[Git][security-tracker-team/security-tracker][master] 3 commits: mark CVE of gpac as EOL

Sun, 02 Mar 2025 05:19:06 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9d2e0b22 by Thorsten Alteholz at 2025-03-02T13:52:57+01:00
mark CVE of gpac as EOL

- - - - -
f1199342 by Thorsten Alteholz at 2025-03-02T13:54:52+01:00
mark CVE-2022-37660 as postponed for Bullseye

- - - - -
91a5cbe7 by Thorsten Alteholz at 2025-03-02T13:58:36+01:00
mark CVE-2025-25184 as postponed for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,6 +60,7 @@ CVE-2025-27410 (PwnDoc is a penetration test reporting 
application. Prior to ver
        NOT-FOR-US: PwnDoc
 CVE-2025-25723 (Buffer Overflow vulnerability in GPAC version 2.5 allows a 
local attac ...)
        - gpac <removed>
+       [bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
        NOTE: https://github.com/gpac/gpac/issues/3089
 CVE-2025-25478 (The account file upload functionality in Syspass 3.2.x fails 
to proper ...)
        NOT-FOR-US: Syspass
@@ -7122,6 +7123,7 @@ CVE-2025-25198 (mailcow: dockerized is an open source 
groupware/email suite base
        NOT-FOR-US: mailcow
 CVE-2025-25184 (Rack provides an interface for developing web applications in 
Ruby. Pr ...)
        - ruby-rack <unfixed> (bug #1098257)
+       [bullseye] - ruby-rack <postponed> (Minor issue)
        NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-7g2v-jj9q-g3rg
        NOTE: 
https://github.com/rack/rack/commit/074ae244430cda05c27ca91cda699709cfb3ad8e
 CVE-2025-25182 (Stroom is a data processing, storage and analysis platform. A 
vulnerab ...)
@@ -218857,6 +218859,7 @@ CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 
2.6.13 routers are vulnerable t
 CVE-2022-37660 (In hostapd 2.10 and earlier, the PKEX code remains active even 
after a ...)
        - wpa <unfixed>
        [bookworm] - wpa <no-dsa> (Minor issue)
+       [bullseye] - wpa <postponed> (Minor issue)
        NOTE: https://link.springer.com/article/10.1007/s10207-025-00988-3
        NOTE: Fixed by: 
https://w1.fi/cgit/hostap/commit/?id=15af83cf1846870873a011ed4d714732f01cd2e4 
(hostap_2_11)
 CVE-2022-37659



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/596aae949684bc829a62ffcac5df1482c2a113d5...91a5cbe72f5f38d206c45b957c9417c5e9370265

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/596aae949684bc829a62ffcac5df1482c2a113d5...91a5cbe72f5f38d206c45b957c9417c5e9370265
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to