[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 20 Apr 2025 12:29:45 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
d9a31d94 by security tracker role at 2025-04-20T19:29:24+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,21 @@
+CVE-2025-43954 (QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS 
via header ...)
+       TODO: check
+CVE-2025-3830 (A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It 
has bee ...)
+       TODO: check
+CVE-2025-3829 (A vulnerability was found in PHPGurukul Men Salon Management 
System 1. ...)
+       TODO: check
+CVE-2025-3828 (A vulnerability was found in PHPGurukul Men Salon Management 
System 1. ...)
+       TODO: check
+CVE-2025-3827 (A vulnerability has been found in PHPGurukul Men Salon 
Management Syst ...)
+       TODO: check
+CVE-2025-3826 (A vulnerability, which was classified as problematic, was found 
in Sou ...)
+       TODO: check
+CVE-2025-3825 (A vulnerability, which was classified as problematic, has been 
found i ...)
+       TODO: check
+CVE-2025-3824 (A vulnerability classified as problematic was found in 
SourceCodester  ...)
+       TODO: check
+CVE-2025-3823 (A vulnerability classified as problematic has been found in 
SourceCode ...)
+       TODO: check
 CVE-2025-43929 (open_actions.py in kitty before 0.41.0 does not ask for user 
confirmat ...)
        - kitty <unfixed> (bug #1103691)
        NOTE: 
https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35
 (v0.41.0)
@@ -1065,6 +1083,7 @@ CVE-2024-13925 (The Klarna Checkout for WooCommerce 
WordPress plugin before 2.13
 CVE-2024-11924 (The Icegram Express formerly known as Email Subscribers  
WordPress plu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-32433 (Erlang/OTP is a set of libraries for the Erlang programming 
language.  ...)
+       {DSA-5906-1}
        - erlang 1:27.3.3+dfsg-1 (bug #1103442)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
        NOTE: 
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 
(OTP-25.3.2.20)
@@ -8509,6 +8528,7 @@ CVE-2025-30372 (Emlog is an open source website building 
system. Emlog Pro versi
 CVE-2025-30371 (Metabase is a business intelligence and embedded analytics 
tool. Versi ...)
        NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming 
language.  ...)
+       {DSA-5906-1}
        - erlang 1:27.3.1+dfsg-1 (bug #1101713)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
        NOTE: 
https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c 
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -22048,6 +22068,7 @@ CVE-2025-27091 (OpenH264 is a free license codec 
library which supports H.264 en
        NOTE: 
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
        NOTE: Fixed by: 
https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449
 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for 
building massi ...)
+       {DSA-5906-1}
        - erlang 1:27.2.4+dfsg-1
        [bullseye] - erlang <postponed> (Minor issue)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
@@ -140458,7 +140479,7 @@ CVE-2023-32725 (The website configured in the URL 
widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API 
server in Bo ...)
        NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, 
found in O ...)
-       {DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 DSA-5588-1 
DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 DLA-3718-1 
DLA-3694-1}
+       {DSA-5906-1 DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 
DSA-5588-1 DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 
DLA-3718-1 DLA-3694-1}
        - dropbear 2022.83-4 (bug #1059001)
        [bookworm] - dropbear 2022.83-1+deb12u1
        [bullseye] - dropbear 2020.81-3+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31d94d034308199e201132adf4014ba74ef27

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9a31d94d034308199e201132adf4014ba74ef27
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to