Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e579375 by Moritz Muehlenhoff at 2025-04-22T12:28:44+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8731,19 +8731,23 @@ CVE-2025-30211 (Erlang/OTP is a set of libraries for
the Erlang programming lang
NOTE:
https://github.com/erlang/otp/commit/5ee26eb412a76ba1c6afdf4524b62939a48d1bce
(OTP-25.3.2.19, OTP-26.2.5.10, OTP-27.3.1)
CVE-2025-2926 (A vulnerability was found in HDF5 up to 1.14.6 and classified
as probl ...)
- hdf5 <unfixed> (bug #1103531)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5384
CVE-2025-2925 (A vulnerability has been found in HDF5 up to 1.14.6 and
classified as ...)
- hdf5 <unfixed> (bug #1103532)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5383
CVE-2025-2924 (A vulnerability, which was classified as problematic, was found
in HDF ...)
- hdf5 <unfixed> (bug #1103533)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5382
CVE-2025-2923 (A vulnerability, which was classified as problematic, has been
found i ...)
- hdf5 <unfixed> (bug #1103534)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5381
CVE-2025-2922 (A vulnerability classified as problematic was found in Netis
WF-2404 1 ...)
NOT-FOR-US: Netis
@@ -8759,19 +8763,23 @@ CVE-2025-2916 (A vulnerability, which was classified as
critical, has been found
NOT-FOR-US: Aishida Call Center System
CVE-2025-2915 (A vulnerability classified as problematic was found in HDF5 up
to 1.14 ...)
- hdf5 <unfixed> (bug #1103536)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5380
CVE-2025-2914 (A vulnerability classified as problematic has been found in
HDF5 up to ...)
- hdf5 <unfixed> (bug #1103537)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5379
CVE-2025-2913 (A vulnerability was found in HDF5 up to 1.14.6. It has been
rated as p ...)
- hdf5 <unfixed> (bug #1103538)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5376
CVE-2025-2912 (A vulnerability was found in HDF5 up to 1.14.6. It has been
declared a ...)
- hdf5 <unfixed> (bug #1103539)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5370
CVE-2025-2911 (Unauthorised access to the call forwarding service system in
MeetMe pr ...)
NOT-FOR-US: MeetMe
@@ -13035,15 +13043,18 @@ CVE-2025-2320 (A vulnerability has been found in
274056675 springboot-openai-cha
NOT-FOR-US: springboot-openai-chatgpt
CVE-2025-2310 (A vulnerability was found in HDF5 1.14.6 and classified as
critical. T ...)
- hdf5 <unfixed> (bug #1103540)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc4.md
CVE-2025-2309 (A vulnerability has been found in HDF5 1.14.6 and classified as
critic ...)
- hdf5 <unfixed> (bug #1103541)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc3.md
CVE-2025-2308 (A vulnerability, which was classified as critical, was found in
HDF5 1 ...)
- hdf5 <unfixed> (bug #1103542)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE:
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc2.md
CVE-2025-2295 (EDK2 contains a vulnerability in BIOS where a user may cause an
Intege ...)
- edk2 2025.02-4 (bug #1100594)
@@ -14547,7 +14558,8 @@ CVE-2025-1828 (Crypt::Random Perl package 1.05 through
1.55 may use rand() funct
NOTE: https://lists.security.metacpan.org/cve-announce/msg/27835115/
CVE-2025-2153 (A vulnerability, which was classified as critical, was found in
HDF5 1 ...)
- hdf5 <unfixed> (bug #1100440)
- [bookworm] - hdf5 <no-dsa> (Minor issue)
+ [trixie] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - hdf5 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/HDFGroup/hdf5/issues/5329
CVE-2025-2152 (A vulnerability, which was classified as critical, has been
found in O ...)
- assimp <unfixed> (bug #1100438)
@@ -37975,7 +37987,8 @@ CVE-2024-56709 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 (6.13-rc4)
CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time
algorit ...)
- grub2 <unfixed> (bug #1102217)
- [bookworm] - grub2 <no-dsa> (Minor issue)
+ [trixie] - grub2 <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - grub2 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://savannah.gnu.org/bugs/?66603
CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer
overflow in ...)
