Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79db0cf4 by security tracker role at 2025-02-09T20:11:56+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,13 @@
-CVE-2025-21685 [platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix
serdev race]
+CVE-2025-21685 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.12.11-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/59616a91e5e74833b2008b56c66879857c616006 (6.13)
-CVE-2025-21684 [gpio: xilinx: Convert gpio_lock to raw spinlock]
+CVE-2025-21684 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.12.11-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9860370c2172704b6b4f0075a0c2a29fd84af96a (6.13)
-CVE-2024-57949 [irqchip/gic-v3-its: Don't enable interrupts in
its_irq_set_vcpu_affinity()]
+CVE-2024-57949 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.12.11-1
[bookworm] - linux 6.1.128-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -909,7 +909,7 @@ CVE-2023-39943 (In Ashlar-Vellum Cobalt versions prior to
v12 SP2 Build (1204.20
CVE-2024-27137 (In Apache Cassandra it is possible for a local attacker
without access ...)
- cassandra <itp> (bug #585905)
CVE-2025-0510 (Thunderbird displayed an incorrect sender address if the From
field of ...)
- {DSA-5861-1}
+ {DSA-5861-1 DLA-4045-1}
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-0510
CVE-2025-1020 (Memory safety bugs present in Firefox 134 and Thunderbird 134.
Some of ...)
@@ -932,7 +932,7 @@ CVE-2025-1016 (Memory safety bugs present in Firefox 134,
Thunderbird 134, Firef
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/#CVE-2025-1016
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1016
CVE-2025-1015 (The Thunderbird Address Book URI fields contained unsanitized
links. T ...)
- {DSA-5861-1}
+ {DSA-5861-1 DLA-4045-1}
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/#CVE-2025-1015
CVE-2025-1014 (Certificate length was not properly checked when added to a
certificat ...)
@@ -2705,6 +2705,7 @@ CVE-2024-54549 (This issue was addressed with improved
redaction of sensitive in
CVE-2024-54547 (The issue was addressed with improved checks. This issue is
fixed in m ...)
NOT-FOR-US: Apple
CVE-2024-54543 (The issue was addressed with improved memory handling. This
issue is f ...)
+ {DSA-5835-1}
- webkit2gtk 2.46.5-1
- wpewebkit 2.46.5-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -5911,6 +5912,7 @@ CVE-2024-55511 (A null pointer dereference vulnerability
in Macrium Reflect prio
CVE-2024-54660 (A JNDI injection issue was discovered in Cloudera JDBC
Connector for H ...)
NOT-FOR-US: Cloudera JDBC Connector for Haadoop
CVE-2024-54658 [Processing web content may lead to a denial-of-service]
+ {DSA-5684-1}
- webkit2gtk 2.44.0-1
- wpewebkit 2.44.1-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -6702,6 +6704,7 @@ CVE-2024-36476 (In the Linux kernel, the following
vulnerability has been resolv
CVE-2024-35280 (A improper neutralization of input during web page generation
('cross- ...)
NOT-FOR-US: FortiGuard
CVE-2024-27856 (The issue was addressed with improved checks. This issue is
fixed in m ...)
+ {DSA-5792-1}
- webkit2gtk 2.46.0-1
- wpewebkit 2.46.0-1
[bookworm] - wpewebkit <ignored> (wpewebkit not covered by security
support in Bookworm)
@@ -83619,6 +83622,7 @@ CVE-2023-47843 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
CVE-2023-41864 (Cross-Site Request Forgery (CSRF) vulnerability in Pepro Dev.
Group Pe ...)
NOT-FOR-US: WordPress plugin
CVE-2023-3758 (A race condition flaw was found in sssd where the GPO policy is
not co ...)
+ {DLA-4047-1}
- sssd 2.9.5-1 (bug #1070369)
[bookworm] - sssd <no-dsa> (Minor issue)
[buster] - sssd <postponed> (Minor issue)
@@ -289374,7 +289378,7 @@ CVE-2021-3622 (A flaw was found in the hivex library.
This flaw allows an attack
CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in
the name f ...)
NOT-FOR-US: PandoraFMS
CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was
vulnerable to s ...)
- {DLA-3436-1 DLA-2758-1}
+ {DLA-4047-1 DLA-3436-1 DLA-2758-1}
- sssd 2.5.2-1 (bug #992710)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142
NOTE:
https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe
(sssd-2-7)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79db0cf4973d46520f74d7d5f836b2b3e2c0b0e9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79db0cf4973d46520f74d7d5f836b2b3e2c0b0e9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
