[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Thu, 17 Apr 2025 11:47:05 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b0f5b7e4 by Moritz Muehlenhoff at 2025-04-17T20:46:38+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4072,9 +4072,11 @@ CVE-2024-57835 (Amon2::Auth::Site::LINE uses the 
String::Random moduleto generat
        NOT-FOR-US: Amon2::Auth::Site::LINE Perl module
 CVE-2024-58036 (Net::Dropbox::API 1.9 and earlier for Perl uses the rand() 
function as ...)
        - libnet-dropbox-api-perl <unfixed> (bug #1102147)
+       [bookworm] - libnet-dropbox-api-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/28504518/
 CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as 
the defa ...)
        - libweb-api-perl <unfixed> (bug #1102148)
+       [bookworm] - libweb-api-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
 CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Apache Airflow SQL provider
@@ -9408,6 +9410,7 @@ CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 
3.6.3, in some cases of f
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
 CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client 
side, acce ...)
        - mbedtls 3.6.3-1 (bug #1101499)
+       [bookworm] - mbedtls <no-dsa> (Minor issue)
        NOTE: https://github.com/Mbed-TLS/mbedtls/issues/466
        NOTE: 
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
 CVE-2025-26512 (SnapCenter versions prior to  6.0.1P1 and 6.1P1 are 
susceptible to a v ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -28,7 +28,7 @@ graphicsmagick (carnil)
 --
 jpeg-xl
 --
-libapache2-mod-auth-openidc
+libapache2-mod-auth-openidc (jmm)
   Maintainer prepared update
 --
 libreswan
@@ -45,6 +45,8 @@ netty
 nodejs
   Bastien Roucaries (rouca) showed interest to prepare an update and is 
working on it
 --
+openjdk-17 (jmm)
+--
 opennds
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0f5b7e4d3d71c321b9a599eec3a1bacc6d66f34

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0f5b7e4d3d71c321b9a599eec3a1bacc6d66f34
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to