Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38391a1f by Moritz Muehlenhoff at 2025-03-28T15:46:35+01:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,7 +71,7 @@ CVE-2025-22739 (Missing Authorization vulnerability in
ThimPress LearnPress allo
CVE-2025-22398 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper
Neutraliz ...)
NOT-FOR-US: Dell / EMC
CVE-2025-1860 (Data::Entropy for Perl 0.007 and earlier use the rand()
function as th ...)
- - libdata-entropy-perl <unfixed>
+ - libdata-entropy-perl <unfixed> (bug #1101503)
CVE-2025-1762 (The Event Tickets with Ticket Scanner WordPress plugin before
2.5.4 do ...)
NOT-FOR-US: WordPress plugin
CVE-2024-49601 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper
Neutraliz ...)
@@ -83,7 +83,7 @@ CVE-2024-49564 (Dell Unity, version(s) 5.4 and prior,
contain(s) an Improper Neu
CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior, contain(s) an Improper
Neutraliz ...)
NOT-FOR-US: Dell / EMC
CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is
vulnerable to ...)
- - libstring-compare-constanttime-perl <unfixed>
+ - libstring-compare-constanttime-perl <unfixed> (bug #1101502)
NOTE:
https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
CVE-2024-56325
NOT-FOR-US: Apache Pinot
@@ -369,7 +369,7 @@ CVE-2025-30358 (Mesop is a Python-based UI framework that
allows users to build
CVE-2025-30221 (Pitchfork is a preforking HTTP server for Rack applications.
Versions ...)
NOT-FOR-US: Pitchfork
CVE-2025-30093 (HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22,
24.0.x before ...)
- - condor <unfixed>
+ - condor <unfixed> (bug #1101498)
NOTE:
https://htcondor.org/security/vulnerabilities/HTCONDOR-2025-0001.html
CVE-2025-2867 (An issue has been discovered in the GitLab Duo with Amazon Q
affecting ...)
NOT-FOR-US: GitLab Duo with Amazon Q
@@ -384,7 +384,7 @@ CVE-2025-2854 (A vulnerability classified as critical was
found in code-projects
CVE-2025-2852 (A vulnerability has been found in SourceCodester Food Ordering
Managem ...)
NOT-FOR-US: SourceCodester
CVE-2025-2849 (A vulnerability, which was classified as problematic, was found
in UPX ...)
- - upx-ucl <unfixed>
+ - upx-ucl <unfixed> (bug #1101500)
NOTE: https://github.com/upx/upx/issues/898
NOTE:
https://github.com/upx/upx/commit/e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2
CVE-2025-2847 (A vulnerability, which was classified as critical, has been
found in C ...)
@@ -544,7 +544,7 @@ CVE-2024-55072 (A Broken Object Level Authorization
vulnerability in the compone
CVE-2024-55070 (A Broken Object Level Authorization vulnerability in the
component /ho ...)
NOT-FOR-US: hay-kot mealie
CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link
Following") and ...)
- - node-tar-fs <unfixed>
+ - node-tar-fs <unfixed> (bug #1101501)
NOTE:
https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed
(v3.0.7)
CVE-2023-38272 (IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4,
2.3.3.5 ...)
NOT-FOR-US: IBM
@@ -1606,15 +1606,15 @@ CVE-2024-11499 (A vulnerability exists in RTU500 IEC
60870-4-104 controlled stat
CVE-2024-10037 (A vulnerability exists in the RTU500 web server component that
can cau ...)
NOT-FOR-US: Hitachi Energy
CVE-2025-2752 (A vulnerability was found in Open Asset Import Library Assimp
5.4.3 an ...)
- - assimp <unfixed>
+ - assimp <unfixed> (bug #1101494)
[bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6013
CVE-2025-2751 (A vulnerability has been found in Open Asset Import Library
Assimp 5.4 ...)
- - assimp <unfixed>
+ - assimp <unfixed> (bug #1101495)
[bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6012
CVE-2025-2750 (A vulnerability, which was classified as critical, was found in
Open A ...)
- - assimp <unfixed>
+ - assimp <unfixed> (bug #1101496)
[bookworm] - assimp <no-dsa> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6011
CVE-2025-2744 (A vulnerability, which was classified as critical, was found in
zhijia ...)
@@ -1704,11 +1704,11 @@ CVE-2025-29135 (A stack-based buffer overflow
vulnerability in Tenda AC7 V15.03.
CVE-2025-29100 (Tenda AC8 V16.03.34.06 is vulnerable to Buffer Overflow in the
fromSet ...)
NOT-FOR-US: Tenda
CVE-2025-27810 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of
failed ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1101499)
[bookworm] - mbedtls <no-dsa> (Minor issue)
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
CVE-2025-27809 (Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client
side, acce ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #1101499)
NOTE: https://github.com/Mbed-TLS/mbedtls/issues/466
NOTE:
https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
CVE-2025-26512 (SnapCenter versions prior to 6.0.1P1 and 6.1P1 are
susceptible to a v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38391a1fff617eb0c9adc8324ad2fd2981235dac
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38391a1fff617eb0c9adc8324ad2fd2981235dac
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
