[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Mon, 21 Apr 2025 00:05:40 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ce1e5437 by security tracker role at 2025-04-21T07:04:55+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2025-43973 (An issue was discovered in GoBGP before 3.35.0. 
pkg/packet/rtr/rtr.go  ...)
+       TODO: check
+CVE-2025-43972 (An issue was discovered in GoBGP before 3.35.0. An attacker 
can cause  ...)
+       TODO: check
+CVE-2025-43971 (An issue was discovered in GoBGP before 3.35.0. 
pkg/packet/bgp/bgp.go  ...)
+       TODO: check
+CVE-2025-43970 (An issue was discovered in GoBGP before 3.35.0. 
pkg/packet/mrt/mrt.go  ...)
+       TODO: check
+CVE-2025-43967 (libheif before 1.19.6 has a NULL pointer dereference in 
ImageItem_Grid ...)
+       TODO: check
+CVE-2025-43966 (libheif before 1.19.6 has a NULL pointer dereference in 
ImageItem_iden ...)
+       TODO: check
+CVE-2025-43964 (In LibRaw before 0.21.4, tag 0x412 processing in 
phase_one_correct in  ...)
+       TODO: check
+CVE-2025-43963 (In LibRaw before 0.21.4, phase_one_correct in 
decoders/load_mfbacks.cp ...)
+       TODO: check
+CVE-2025-43962 (In LibRaw before 0.21.4, phase_one_correct in 
decoders/load_mfbacks.cp ...)
+       TODO: check
+CVE-2025-43961 (In LibRaw before 0.21.4, metadata/tiff.cpp has an 
out-of-bounds read i ...)
+       TODO: check
+CVE-2025-0632 (Local File Inclusion (LFI) vulnerability in a Render function 
of Formu ...)
+       TODO: check
+CVE-2020-36845 (The KnowBe4 Security Awareness Training application before 
2020-01-10  ...)
+       TODO: check
+CVE-2020-36844 (The KnowBe4 Security Awareness Training application before 
2020-01-10  ...)
+       TODO: check
 CVE-2025-43955 (TwsCachedXPathAPI in Convertigo through 8.3.4 does not 
restrict the us ...)
        NOT-FOR-US: Convertigo
 CVE-2025-43954 (QMarkdown (aka quasar-ui-qmarkdown) before 2.0.5 allows XSS 
via header ...)
@@ -1085,7 +1111,7 @@ CVE-2024-13925 (The Klarna Checkout for WooCommerce 
WordPress plugin before 2.13
 CVE-2024-11924 (The Icegram Express formerly known as Email Subscribers  
WordPress plu ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-32433 (Erlang/OTP is a set of libraries for the Erlang programming 
language.  ...)
-       {DSA-5906-1}
+       {DSA-5906-1 DLA-4132-1}
        - erlang 1:27.3.3+dfsg-1 (bug #1103442)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
        NOTE: 
https://github.com/erlang/otp/commit/0fcd9c56524b28615e8ece65fc0c3f66ef6e4c12 
(OTP-25.3.2.20)
@@ -8535,7 +8561,7 @@ CVE-2025-30372 (Emlog is an open source website building 
system. Emlog Pro versi
 CVE-2025-30371 (Metabase is a business intelligence and embedded analytics 
tool. Versi ...)
        NOT-FOR-US: Metabase
 CVE-2025-30211 (Erlang/OTP is a set of libraries for the Erlang programming 
language.  ...)
-       {DSA-5906-1}
+       {DSA-5906-1 DLA-4132-1}
        - erlang 1:27.3.1+dfsg-1 (bug #1101713)
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-vvr3-fjhh-cfwc
        NOTE: 
https://github.com/erlang/otp/commit/df3aad2c5570847895562ff96a725190571f028c 
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
@@ -22075,7 +22101,7 @@ CVE-2025-27091 (OpenH264 is a free license codec 
library which supports H.264 en
        NOTE: 
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
        NOTE: Fixed by: 
https://github.com/cisco/openh264/commit/63db555e30986e3a5f07871368dc90ae78c27449
 (v2.6.0)
 CVE-2025-26618 (Erlang is a programming language and runtime system for 
building massi ...)
-       {DSA-5906-1}
+       {DSA-5906-1 DLA-4132-1}
        - erlang 1:27.2.4+dfsg-1
        NOTE: 
https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr
        NOTE: 
https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872 
(OTP-25.3.2.18, OTP-26.2.5.9, OTP-27.2.4)
@@ -140490,7 +140516,7 @@ CVE-2023-32725 (The website configured in the URL 
widget will receive a session
 CVE-2023-32230 (An improper handling of a malformed API request to an API 
server in Bo ...)
        NOT-FOR-US: Bosch
 CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, 
found in O ...)
-       {DSA-5906-1 DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 
DSA-5588-1 DSA-5586-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 DLA-3719-1 
DLA-3718-1 DLA-3694-1}
+       {DSA-5906-1 DSA-5750-1 DSA-5601-1 DSA-5600-1 DSA-5599-1 DSA-5591-1 
DSA-5588-1 DSA-5586-1 DLA-4132-1 DLA-3975-1 DLA-3899-1 DLA-3794-1 DLA-3730-1 
DLA-3719-1 DLA-3718-1 DLA-3694-1}
        - dropbear 2022.83-4 (bug #1059001)
        [bookworm] - dropbear 2022.83-1+deb12u1
        [bullseye] - dropbear 2020.81-3+deb11u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1e54376c9303a1308356e98e38aaef2cd2c492

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce1e54376c9303a1308356e98e38aaef2cd2c492
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to