Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7dc02d89 by Moritz Muehlenhoff at 2025-04-01T14:38:31+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -549,6 +549,7 @@ CVE-2025-3051 (Linux::Statm::Tiny for Perl before 0.0701
allows untrusted code f
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28383471/
CVE-2025-30673 (Sub::HandlesVia for Perl before 0.050002 allows untrusted code
from th ...)
- libsub-handlesvia-perl 0.050002-1
+ [bookworm] - libsub-handlesvia-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28383041/
NOTE: Fixed by:
https://github.com/tobyink/p5-sub-handlesvia/commit/9bc3cfb22ade4b407413ae1c746bb331fff52954
(0.050002)
CVE-2025-30672 (Mite for Perl before 0.013000 generates code with the current
working ...)
@@ -1193,6 +1194,7 @@ CVE-2025-30371 (Metabase is a business intelligence and
embedded analytics tool.
NOT-FOR-US: Metabase
CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming
language. ...)
- erlang 1:27.3.1+dfsg-1 (bug #1101713)
+ [bookworm] - erlang <no-dsa> (Minor issue)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
NOTE:
https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
NOTE:
https://github.com/erlang/otp/commit/655e20a49ef80431e86ffb6c7f366d01fd4b64c3
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -1425,6 +1427,7 @@ CVE-2024-49563 (Dell Unity, version(s) 5.4 and prior,
contain(s) an Improper Neu
NOT-FOR-US: Dell / EMC
CVE-2024-13939 (String::Compare::ConstantTime for Perl through 0.321 is
vulnerable to ...)
- libstring-compare-constanttime-perl <unfixed> (bug #1101502)
+ [bookworm] - libstring-compare-constanttime-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28284732/
NOTE:
https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL
CVE-2024-56325
@@ -1887,6 +1890,7 @@ CVE-2024-55070 (A Broken Object Level Authorization
vulnerability in the compone
NOT-FOR-US: hay-kot mealie
CVE-2024-12905 (An Improper Link Resolution Before File Access ("Link
Following") and ...)
- node-tar-fs 3.0.8+~cs2.0.4-1 (bug #1101501)
+ [bookworm] - node-tar-fs <no-dsa> (Minor issue)
NOTE: https://github.com/advisories/GHSA-pq67-2wwv-3xjx
NOTE:
https://github.com/mafintosh/tar-fs/commit/fd1634e869e7c5f85948e95eabdaa8451a085de5
(v2.1.2)
NOTE:
https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed
(v3.0.7)
@@ -5228,7 +5232,9 @@ CVE-2024-48013 (Dell SmartFabric OS10 Software,
version(s) 10.5.4.x, 10.5.5.x, 1
NOT-FOR-US: Dell / EMC
CVE-2024-44866 (A buffer overflow in the GuitarPro1::read function of
MuseScore Studio ...)
- musescore3 <unfixed>
+ [bookworm] - musescore3 <ignored> (Minor issue)
- musescore2 <unfixed>
+ [bookworm] - musescore2 <ignored> (Minor issue)
- musescore <removed>
NOTE: https://github.com/moonadon9/CVE_2024
NOTE: Fixed by:
https://github.com/musescore/MuseScore/commit/0630461b734201db24139b0dc1657371fce41fb9
(v4.4.0)
=====================================
data/dsa-needed.txt
=====================================
@@ -11,6 +11,8 @@ To pick an issue, simply add your uid behind it.
If needed, specify the release by adding a slash after the name of the source
package.
+--
+atop
--
frr
coordination with the maintainer ongoing, Daniel Baumann proposing an update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dc02d89d885c30afacc183cc4389cf024352aa1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7dc02d89d885c30afacc183cc4389cf024352aa1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
