[Git][security-tracker-team/security-tracker][master] bookworm triage

Mon, 27 Jan 2025 11:53:44 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a7c88c7b by Moritz Muehlenhoff at 2025-01-27T20:53:08+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -441,6 +441,7 @@ CVE-2025-24362 (In some circumstances, debug artifacts 
uploaded by the CodeQL Ac
        NOT-FOR-US: CodeQL
 CVE-2025-24359 (ASTEVAL is an evaluator of Python expressions and statements. 
Prior to ...)
        - python-asteval <unfixed>
+       [bookworm] - python-asteval <no-dsa> (Minor issue)
        NOTE: 
https://github.com/lmfit/asteval/security/advisories/GHSA-3wwr-3g9f-9gc7
 CVE-2025-24355 (Updatecli is a tool used to apply file update strategies. 
Prior to ver ...)
        NOT-FOR-US: Updatecli
@@ -6734,6 +6735,7 @@ CVE-2025-0294 (A vulnerability has been found in 
SourceCodester Home Clean Servi
        NOT-FOR-US: SourceCodester Home Clean Services Management System
 CVE-2025-0218 (When batch jobs are executed by pgAgent, a script is created in 
a temp ...)
        - pgagent 4.2.3-1 (bug #1092677)
+       [bookworm] - pgagent <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/pgadmin-org/pgagent/commit/1ecd193a2be3a3dc9e98f369495e1a792e6d508c
 (master)
        NOTE: Fixed by: 
https://github.com/pgadmin-org/pgagent/commit/5b10c3d435d3f92ccc2f05b69ff10516ef3154e0
 (pgagent-4.2.3)
 CVE-2024-8361 (In SiWx91x devices, the SHA2/224 algorithm returns a hash of 
256 bits  ...)
@@ -62746,12 +62748,10 @@ CVE-2024-5225 (An SQL Injection vulnerability exists 
in the berriai/litellm repo
 CVE-2024-5221 (The Qi Blocks plugin for WordPress is vulnerable to Stored 
Cross-Site  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-5206 (A sensitive data leakage vulnerability was identified in 
scikit-learn' ...)
-       - scikit-learn <unfixed> (bug #1074234)
-       [bookworm] - scikit-learn <no-dsa> (Minor issue)
-       [bullseye] - scikit-learn <no-dsa> (Minor issue)
-       [buster] - scikit-learn <postponed> (Minor issue)
+       - scikit-learn <unfixed> (bug #1074234; unimportant)
        NOTE: https://huntr.com/bounties/14bc0917-a85b-4106-a170-d09d5191517c
        NOTE: 
https://github.com/scikit-learn/scikit-learn/commit/70ca21f106b603b611da73012c9ade7cd8e438b8
 (1.5.0rc1)
+       NOTE: Works as documented, negiglible security impact
 CVE-2024-5188 (The Essential Addons for Elementor \u2013 Best Elementor 
Templates, Wi ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-5187 (A vulnerability in the `download_model_with_test_data` function 
of the ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c88c7b0ff28a3ab9fa2d08b6d8c1b5d0b554c5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7c88c7b0ff28a3ab9fa2d08b6d8c1b5d0b554c5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to