[Git][security-tracker-team/security-tracker][master] bookworm triage

Tue, 20 May 2025 14:16:27 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6cdc03e7 by Moritz Muehlenhoff at 2025-05-20T23:15:46+02:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1163,6 +1163,7 @@ CVE-2025-47931 (LibreNMS is PHP/MySQL/SNMP based network 
monitoring software. Li
        NOT-FOR-US: LibreNMS
 CVE-2025-47273 (setuptools is a package that allows users to download, build, 
install, ...)
        - setuptools <unfixed> (bug #1105970)
+       [bookworm] - setuptools <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf
        NOTE: https://github.com/pypa/setuptools/issues/4946
        NOTE: Fixed by: 
https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b
 (v78.1.1)
@@ -1353,6 +1354,7 @@ CVE-2025-47793 (Nextcloud Server is a self hosted 
personal cloud system, and the
        - nextcloud-server <itp> (bug #941708)
 CVE-2025-47792 (Nextcloud Desktop is the desktop sync client for Nextcloud. In 
version ...)
        - nextcloud-desktop 3.15.0-1
+       [bookworm] - nextcloud-desktop <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qm2f-959g-7p65
        NOTE: https://github.com/nextcloud/desktop/pull/7517
        NOTE: https://hackerone.com/reports/1995856
@@ -2215,6 +2217,7 @@ CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 
through 9.9.0.0, contain
 CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
        - twitter-bootstrap4 <not-affected> (Only affects 3.x)
        - twitter-bootstrap3 <unfixed> (bug #1105899)
+       [bookworm] - twitter-bootstrap3 <no-dsa> (Minor issue)
        NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-1647
 CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack 
Debug Tools. ...)
        NOT-FOR-US: WordPress plugin or theme
@@ -3611,9 +3614,11 @@ CVE-2025-47816 (libpspp-core.a in GNU PSPP through 2.0.1 
allows attackers to cau
        NOTE: https://savannah.gnu.org/bugs/?67073
 CVE-2025-47815 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to 
cause a h ...)
        - pspp <unfixed> (bug #1105105)
+       [bookworm] - pspp <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/?67075
 CVE-2025-47814 (libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to 
cause a h ...)
        - pspp <unfixed> (bug #1105106)
+       [bookworm] - pspp <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/?67074
 CVE-2025-4514 (A vulnerability, which was classified as critical, has been 
found in Z ...)
        NOT-FOR-US: Zhengzhou Jiuhua Electronic Technology mayicms
@@ -5028,6 +5033,7 @@ CVE-2025-20122 (A vulnerability in the CLI of Cisco 
Catalyst SD-WAN Manager, for
        NOT-FOR-US: Cisco
 CVE-2024-47619 (syslog-ng is an enhanced log daemo. Prior to version 4.8.2, 
`tls_wildc ...)
        - syslog-ng 4.8.1-5 (bug #1104890)
+       [bookworm] - syslog-ng <no-dsa> (Minor issue)
        NOTE: 
https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg
        NOTE: https://github.com/syslog-ng/syslog-ng/issues/5360
        NOTE: Fixed by: 
https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006
 (develop)
@@ -5825,6 +5831,7 @@ CVE-2025-4218 (A vulnerability was found in handrew 
browserpilot up to 0.2.51. I
        NOT-FOR-US: handrew browserpilot
 CVE-2025-4215 (A vulnerability was found in gorhill uBlock Origin up to 
1.63.3b16. It ...)
        - ublock-origin <unfixed> (bug #1104635)
+       [bookworm] - ublock-origin <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c
 (1.63.3b17)
 CVE-2025-4199 (The Abundatrade Plugin plugin for WordPress is vulnerable to 
Cross-Sit ...)
        NOT-FOR-US: WordPress plugin
@@ -10787,6 +10794,7 @@ CVE-2025-43703 (An issue was discovered in Ankitects 
Anki through 25.02. A craft
        NOTE: Issue exists because of an incomplete fix for CVE-2024-32484
 CVE-2025-3730 (A vulnerability, which was classified as problematic, was found 
in PyT ...)
        - pytorch <unfixed> (bug #1103455)
+       [bookworm] - pytorch <no-dsa> (Minor issue)
        [bullseye] - pytorch <postponed> (Minor issue; DoS)
        NOTE: https://github.com/pytorch/pytorch/issues/150835
        NOTE: https://github.com/pytorch/pytorch/pull/150981


=====================================
data/dsa-needed.txt
=====================================
@@ -57,8 +57,12 @@ php-laravel-framework
 python-django
   Chris is working on it
 --
+python-tornado
+--
 ring
 --
+ruby-rack
+--
 ruby-saml
   Utkarsh Gupta might work on an update
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cdc03e7776c959b97843c67b36e6d6bf9744fe8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6cdc03e7776c959b97843c67b36e6d6bf9744fe8
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to