[Git][security-tracker-team/security-tracker][master] 2 commits: dla: add libapache2-mod-auth-openidc

Fri, 11 Apr 2025 03:09:42 -0700 


Sylvain Beucler pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
38275089 by Sylvain Beucler at 2025-04-11T11:49:20+02:00
dla: add libapache2-mod-auth-openidc

- - - - -
2d65b3bc by Sylvain Beucler at 2025-04-11T12:09:02+02:00
CVE-2025-32414/libxml2: bullseye postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1342,6 +1342,7 @@ CVE-2025-3361 (The web service of iSherlock from HGiga 
has an OS Command Injecti
        NOT-FOR-US: HGiga
 CVE-2025-32414 (In libxml2 before 2.13.8 and 2.14.x before 2.14.2, 
out-of-bounds memor ...)
        - libxml2 <unfixed> (bug #1102521)
+       [bullseye] - libxml2 <postponed> (Minor issue, OOB read)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/889
 CVE-2025-32413 (Vulnerability-Lookup before 2.7.1 allows stored XSS via a user 
bio in  ...)
        NOT-FOR-US: Vulnerability-Lookup


=====================================
data/dla-needed.txt
=====================================
@@ -133,6 +133,10 @@ jinja2 (kanashiro)
 knot-resolver
   NOTE: 20240924: Added by Front-Desk (lamby)
 --
+libapache2-mod-auth-openidc
+  NOTE: 20250411: Added by Front-Desk (Beuc)
+  NOTE: 20250411: Code was refactored but still looks vulnerable, check the 
simple PoC (Beuc/front-desk)
+--
 libbson-xs-perl (roberto)
   NOTE: 20250331: Added by Front-Desk (Beuc)
   NOTE: 20250331: Cf. mongo-c-driver (provides libbson which libbson-xs-perl 
embeds) (Beuc/front-desk)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e805bd1392589bc07152630c05ec08d8ef84b43...2d65b3bcfeb1ba8d0161dd16caf3837ff474c114

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0e805bd1392589bc07152630c05ec08d8ef84b43...2d65b3bcfeb1ba8d0161dd16caf3837ff474c114
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to