Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7266078d by Chris Lamb at 2025-08-13T13:54:00-07:00
data/dla-needed.txt: Triage intel-microcode for bullseye LTS.
- - - - -
815ba1d4 by Chris Lamb at 2025-08-13T13:54:02-07:00
Triage CVE-2023-53159 in rust-openssl for bullseye LTS.
- - - - -
db2ff788 by Chris Lamb at 2025-08-13T13:54:03-07:00
Triage CVE-2025-7039 in glib2.0 for bullseye LTS.
- - - - -
202f321b by Chris Lamb at 2025-08-13T13:54:05-07:00
Triage CVE-2024-38805 in edk2 for bullseye LTS.
- - - - -
68356f44 by Chris Lamb at 2025-08-13T13:54:06-07:00
data/dla-needed.txt: Triage lemonldap-ng for bullseye LTS (CVE-2024-52948)
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -928,6 +928,7 @@ CVE-2024-38805 (EDK2 contains a vulnerability in BIOS where
a user may cause an
- edk2 <unfixed>
[trixie] - edk2 <no-dsa> (Minor issue)
[bookworm] - edk2 <no-dsa> (Minor issue)
+ [bullseye] - edk2 <postponed> (Minor issue; can be fixed in next update)
NOTE:
https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x
CVE-2024-33607 (Out-of-bounds read in some Intel(R) TDX module software before
version ...)
NOT-FOR-US: Intel
@@ -1441,6 +1442,7 @@ CVE-2025-7039 [buffer underrun in get_tmp_file()]
- glib2.0 2.84.4-1 (bug #1110640)
[trixie] - glib2.0 <no-dsa> (Minor issue)
[bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bullseye] - glib2.0 <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3716
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4674
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/glib/-/commit/61e963284889ddb4544e6f1d5261c16120f6fcc3
(2.85.2)
@@ -4436,6 +4438,7 @@ CVE-2024-58264 (The serde-json-wasm crate before 1.0.1
for Rust allows stack con
CVE-2023-53159 (The openssl crate before 0.10.55 for Rust allows an
out-of-bounds read ...)
- rust-openssl 0.10.57-1
[bookworm] - rust-openssl <no-dsa> (Minor issue)
+ [bullseye] - rust-openssl <postponed> (Minor issue; can be fixed in
next update)
NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0044.html
NOTE: https://github.com/sfackler/rust-openssl/issues/1965
NOTE:
https://github.com/sfackler/rust-openssl/commit/155b3dc71700d2ff31651bbc99b991765a718c4e
@@ -64616,7 +64619,6 @@ CVE-2023-36998 (The NextEPC MME <= 1.0.1 (fixed in
commit a8492c9c5bc0a66c6999cb
CVE-2024-52948 [CSRF on 2FA registration]
- lemonldap-ng 2.20.2+ds-1
[bookworm] - lemonldap-ng 2.16.1+ds-deb12u5
- [bullseye] - lemonldap-ng <postponed> (Minor issue; can be fixed in
next update)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3258
NOTE:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/0e69ee17ee7e78569a6f7a3c859105e958d374d4
NOTE:
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/d65bd9cb8e9a620f71214d87e937747d7b415999
=====================================
data/dla-needed.txt
=====================================
@@ -166,6 +166,9 @@ icingaweb2
NOTE: 20250603: I also saw in the release log that multiple issues were
fixed without mentioning any CVE (dleidert)
NOTE: 20250603: upstream should be asked about the patches for CVE 2025-*
(dleidert)
--
+intel-microcode
+ NOTE: 20250813: Added by Front-Desk (lamby)
+--
iperf3 (bunk)
NOTE: 20250805: Added by Front-Desk (rouca)
--
@@ -181,6 +184,10 @@ knot-resolver
NOTE: 20250506: Writting to upstream to get a PoC to reproduce open CVEs.
NOTE: 20250522: Processing some tips received by upstream to try to
reproduce CVE. Still working on the patches.
--
+lemonldap-ng
+ NOTE: 20250813: Added by Front-Desk (lamby)
+ NOTE: 20250813: CVE-2024-52948 was marked as <postponed>, but fixed in
bookworm. (lamby)
+--
libcommons-lang3-java (dleidert)
NOTE: 20250713: Added by Front-Desk (apo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/908fd6ab5ab49602ec72a7f4dda355d004a91215...68356f44c9e41c633ece6c2d7a9ec03b39c60f58
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/908fd6ab5ab49602ec72a7f4dda355d004a91215...68356f44c9e41c633ece6c2d7a9ec03b39c60f58
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