- grub2 2.12-6
@@ -60543,9 +60556,6 @@ CVE-2024-9925 (SQL injection vulnerability in TAI Smart
Factory's QPLANT SF vers
CVE-2024-9895 (The Smart Online Order for Clover plugin for WordPress is
vulnerable t ...)
NOT-FOR-US: WordPress plugin
CVE-2024-9676 (A vulnerability was found in Podman, Buildah, and CRI-O. A
symlink tra ...)
- - golang-github-containers-buildah <unfixed> (bug #1089116)
- [bookworm] - golang-github-containers-buildah <no-dsa> (Minor issue)
- [bullseye] - golang-github-containers-buildah <postponed> (Minor issue)
- golang-github-containers-storage 1.55.1+ds1-1
[bookworm] - golang-github-containers-storage <no-dsa> (Minor issue)
[bullseye] - golang-github-containers-storage <postponed> (Minor issue)
@@ -60553,6 +60563,7 @@ CVE-2024-9676 (A vulnerability was found in Podman,
Buildah, and CRI-O. A symlin
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2317467
NOTE: https://github.com/containers/buildah/pull/5786
NOTE: https://github.com/containers/storage/pull/2135
+ NOTE: Fix is in golang-github-containers-storage, buildah uses it
CVE-2024-9506 (Improper regular expression in Vue's parseHTML function leads
to a pot ...)
NOT-FOR-US: Vue
CVE-2024-5749 (Certain HP DesignJet products may be vulnerable to credential
reflecti ...)
@@ -104024,7 +104035,7 @@ CVE-2023-32873 (In keyInstall, there is a possible
out of bounds write due to a
CVE-2023-32871 (In DA, there is a possible permission bypass due to an
incorrect statu ...)
NOT-FOR-US: MediaTek
CVE-2024-29857 (An issue was discovered in ECCurve.java and ECCurve.cs in
Bouncy Castl ...)
- - bouncycastle <unfixed> (bug #1070655)
+ - bouncycastle 1.80-1 (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
[buster] - bouncycastle <postponed> (Minor issue)
@@ -104032,7 +104043,7 @@ CVE-2024-29857 (An issue was discovered in
ECCurve.java and ECCurve.cs in Bouncy
NOTE:
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
NOTE:
https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
(r1rv78v1)
CVE-2024-30172 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
- - bouncycastle <unfixed> (bug #1070655)
+ - bouncycastle 1.80-1 (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
[buster] - bouncycastle <postponed> (Minor issue)
@@ -104372,7 +104383,7 @@ CVE-2024-34453 (TwoNav 2.1.13 contains an SSRF
vulnerability via the url paramat
CVE-2024-34449 (Vditor 3.10.3 allows XSS via an attribute of an A element.
NOTE: the v ...)
NOT-FOR-US: Vditor
CVE-2024-34447 (An issue was discovered in Bouncy Castle Java Cryptography
APIs before ...)
- - bouncycastle <unfixed> (bug #1070655)
+ - bouncycastle 1.80-1 (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
[buster] - bouncycastle <postponed> (Minor issue)
@@ -108965,7 +108976,7 @@ CVE-2024-25583 (A crafted response from an upstream
server the recursor has been
CVE-2024-3154 (A flaw was found in cri-o, where an arbitrary systemd property
can be ...)
- cri-o <itp> (bug #979702)
CVE-2024-30171 (An issue was discovered in Bouncy Castle Java TLS API and JSSE
Provide ...)
- - bouncycastle <unfixed> (bug #1070655)
+ - bouncycastle 1.80-1 (bug #1070655)
[bookworm] - bouncycastle <no-dsa> (Minor issue)
[bullseye] - bouncycastle <no-dsa> (Minor issue)
[buster] - bouncycastle <postponed> (Minor issue)
@@ -144942,6 +144953,7 @@ CVE-2023-45286 (A race condition in go-resty can
result in HTTP request body dis
NOTE: https://github.com/go-resty/resty/issues/743
NOTE: https://github.com/go-resty/resty/issues/739
NOTE: https://github.com/go-resty/resty/pull/745
+ NOTE:
https://github.com/go-resty/resty/commit/577fed8730d79f583eb48dfc81674164e1fc471e
(v2.11.0)
CVE-2023-42505 (An authenticated user with read permissions on database
connections me ...)
