[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0ccd7430 by Salvatore Bonaccorso at 2025-03-04T21:28:46+01:00
Process some NFUs

- - - - -
ac3d328c by Salvatore Bonaccorso at 2025-03-04T21:30:43+01:00
Add CVE-2025-27111/ruby-rack

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-27507 (The open-source identity infrastructure software Zitadel 
allows admini ...)
-       TODO: check
+       NOT-FOR-US: Zitadel
 CVE-2025-27426 (Malicious websites utilizing a server-side redirect to an 
internal err ...)
        TODO: check
 CVE-2025-27425 (Scanning certain QR codes that included text with a website 
URL could  ...)
@@ -17,7 +17,11 @@ CVE-2025-27155 (Pinecone is an experimental overlay routing 
protocol suite which
 CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of 
software devel ...)
        NOT-FOR-US: Tuleap
 CVE-2025-27111 (Rack is a modular Ruby web server interface. The 
Rack::Sendfile middle ...)
-       TODO: check
+       - ruby-rack <unfixed>
+       NOTE: 
https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 
(v2.2.12)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 
(v3.0.13)
+       NOTE: Fixed by: 
https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b 
(v3.1.11)
 CVE-2025-26849 (There is a Hard-coded Cryptographic Key in Docusnap 
13.0.1440.24261, a ...)
        TODO: check
 CVE-2025-26320 (t0mer BroadlinkManager v5.9.1 was discovered to contain an OS 
command  ...)
@@ -152,7 +156,7 @@ CVE-2025-1930 (On Windows, a compromised content process 
could use bad StreamDat
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1930
        NOTE: 
https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1930
 CVE-2025-27521 (Vulnerability of improper access permission in the process 
management  ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods 
(URI.jo ...)
        - ruby3.3 <unfixed>
        - ruby3.1 <unfixed>



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/823750dbc9ac62e792d91d30ae6046b2e1620dc5...ac3d328ca404b8501fbc040e75b7ce6f3f5ba57c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/823750dbc9ac62e792d91d30ae6046b2e1620dc5...ac3d328ca404b8501fbc040e75b7ce6f3f5ba57c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits