE: https://github.com/assimp/assimp/issues/6025
        NOTE: https://github.com/assimp/assimp/pull/6049
        NOTE: Fixed by: 
https://github.com/assimp/assimp/commit/4b8f55cc0008af43a8a50b91f0134e2f4e80142e
 CVE-2025-3159 (A vulnerability, which was classified as critical, was found in 
Open A ...)
        - assimp <unfixed>
+       [bookworm] - assimp <no-dsa> (Minor issue)
        NOTE: https://github.com/assimp/assimp/issues/6024
        NOTE: https://github.com/assimp/assimp/pull/6051
        NOTE: Fixed by: 
https://github.com/assimp/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71b
 CVE-2025-3158 (A vulnerability, which was classified as critical, has been 
found in O ...)
        - assimp <unfixed>
+       [bookworm] - assimp <no-dsa> (Minor issue)
        NOTE: https://github.com/assimp/assimp/issues/6023
 CVE-2025-3157 (A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. 
It has ...)
        NOT-FOR-US: Intelbras WRN
@@ -797,6 +801,7 @@ CVE-2025-22871
        - golang-1.23 1.23.8-1
        - golang-1.24 1.24.2-1
        - golang-1.19 <removed>
+       [bookworm] - golang-1.19 <no-dsa> (Minor issue)
        - golang-1.15 <removed>
        [bullseye] - golang-1.15 <postponed> (Limited support, minor issue, 
follow bookworm DSAs/point-releases)
        NOTE: 
https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk/m/cs_6qIK5BAAJ
@@ -982,6 +987,7 @@ CVE-2024-13673 (The Big Boom Directory plugin for WordPress 
is vulnerable to Sto
        NOT-FOR-US: WordPress plugin
 CVE-2024-53868 (Apache Traffic Server allows request smuggling if chunked 
messages are ...)
        - trafficserver <unfixed> (bug #1101996)
+       [bookworm] - trafficserver <postponed> (Fix along with next DSA)
        NOTE: https://www.openwall.com/lists/oss-security/2025/04/02/4
        NOTE: 
https://github.com/apache/trafficserver/commit/f266206adb95951436a21850cef2ad8e9e4a28cf
        NOTE: 
https://github.com/apache/trafficserver/commit/3d2f29c88f9b073cb0fd3b9c7f85430e2170acbb
 (9.2.10-rc0)
@@ -3323,15 +3329,19 @@ CVE-2025-30211 (Erlang/OTP is a set of libraries for 
the Erlang programming lang
        NOTE: 
https://github.com/erlang/otp/commit/5ee26eb412a76ba1c6afdf4524b62939a48d1bce 
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
 CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified 
as probl ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5384
 CVE-2025-2925 (A vulnerability has been found in HDF5 up to 1.14.6 and 
classified as  ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5383
 CVE-2025-2924 (A vulnerability, which was classified as problematic, was found 
in HDF ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5382
 CVE-2025-2923 (A vulnerability, which was classified as problematic, has been 
found i ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5381
 CVE-2025-2922 (A vulnerability classified as problematic was found in Netis 
WF-2404 1 ...)
        NOT-FOR-US: Netis
@@ -3347,15 +3357,19 @@ CVE-2025-2916 (A vulnerability, which was classified as 
critical, has been found
        NOT-FOR-US: Aishida Call Center System
 CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up 
to 1.14 ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5380
 CVE-2025-2914 (A vulnerability classified as problematic has been found in 
HDF5 up to ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5379
 CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been 
rated as p ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5376
 CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been 
declared a ...)
        - hdf5 <unfixed>
+       [bookworm] - hdf5 <no-dsa> (Minor issue)
        NOTE: https://github.com/HDFGroup/hdf5/issues/5370
 CVE-2025-2911 (Unauthorised access to the call forwarding service system in 
MeetMe pr ...)
        NOT-FOR-US: MeetMe
@@ -5865,6 +5879,7 @@ CVE-2025-30347 (Varnish Enterprise before 6.0.13r13 
allows remote attackers to o
 CVE-2025-30346 (Varnish Cache before 7.6.2 and Varnish Enterprise before 
6.0.13r10 all ...)
        {DLA-4101-1}
        - varnish 7.7.0-1
+       [bookworm] - varnish <no-dsa> (Minor issue)
        NOTE: https://varnish-cache.org/security/VSV00015.html
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/8ef69a03b36aeac5f364c01eb20f821860e47f14
 (varnish-7.7.0)
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/a9640a13276048815cc51a12cda2603f4d4444e4
 (varnish-7.6.2)


=====================================
data/dsa-needed.txt
=====================================
@@ -18,6 +18,8 @@ frr
 gh
   Santiago Vila might work on preparing an update
 --
+graphicsmagick
+--
 jpeg-xl
 --
 libreswan



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf3b42d4fd1e25dba0343207a20f33b5fcf8c389

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf3b42d4fd1e25dba0343207a20f33b5fcf8c389
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to