Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1179caca by Moritz Muehlenhoff at 2025-01-23T12:33:06+01:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -271,6 +271,7 @@ CVE-2025-20156 (A vulnerability in the REST API of Cisco
Meeting Management coul
NOT-FOR-US: Cisco
CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2)
decryptio ...)
- clamav <unfixed>
+ [bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
NOTE:
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP
on Wind ...)
NOT-FOR-US: Cloudflare
@@ -286,6 +287,7 @@ CVE-2025-0604 (A flaw was found in Keycloak. When an Active
Directory user reset
NOT-FOR-US: Keycloak
CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13
to 2.40 ...)
- glibc 2.40-6
+ [bookworm] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32582
NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/4
NOTE: Fixed by:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c
(2.40-branch)
@@ -873,6 +875,7 @@ CVE-2025-22262 (Improper Neutralization of Input During Web
Page Generation ('Cr
CVE-2025-22150 (Undici is an HTTP/1.1 client. Starting in version 4.5.0 and
prior to v ...)
[experimental] - node-undici 7.2.3+dfsg1+~cs24.12.11-1
- node-undici <unfixed>
+ [bookworm] - node-undici <no-dsa> (Minor issue)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975
NOTE: Fixed by:
https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0
(v5.28.5)
NOTE: Fixed by:
https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385
(v6.21.1)
@@ -10095,10 +10098,12 @@ CVE-2024-37962 (Improper Neutralization of Input
During Web Page Generation ('Cr
NOT-FOR-US: Agency Dominion Fusion
CVE-2024-12801 (Server-Side Request Forgery (SSRF) in SaxEventRecorder by
QOS.CH logba ...)
- logback <unfixed> (bug #1091320)
+ [bookworm] - logback <no-dsa> (Minor issue)
NOTE: https://logback.qos.ch/news.html#1.5.13
NOTE: Fixed by:
https://github.com/qos-ch/logback/commit/5f05041cba4c4ac0a62748c5c527a2da48999f2d
(v_1.5.13)
CVE-2024-12798 (ACE vulnerability in JaninoEventEvaluator by QOS.CH
logback-core ...)
- logback <unfixed> (bug #1091319)
+ [bookworm] - logback <no-dsa> (Minor issue)
NOTE: https://logback.qos.ch/news.html#1.5.13
NOTE: Fixed by:
https://github.com/qos-ch/logback/commit/2cb6d520df7592ef1c3a198f1b5df3c10c93e183
(v_1.5.13)
CVE-2024-12794 (A vulnerability, which was classified as critical, was found
in Codezi ...)
@@ -10194,6 +10199,7 @@ CVE-2024-4229 (Incorrect Default Permissions
vulnerability in Edgecross Basic So
NOT-FOR-US: Edgecross Basic Software for Windows
CVE-2024-45338 (An attacker can craft an input to the Parse functions that
would be pr ...)
- golang-golang-x-net <unfixed> (bug #1091168)
+ [bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
[bullseye] - golang-golang-x-net <postponed> (minor issue; DoS)
NOTE: https://go-review.googlesource.com/c/net/+/637536
NOTE: https://github.com/golang/go/issues/70906
=====================================
data/dsa-needed.txt
=====================================
@@ -47,6 +47,8 @@ mosquitto (carnil)
--
nodejs
--
+openjdk-17 (jmm)
+--
openjpeg2
--
opennds
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1179caca34b536788b47db21b132ea2b87ee3e0c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1179caca34b536788b47db21b132ea2b87ee3e0c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
