Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7709d922 by Moritz Muehlenhoff at 2025-03-25T13:13:26+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3500,12 +3500,15 @@ CVE-2025-25925 (A stored cross-scripting (XSS)
vulnerability in Openmrs v2.4.3 B
NOT-FOR-US: Openmrs
CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users
to set w ...)
- hoteldruid <unfixed> (bug #1101015)
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7
CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of
HotelDruid ...)
- hoteldruid <unfixed> (bug #1101015)
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7
CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid
v.3.0.7 ...)
- hoteldruid <unfixed> (bug #1101015)
+ [bookworm] - hoteldruid <no-dsa> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7
CVE-2025-25680 (LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a
RCE vulne ...)
NOT-FOR-US: LSC Smart Connect LSC Indoor PTZ Camera
@@ -15748,6 +15751,7 @@ CVE-2025-0890 (**UNSUPPORTED WHEN ASSIGNED** Insecure
default credentials for th
NOT-FOR-US: Zyxel
CVE-2025-0825 (cpp-httplib version v0.17.3 through v0.18.3 fails to filter
CRLF chara ...)
- cpp-httplib <unfixed>
+ [bookworm] - cpp-httplib <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/yhirose/cpp-httplib/commit/9c36aae4b73e2b6e493f4133e4173103c9266289
(v0.18.4)
CVE-2025-0630 (Multiple Western Telematic (WTI) products contain a web
interface that ...)
NOT-FOR-US: Western Telematic
@@ -348640,6 +348644,7 @@ CVE-2020-29583 (Firmware version 4.60 of Zyxel USG
devices contains an undocumen
NOT-FOR-US: Zyxel
CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was
used for ...)
- kotlin <unfixed> (bug #1001037)
+ [bookworm] - kotlin <no-dsa> (Minor issue)
NOTE: https://youtrack.jetbrains.com/issue/KT-42181 (not public)
CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a
blank pa ...)
NOT-FOR-US: spiped Docker images
=====================================
data/dsa-needed.txt
=====================================
@@ -28,6 +28,8 @@ jpeg-xl
libreswan
Waiting on feedback from maintainer
--
+libxml2 (aron)
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
@@ -54,6 +56,8 @@ ruby-rack (jmm)
ruby-saml
Utkarsh Gupta might work on an update
--
+simplesamlphp
+--
sogo
--
sympa
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7709d9228bc3f1a675b7327b7e08f389351b8488
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7709d9228bc3f1a675b7327b7e08f389351b8488
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
