Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8a41e4db by Moritz Muehlenhoff at 2025-04-03T14:10:43+02:00
bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,6 +41,7 @@ CVE-2025-3137 (A vulnerability, which was classified as
critical, was found in P
NOT-FOR-US: PHPGurukul
CVE-2025-3136 (A vulnerability, which was classified as problematic, has been
found i ...)
- pytorch <unfixed>
+ [bookworm] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/issues/149821
CVE-2025-3135 (A vulnerability classified as critical was found in fcba_zzm
ics-park ...)
NOT-FOR-US: Smart Park Management System
@@ -53,10 +54,12 @@ CVE-2025-3129 (Improper Restriction of Excessive
Authentication Attempts vulnera
CVE-2025-3123 (A vulnerability, which was classified as critical, has been
found in W ...)
NOT-FOR-US: WonderCMS
CVE-2025-3122 (A vulnerability classified as problematic was found in
WebAssembly wab ...)
- - wabt <unfixed>
+ - wabt <unfixed> (unimportant)
+ NOTE: Crash in CLI tool, no security impact
NOTE: https://github.com/WebAssembly/wabt/issues/2565
CVE-2025-3121 (A vulnerability classified as problematic has been found in
PyTorch 2. ...)
- pytorch <unfixed>
+ [bookworm] - pytorch <no-dsa> (Minor issue)
NOTE: https://github.com/pytorch/pytorch/issues/149800
CVE-2025-3120 (A vulnerability was found in SourceCodester Apartment Visitors
Managem ...)
NOT-FOR-US: SourceCodester
@@ -2577,6 +2580,7 @@ CVE-2025-2815 (The Administrator Z plugin for WordPress
is vulnerable to unautho
NOT-FOR-US: WordPress plugin
CVE-2025-2713 (Google gVisor's runsc component exhibited a local privilege
escalation ...)
- golang-gvisor-gvisor 0.0~20240729.0-1
+ [bookworm] - golang-gvisor-gvisor <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e
(release-20240325.0)
CVE-2025-29928 (authentik is an open-source identity provider. Prior to
versions 2024. ...)
NOT-FOR-US: authentik
=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,7 @@ frr
gh
Santiago Vila might work on preparing an update
--
-jetty9
+jetty9 (apo)
--
jpeg-xl
--
@@ -63,6 +63,8 @@ tcpdf
--
thunderbird (jmm)
--
+tomcat10 (apo)
+--
trafficserver (jmm)
--
wordpress
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a41e4dbb6356a61514a2be3165bde6ac5272ec7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a41e4dbb6356a61514a2be3165bde6ac5272ec7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
