[Git][security-tracker-team/security-tracker][master] Add libjson-xs-perl and libcpanel-json-xs-perl to dsa-needed list

Sat, 20 Sep 2025 09:14:11 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c3dc5497 by Salvatore Bonaccorso at 2025-09-08T19:15:50+02:00
Add libjson-xs-perl and libcpanel-json-xs-perl to dsa-needed list

Revert "Mark JSON::XS related CVEs as no-dsa"

This reverts commit b7bda88d42cf79f80bc9f5fe6e0ab851a2d6d30b.

Add then to dsa-needed list. The modules are widely used enough in
various web frameworks to handle JSON input.

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,14 +2,10 @@ CVE-2025-40930
        NOT-FOR-US: JSON::SIMD Perl module
 CVE-2025-40929
        - libcpanel-json-xs-perl <unfixed>
-       [trixie] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
-       [bookworm] - libcpanel-json-xs-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608920/
        NOTE: Fixed by: 
https://github.com/rurban/Cpanel-JSON-XS/commit/378236219eaa35742c3962ecbdee364903b0a1f2
 (4.40)
 CVE-2025-40928
        - libjson-xs-perl 4.030-3
-       [trixie] - libjson-xs-perl <no-dsa> (Minor issue)
-       [bookworm] - libjson-xs-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/32608909/
        NOTE: 
https://security.metacpan.org/patches/J/JSON-XS/4.03/CVE-2025-40928-r1.patch
 CVE-2025-58782


=====================================
data/dsa-needed.txt
=====================================
@@ -38,6 +38,10 @@ jetty9/oldstable
 --
 jetty12/stable
 --
+libcpanel-json-xs-perl (carnil)
+--
+libjson-xs-perl (carnil)
+--
 libreswan/oldstable
   Waiting on feedback from maintainer
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dc5497210d951dad5570d8c8496dc873ce5420

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dc5497210d951dad5570d8c8496dc873ce5420
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to