Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3e215a6d by Moritz Muehlenhoff at 2025-04-14T18:45:26+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -16,9 +16,11 @@ CVE-2025-3550 (A vulnerability has been found in wowjoy
\u6d59\u6c5f\u6e56\u5dde
NOT-FOR-US: wowjoy Internet Doctor Workstation System
CVE-2025-3549 (A vulnerability, which was classified as critical, was found in
Open A ...)
- assimp <unfixed>
+ [bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6070
CVE-2025-3548 (A vulnerability, which was classified as critical, has been
found in O ...)
- assimp <unfixed>
+ [bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6068
NOTE: https://github.com/assimp/assimp/pull/6073
NOTE: Fixed by:
https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a
@@ -516,6 +518,7 @@ CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File
Deletion via the id para
NOT-FOR-US: BlueCMS
CVE-2025-29088 (An issue in sqlite v.3.49.0 allows an attacker to cause a
denial of se ...)
- sqlite3 <unfixed> (bug #1102670)
+ [bookworm] - sqlite3 <no-dsa> (Minor issue)
NOTE:
https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code
Astro Inter ...)
NOT-FOR-US: CodeAstro
@@ -1653,15 +1656,19 @@ CVE-2025-3410 (A vulnerability classified as critical
was found in mymagicpower
NOT-FOR-US: mymagicpower AIAS
CVE-2025-3409 (A vulnerability classified as critical has been found in
Nothings stb ...)
- libstb <unfixed>
+ [bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1771
CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has
been r ...)
- libstb <unfixed>
+ [bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1770
CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has
been d ...)
- libstb <unfixed>
+ [bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1769
CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has
been c ...)
- libstb <unfixed>
+ [bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1772
CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel
3.0.27 ...)
NOT-FOR-US: FCJ Venture Builder appclientefiel
@@ -1914,6 +1921,7 @@ CVE-2025-29594 (A vulnerability exists in the
errorpage.php file of the CS2-Weap
NOT-FOR-US: CS2-WeaponPaints-Website
CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local
attacke ...)
- libheif <unfixed>
+ [bookworm] - libheif <no-dsa> (Minor issue)
NOTE: https://github.com/lmarch2/poc/blob/main/libheif/libheif.md
CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local
attacker ...)
- libbpf <unfixed> (bug #1102672)
@@ -2032,6 +2040,7 @@ CVE-2024-43046 (There may be information disclosure
during memory re-allocation
NOT-FOR-US: Qualcomm
CVE-2024-38797 (EDK2 contains a vulnerability in the HashPeImageByType(). A
user may c ...)
- edk2 <unfixed> (bug #1102519)
+ [bookworm] - edk2 <no-dsa> (Minor issue)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf
CVE-2024-33058 (Memory corruption while assigning memory from the source DDR
memory(HL ...)
NOT-FOR-US: Qualcomm
@@ -2271,6 +2280,7 @@ CVE-2025-30473 (Improper Neutralization of Special
Elements used in an SQL Comma
NOT-FOR-US: Apache Airflow SQL provider
CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties
argument in c ...)
- rust-openssl 0.10.72-1 (bug #1102137)
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
NOTE: https://github.com/sfackler/rust-openssl/pull/2390
NOTE:
https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
@@ -3579,6 +3589,7 @@ CVE-2024-42325 (Zabbix API user.get returns all users
that share common group wi
NOTE: https://support.zabbix.com/browse/ZBX-26258
CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot
Operating ...)
- ros-dynamic-reconfigure <unfixed> (bug #1102010)
+ [bookworm] - ros-dynamic-reconfigure <no-dsa> (Minor issue)
NOTE: https://github.com/ros/dynamic_reconfigure/pull/202
NOTE: Fixed by:
https://github.com/ros/dynamic_reconfigure/commit/9975cc8b55b3039115da6662cc7279cc65303844
CVE-2024-36469 (Execution time for an unsuccessful login differs when using a
non-exis ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -64,6 +64,8 @@ sympa
--
tcpdf
--
+vips
+--
wordpress
--
zabbix
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e215a6dbb81cb581822cfa8b60c65cfc2699a9b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e215a6dbb81cb581822cfa8b60c65cfc2699a9b
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