NOT-FOR-US: Apache Superset
CVE-2023-42504 (An authenticated malicious user could initiate multiple
concurrent req ...)
@@ -153928,6 +153940,7 @@ CVE-2023-43058 (IBM Robotic Process Automation 23.0.9
is vulnerable to privilege
NOT-FOR-US: IBM
CVE-2023-42445 (Gradle is a build tool with a focus on build automation and
support fo ...)
- gradle <unfixed> (bug #1055176)
+ [trixie] - gradle <no-dsa> (Minor issue)
[bookworm] - gradle <no-dsa> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
@@ -154061,6 +154074,7 @@ CVE-2023-44390 (HtmlSanitizer is a .NET library for
cleaning HTML fragments and
NOT-FOR-US: HtmlSanitizer .NET library
CVE-2023-44387 (Gradle is a build tool with a focus on build automation and
support fo ...)
- gradle <unfixed> (bug #1055177)
+ [trixie] - gradle <no-dsa> (Minor issue)
[bookworm] - gradle <no-dsa> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <postponed> (Minor issue, requires local access to
build machine)
@@ -167695,6 +167709,7 @@ CVE-2023-36144 (An authentication bypass in Intelbras
Switch SG 2404 MR in firmw
NOT-FOR-US: Intelbras
CVE-2023-35947 (Gradle is a build tool with a focus on build automation and
support fo ...)
- gradle <unfixed> (bug #1041424)
+ [trixie] - gradle <no-dsa> (Minor issue)
[bookworm] - gradle <no-dsa> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
@@ -167703,6 +167718,7 @@ CVE-2023-35947 (Gradle is a build tool with a focus
on build automation and supp
NOTE:
https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91
(v8.2.0-RC3)
CVE-2023-35946 (Gradle is a build tool with a focus on build automation and
support fo ...)
- gradle <unfixed> (bug #1041424)
+ [trixie] - gradle <no-dsa> (Minor issue)
[bookworm] - gradle <no-dsa> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
@@ -322578,6 +322594,7 @@ CVE-2021-32752 (Ether Logs is a package that allows
one to check one's logs in t
NOT-FOR-US: Ether Logs
CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In
versions p ...)
- gradle <unfixed> (bug #1014778)
+ [trixie] - gradle <no-dsa> (Minor issue)
[bookworm] - gradle <ignored> (Minor issue)
[bullseye] - gradle <ignored> (Minor issue)
[buster] - gradle <ignored> (Minor issue)
@@ -331676,6 +331693,7 @@ CVE-2021-29430 (Sydent is a reference Matrix identity
server. Sydent does not li
NOTE:
https://github.com/matrix-org/sydent/security/advisories/GHSA-wmg4-8cp2-hpg9
CVE-2021-29429 (In Gradle before version 7.0, files created with open
permissions in t ...)
- gradle <unfixed> (bug #987284)
+ [trixie] - gradle <ignored> (Minor issue)
[bookworm] - gradle <ignored> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
@@ -331683,6 +331701,7 @@ CVE-2021-29429 (In Gradle before version 7.0, files
created with open permission
NOTE:
https://github.com/gradle/gradle/security/advisories/GHSA-fp8h-qmr5-j4c8
CVE-2021-29428 (In Gradle before version 7.0, on Unix-like systems, the system
tempora ...)
- gradle <unfixed> (bug #987284)
+ [trixie] - gradle <ignored> (Minor issue)
[bookworm] - gradle <ignored> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
@@ -450330,6 +450349,7 @@ CVE-2019-15053 (The "HTML Include and replace macro"
plugin before 1.5.0 for Con
NOT-FOR-US: "HTML Include and replace macro" plugin for Confluence
Server
CVE-2019-15052 (The HTTP client in Gradle before 5.6 sends authentication
credentials ...)
- gradle <unfixed> (low; bug #941187)
+ [trixie] - gradle <ignored> (Minor issue)
[bookworm] - gradle <ignored> (Minor issue)
[bullseye] - gradle <no-dsa> (Minor issue)
[buster] - gradle <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5793753c6e94f4828b1fe93d7b446160ee07ad
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e5793753c6e94f4828b1fe93d7b446160ee07ad
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
