Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0980f162 by Moritz Muehlenhoff at 2025-05-05T16:23:10+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,10 +1,12 @@
CVE-2025-43926 [ZSA-2025-07]
[experimental] - znuny 6.5.15-1
- znuny <unfixed> (bug #1104739)
+ [bookworm] - znuny <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2025-07
CVE-2025-26847 [ZSA-2025-06]
[experimental] - znuny 6.5.15-1
- znuny <unfixed> (bug #1104739)
+ [bookworm] - znuny <no-dsa> (Non-free not supported)
NOTE: https://www.znuny.org/en/advisories/zsa-2025-06
CVE-2025-4273
REJECTED
@@ -138,8 +140,9 @@ CVE-2025-4170 (The Xavin's Review Ratings plugin for
WordPress is vulnerabl
CVE-2025-4168 (The Subpage List plugin for WordPress is vulnerable to Stored
Cross-Si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-47229 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to
cause a d ...)
- - pspp <unfixed> (bug #1104636)
+ - pspp <unfixed> (unimportant; bug #1104636)
NOTE: https://savannah.gnu.org/bugs/?67049
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-47226 (Grokability Snipe-IT before 8.1.0 has incorrect authorization
for acce ...)
- snipe-it <itp> (bug #1005172)
CVE-2025-46723 (OpenVM is a performant and modular zkVM framework built for
customizat ...)
@@ -156,9 +159,12 @@ CVE-2025-0782 (A vulnerability in the S3 bucket
configuration for h2oai/h2o-3 al
NOT-FOR-US: h2oai/h2o-3
CVE-2024-55069 (ffmpeg 7.1 is vulnerable to Null Pointer Dereference in
function iamf_ ...)
- ffmpeg 7:7.1.1-1
+ [bookworm] - ffmpeg <not-affected> (Vulnerable code not present)
+ [bullseye] - ffmpeg <not-affected> (Vulnerable code not present)
NOTE: https://trac.ffmpeg.org/ticket/11326
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4cc1495aca45445181a107a682c32cfe3145
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/88126fc4ecff16c8337bab0ff33bee858a18d555
(n7.1.1)
+ NOTE: Introduced in:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b
(n7.0)
CVE-2024-13738 (The The Motors - Car Dealer, Rental & Listing WordPress theme
theme fo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-4214 (A vulnerability was found in PHPGuruku Online DJ Booking
Management Sy ...)
@@ -2339,6 +2345,7 @@ CVE-2025-30202 (vLLM is a high-throughput and
memory-efficient inference and ser
- vllm <itp> (bug #1095237)
CVE-2025-29906 (Finit is a fast init for Linux systems. Versions starting from
3.0-rc1 ...)
- finit 4.11-1
+ [bookworm] - finit <no-dsa> (Minor issue)
NOTE:
https://github.com/troglobit/finit/security/advisories/GHSA-563g-p98j-mc9q
NOTE:
https://github.com/troglobit/finit/commit/6528628b5c771c25ffa0cb1a46c6c89d9d0d69e0
(4.11-rc1)
CVE-2025-25962 (An issue in Coresmartcontracts Uniswap v.3.0 and fixed in
v.4.0 allows ...)
@@ -2841,6 +2848,7 @@ CVE-2025-46654 (CodiMD through 2.2.0 has a CSP-based
protection mechanism agains
NOT-FOR-US: CodiMD
CVE-2025-46653 (Formidable (aka node-formidable) 2.1.0 through 3.x before
3.5.3 relies ...)
- node-formidable <unfixed> (bug #1104246)
+ [bookworm] - node-formidable <ignored> (Minor issue)
NOTE: Fixed by:
https://github.com/node-formidable/formidable/commit/022c2c5577dfe14d2947f10909d81b03b6070bf5
(v3.5.3)
CVE-2025-46580 (There is a code-related vulnerability in the GoldenDB database
product ...)
NOT-FOR-US: ZTE
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980f162b85c432d0ba8c8dc5eff62717b045c6f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0980f162b85c432d0ba8c8dc5eff62717b045c6f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
