[Git][security-tracker-team/security-tracker][master] bookworm triage

Sat, 22 Mar 2025 09:36:40 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a89f079c by Moritz Muehlenhoff at 2025-03-22T17:20:38+01:00
bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -348,6 +348,7 @@ CVE-2024-9900 (mudler/localai version v2.21.1 contains a 
Cross-Site Scripting (X
        NOT-FOR-US: LocalAI
 CVE-2024-9880 (A command injection vulnerability exists in the 
`pandas.DataFrame.quer ...)
        - pandas <unfixed>
+       [bookworm] - pandas <no-dsa> (Minor issue)
        NOTE: https://huntr.com/bounties/a49baae1-4652-4d6c-a179-313c21c41a8d
 CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site 
Request Forge ...)
        - flatpress <itp> (bug #466297)
@@ -1044,6 +1045,7 @@ CVE-2024-12016 (Improper Neutralization of Special 
Elements used in an SQL Comma
        NOT-FOR-US: CM Informatics CM News
 CVE-2025-30258 (In GnuPG before 2.5.5, if a user chooses to import a 
certificate with  ...)
        - gnupg2 2.2.46-5 (bug #1100990)
+       [bookworm] - gnupg2 <no-dsa> (Minor issue)
        NOTE: 
https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html
        NOTE: https://dev.gnupg.org/T7527
        NOTE: https://gitlab.com/freepg/gnupg/-/merge_requests/18
@@ -4248,6 +4250,7 @@ CVE-2025-27622 (Jenkins 2.499 and earlier, LTS 2.492.1 
and earlier does not reda
        NOT-FOR-US: Jenkins (core or plugin)
 CVE-2025-27516 (Jinja is an extensible templating engine. Prior to 3.1.6, an 
oversight ...)
        - jinja2 <unfixed> (bug #1099690)
+       [bookworm] - jinja2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
        NOTE: Fixed by: 
https://github.com/pallets/jinja/commit/065334d1ee5b7210e1a0a93c37238c86858f2af7
 (3.1.6)
 CVE-2025-27508 (Emissary is a P2P based data-driven workflow engine. The 
ChecksumCalcu ...)
@@ -24873,9 +24876,11 @@ CVE-2025-21615 (AAT (Another Activity Tracker) is a 
GPS-tracking application for
        NOT-FOR-US: AAT (Another Activity Tracker)
 CVE-2025-21614 (go-git is a highly extensible git implementation library 
written in pu ...)
        - golang-github-go-git-go-git 5.13.2-1 (bug #1092679)
+       [bookworm] - golang-github-go-git-go-git <no-dsa> (Minor issue)
        NOTE: 
https://github.com/go-git/go-git/security/advisories/GHSA-r9px-m959-cxf4
 CVE-2025-21613 (go-git is a highly extensible git implementation library 
written in pu ...)
        - golang-github-go-git-go-git 5.13.2-1 (bug #1092678)
+       [bookworm] - golang-github-go-git-go-git <no-dsa> (Minor issue)
        NOTE: 
https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
 CVE-2025-21612 (TabberNeue is a MediaWiki extension that allows the wiki to 
create tab ...)
        NOT-FOR-US: MediaWiki extension TabberNeue



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89f079c63c45d4c687a16c821d2675495d34641

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a89f079c63c45d4c687a16c821d2675495d34641
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to