[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Thu, 23 Jan 2025 11:08:13 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
f36f53ae by Moritz Muehlenhoff at 2025-01-23T20:07:05+01:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2024-57947 [netfilter: nf_set_pipapo: fix initial map fill]
        [bookworm] - linux 6.1.106-1
        NOTE: 
https://git.kernel.org/linus/791a615b7ad2258c560f91852be54b0480837c93 (6.11-rc1)
 CVE-2025-0650
-       - ovn <unfixed>
+       - ovn <unfixed> (bug #1093884)
        NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/5
        NOTE: 
https://github.com/ovn-org/ovn/commit/249c52ad011cacb4c182dc64e88977ac7c61f668 
(v24.09.2)
 CVE-2024-11931
@@ -67,7 +67,7 @@ CVE-2023-32340 (IBM Sterling B2B Integrator 6.0.0.0 through 
6.1.2.5 and 6.2.0.0
 CVE-2025-23050
        - qt6-connectivity 6.7.2-8
        [bookworm] - qt6-connectivity <no-dsa> (Minor issue)
-       - qtconnectivity-opensource-src <unfixed>
+       - qtconnectivity-opensource-src <unfixed> (bug #1093882)
        [bookworm] - qtconnectivity-opensource-src <no-dsa> (Minor issue)
        [bullseye] - qtconnectivity-opensource-src <postponed> (Minor issue; 
can be fixed in next update)
        NOTE: 
https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux
@@ -274,7 +274,7 @@ CVE-2025-20165 (A vulnerability in the SIP processing 
subsystem of Cisco BroadWo
 CVE-2025-20156 (A vulnerability in the REST API of Cisco Meeting Management 
could allo ...)
        NOT-FOR-US: Cisco
 CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) 
decryptio ...)
-       - clamav <unfixed>
+       - clamav <unfixed> (bug #1093880)
        [bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
        NOTE: 
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
 CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP 
on Wind ...)
@@ -406,7 +406,7 @@ CVE-2025-23087 (This CVE has been issued to inform users 
that they are using End
 CVE-2025-22450 (Inclusion of undocumented features issue exists in UD-LT2 
firmware Ver ...)
        NOT-FOR-US: UD-LT2 firmware
 CVE-2025-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1093879)
 CVE-2025-21570 (Vulnerability in the Oracle Life Sciences Argus Safety product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2025-21569 (Vulnerability in the Oracle Hyperion Data Relationship 
Management prod ...)
@@ -438,7 +438,7 @@ CVE-2025-21557 (Vulnerability in Oracle Application Express 
(component: General)
 CVE-2025-21556 (Vulnerability in the Oracle Agile PLM Framework product of 
Oracle Supp ...)
        NOT-FOR-US: Oracle
 CVE-2025-21555 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21554 (Vulnerability in the Oracle Communications Order and Service 
Managemen ...)
        NOT-FOR-US: Oracle
 CVE-2025-21553 (Vulnerability in the Java VM component of Oracle Database 
Server.  Sup ...)
@@ -452,23 +452,23 @@ CVE-2025-21550 (Vulnerability in the Oracle Financial 
Services Behavior Detectio
 CVE-2025-21549 (Vulnerability in the Oracle WebLogic Server product of Oracle 
Fusion M ...)
        NOT-FOR-US: Oracle
 CVE-2025-21548 (Vulnerability in the MySQL Connectors product of Oracle MySQL 
(compone ...)
-       - mysql-connector-python <unfixed>
+       - mysql-connector-python <unfixed> (bug #1093881)
 CVE-2025-21547 (Vulnerability in the Oracle Hospitality OPERA 5 product of 
Oracle Hosp ...)
        NOT-FOR-US: Oracle
 CVE-2025-21546 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21545 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2025-21544 (Vulnerability in the Oracle Communications Order and Service 
Managemen ...)
        NOT-FOR-US: Oracle
 CVE-2025-21543 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21542 (Vulnerability in the Oracle Communications Order and Service 
Managemen ...)
        NOT-FOR-US: Oracle
 CVE-2025-21541 (Vulnerability in the Oracle Workflow product of Oracle 
E-Business Suit ...)
        NOT-FOR-US: Oracle
 CVE-2025-21540 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21539 (Vulnerability in the PeopleSoft Enterprise FIN eSettlements 
product of ...)
        NOT-FOR-US: Oracle
 CVE-2025-21538 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
@@ -482,15 +482,15 @@ CVE-2025-21535 (Vulnerability in the Oracle WebLogic 
Server product of Oracle Fu
 CVE-2025-21534 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.40-1
 CVE-2025-21533 (Vulnerability in the Oracle VM VirtualBox product of Oracle 
Virtualiza ...)
-       - virtualbox <unfixed>
+       - virtualbox <unfixed> (bug #1093879)
 CVE-2025-21532 (Vulnerability in the Oracle Analytics Desktop product of 
Oracle Analyt ...)
        NOT-FOR-US: Oracle
 CVE-2025-21531 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21530 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2025-21529 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21528 (Vulnerability in the Primavera P6 Enterprise Project Portfolio 
Managem ...)
        NOT-FOR-US: Oracle
 CVE-2025-21527 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
@@ -502,17 +502,17 @@ CVE-2025-21525 (Vulnerability in the MySQL Server product 
of Oracle MySQL (compo
 CVE-2025-21524 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2025-21523 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21522 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21521 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.40-1
 CVE-2025-21520 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21519 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21518 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21517 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2025-21516 (Vulnerability in the Oracle Customer Care product of Oracle 
E-Business ...)
@@ -538,26 +538,26 @@ CVE-2025-21507 (Vulnerability in the JD Edwards 
EnterpriseOne Tools product of O
 CVE-2025-21506 (Vulnerability in the Oracle Project Foundation product of 
Oracle E-Bus ...)
        NOT-FOR-US: Oracle
 CVE-2025-21505 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21504 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.40-1
 CVE-2025-21503 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21502 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
-       - openjdk-8 <unfixed>
+       - openjdk-8 <unfixed> (bug #1093878)
        - openjdk-11 11.0.26+4-1
        - openjdk-17 17.0.14+7-1
        - openjdk-21 21.0.6+7-1
 CVE-2025-21501 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21500 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21499 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 <not-affected> (Only affects MySQL 8.4 and later)
 CVE-2025-21498 (Vulnerability in the Oracle HTTP Server product of Oracle 
Fusion Middl ...)
        NOT-FOR-US: Oracle
 CVE-2025-21497 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21495 (Vulnerability in the MySQL Enterprise Firewall product of 
Oracle MySQL ...)
        NOT-FOR-US: Oracle
 CVE-2025-21494 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
@@ -567,9 +567,9 @@ CVE-2025-21493 (Vulnerability in the MySQL Server product 
of Oracle MySQL (compo
 CVE-2025-21492 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
        - mysql-8.0 8.0.37-1
 CVE-2025-21491 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21490 (Vulnerability in the MySQL Server product of Oracle MySQL 
(component:  ...)
-       - mysql-8.0 <unfixed>
+       - mysql-8.0 <unfixed> (bug #1093877)
 CVE-2025-21489 (Vulnerability in the Oracle Advanced Outbound Telephony 
product of Ora ...)
        NOT-FOR-US: Oracle
 CVE-2025-20617 (Improper neutralization of special elements used in an OS 
command ('OS ...)
@@ -1119,7 +1119,7 @@ CVE-2025-23214 (Cosmos provides users the ability 
self-host a home server by act
 CVE-2025-23044 (PwnDoc is a penetration test report generator. There is no 
CSRF protec ...)
        NOT-FOR-US: PwnDoc
 CVE-2025-22620 (gitoxide is an implementation of git written in Rust. Prior to 
0.17.0, ...)
-       - rust-gix-worktree-state <unfixed>
+       - rust-gix-worktree-state <unfixed> (bug #1093883)
        NOTE: 
https://github.com/GitoxideLabs/gitoxide/security/advisories/GHSA-fqmf-w4xh-33rh
        NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0001.html
 CVE-2025-22131 (PhpSpreadsheet is a PHP library for reading and writing 
spreadsheet fi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36f53ae67e7287bc7913980a3f64b5268315bee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36f53ae67e7287bc7913980a3f64b5268315bee
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to