Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
09d5c152 by Moritz Muehlenhoff at 2025-05-13T10:06:32+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -244,7 +244,8 @@ CVE-2025-47828 (Lumi H5P-Nodejs-library before 9.3.3 omits
a sanitizeHtml call f
CVE-2025-47817 (In BlueWave Checkmate through 2.0.2 before b387eba, a profile
edit req ...)
NOT-FOR-US: BlueWave Checkmate
CVE-2025-47816 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to
cause an ...)
- - pspp <unfixed> (bug #1105104)
+ - pspp <unfixed> (unimportant; bug #1105104)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://savannah.gnu.org/bugs/?67073
CVE-2025-47815 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to
cause a h ...)
- pspp <unfixed> (bug #1105105)
@@ -8548,6 +8549,7 @@ CVE-2025-30723 (Vulnerability in the Oracle BI Publisher
product of Oracle Analy
CVE-2025-30722 (Vulnerability in the MySQL Client product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.42-1 (bug #1103385)
- mariadb <unfixed>
+ [bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point
release)
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 <postponed> (Minor issue, follow bookworm PU,
possible performance regression #1104874)
NOTE: https://mariadb.com/kb/en/security/
@@ -8621,6 +8623,7 @@ CVE-2025-30694 (Vulnerability in the XML Database
component of Oracle Database S
CVE-2025-30693 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 8.0.42-1 (bug #1103385)
- mariadb <unfixed>
+ [bookworm] - mariadb <no-dsa> (Minor issue, will be fixed in next point
release)
- mariadb-10.5 <removed>
[bullseye] - mariadb-10.5 <postponed> (Minor issue, follow bookworm PU,
possible performance regression #1104874)
NOTE: https://mariadb.com/kb/en/security/
@@ -10881,6 +10884,7 @@ CVE-2025-32460 (GraphicsMagick before 8e56520 has a
heap-based buffer over-read
NOTE:
https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
CVE-2025-31672 (Improper Input Validation vulnerability in Apache POI. The
issue affec ...)
- libapache-poi-java <unfixed> (bug #1103629)
+ [bookworm] - libapache-poi-java <no-dsa> (Minor issue)
[bullseye] - libapache-poi-java <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/08/2
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=69620
=====================================
data/dsa-needed.txt
=====================================
@@ -56,17 +56,21 @@ ring
ruby-saml
Utkarsh Gupta might work on an update
--
+slurm-wlm
+--
sogo
--
sympa
--
tcpdf
--
-varnish
+varnish (jmm)
Maintainer has prepared an update
--
wordpress
--
+xen
+--
yelp
--
zabbix
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09d5c152bc39acde92cdf85a27e16bdf4b498752
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/09d5c152bc39acde92cdf85a27e16bdf4b498752
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
