[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sat, 31 May 2025 13:12:30 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
35a1762d by security tracker role at 2025-05-31T20:12:09+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2025-5390 (A vulnerability, which was classified as critical, was found in 
JeeWMS ...)
+       TODO: check
+CVE-2025-5389 (A vulnerability, which was classified as critical, has been 
found in J ...)
+       TODO: check
+CVE-2025-5388 (A vulnerability classified as critical was found in JeeWMS up 
to 20250 ...)
+       TODO: check
+CVE-2025-5387 (A vulnerability classified as critical has been found in JeeWMS 
up to  ...)
+       TODO: check
+CVE-2025-5386 (A vulnerability was found in JeeWMS up to 20250504. It has been 
rated  ...)
+       TODO: check
+CVE-2025-5385 (A vulnerability was found in JeeWMS up to 20250504. It has been 
declar ...)
+       TODO: check
+CVE-2025-5384 (A vulnerability was found in JeeWMS up to 20250504. It has been 
classi ...)
+       TODO: check
+CVE-2025-5383 (A vulnerability was found in Yifang CMS up to 2.0.2 and 
classified as  ...)
+       TODO: check
+CVE-2025-5381 (A vulnerability, which was classified as problematic, was found 
in Yif ...)
+       TODO: check
+CVE-2025-5380 (A vulnerability, which was classified as critical, has been 
found in a ...)
+       TODO: check
+CVE-2025-5379 (A vulnerability classified as critical was found in NuCom 
NC-WR744G 8. ...)
+       TODO: check
+CVE-2025-5378 (A vulnerability classified as problematic has been found in 
Astun Tech ...)
+       TODO: check
+CVE-2025-5377 (A vulnerability was found in Astun Technology iShare Maps 
5.4.0. It ha ...)
+       TODO: check
+CVE-2025-5376 (A vulnerability was found in SourceCodester Health Center 
Patient Reco ...)
+       TODO: check
+CVE-2025-5375 (A vulnerability was found in PHPGurukul HPGurukul Online Birth 
Certifi ...)
+       TODO: check
+CVE-2025-5374 (A vulnerability was found in PHPGurukul Online Birth 
Certificate Syste ...)
+       TODO: check
+CVE-2025-5373 (A vulnerability has been found in PHPGurukul Online Birth 
Certificate  ...)
+       TODO: check
+CVE-2025-4857 (The Newsletters plugin for WordPress is vulnerable to Local 
File Inclu ...)
+       TODO: check
+CVE-2025-4691 (The Free Booking Plugin for Hotels, Restaurants and Car Rentals 
\u2013 ...)
+       TODO: check
 CVE-2025-5371 (A vulnerability, which was classified as critical, has been 
found in S ...)
        NOT-FOR-US: SourceCodester
 CVE-2025-5370 (A vulnerability classified as critical was found in PHPGurukul 
News Po ...)
@@ -51620,18 +51658,22 @@ CVE-2024-53164 (In the Linux kernel, the following 
vulnerability has been resolv
        [bookworm] - linux 6.1.123-1
        NOTE: 
https://git.kernel.org/linus/5eb7de8cd58e73851cd37ff8d0666517d9926948 (6.13-rc2)
 CVE-2024-56527 (An issue was discovered in TCPDF before 6.8.0. The Error 
function lack ...)
+       {DLA-4199-1}
        - tcpdf 6.8.0+dfsg-1 (bug #1091689)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
 (6.8.0)
 CVE-2024-56522 (An issue was discovered in TCPDF before 6.8.0. 
unserializeTCPDFtag use ...)
+       {DLA-4199-1}
        - tcpdf 6.8.0+dfsg-1 (bug #1091688)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
 (6.8.0)
 CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is 
used, CUR ...)
        - tcpdf 6.8.0+dfsg-1 (bug #1091687)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554
 (6.8.0)
 CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as 
used in TC ...)
+       {DLA-4199-1}
        - tcpdf 6.8.0+dfsg-1 (bug #1091686)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe
 (6.8.0)
 CVE-2024-56519 (An issue was discovered in TCPDF before 6.8.0. setSVGStyles 
does not s ...)
+       {DLA-4199-1}
        - tcpdf 6.8.0+dfsg-1 (bug #1091685)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
 (6.8.0)
 CVE-2024-56510 (@marp-team/marp-core is the core for Marp, which is the 
ecosystem to w ...)
@@ -65487,12 +65529,12 @@ CVE-2024-51736 (Symphony process is a module for the 
Symphony PHP framework whic
 CVE-2024-51409 (Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a 
remote at ...)
        NOT-FOR-US: Tenda
 CVE-2024-50345 (symfony/http-foundation is a module for the Symphony PHP 
framework whi ...)
-       {DSA-5809-1}
+       {DSA-5809-1 DLA-4200-1}
        - symfony 6.4.14+dfsg-1
        NOTE: 
https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp
        NOTE: Fixed by: 
https://github.com/symfony/symfony/commit/5a9b08e5740af795854b1b639b7d45b9cbfe8819
 (v5.4.46, v6.4.14, v7.1.7)
 CVE-2024-50343 (symfony/validator is a module for the Symphony PHP framework 
which pro ...)
-       {DSA-5809-1}
+       {DSA-5809-1 DLA-4200-1}
        - symfony 6.4.11+dfsg-1
        NOTE: 
https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9
        NOTE: Fixed by: 
https://github.com/symfony/symfony/commit/7d1032bbead9a4229b32fa6ebca32681c80cb76f
 (v5.4.43, v6.4.11, v7.1.4)
@@ -106676,6 +106718,7 @@ CVE-2024-23580 (HCL DRYiCE Optibot Reset Station is 
impacted byinsecure encrypti
 CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure 
encryption of ...)
        NOT-FOR-US: HCL
 CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular 
Express ...)
+       {DLA-4199-1}
        - tcpdf 6.7.7+dfsg-1 (bug #1072528)
        [bookworm] - tcpdf <no-dsa> (Minor issue)
        NOTE: https://github.com/tecnickcom/TCPDF/issues/724
@@ -124306,6 +124349,7 @@ CVE-2024-3701 (The system application 
(com.transsion.kolun.aiservice) component
 CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are 
vulnerable to ...)
        NOT-FOR-US: JFrog Artifactory Self-Hosted
 CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
+       {DLA-4199-1}
        - tcpdf 6.7.4+dfsg-1
        [bookworm] - tcpdf <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
@@ -145626,6 +145670,7 @@ CVE-2024-23055 (An issue in Plone Docker Official 
Image 5.2.13 (5221) open-sourc
 CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 
allows  ...)
        NOT-FOR-US: Projectworlds Vistor Management Systemin PHP
 CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular 
Expression Denia ...)
+       {DLA-4199-1}
        - tcpdf 6.7.5+dfsg-1
        [bookworm] - tcpdf <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
@@ -154755,30 +154800,35 @@ CVE-2023-50495 (NCurse v6.4-20230418 was discovered 
to contain a segmentation fa
 CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting 
(XSS). ...)
        NOT-FOR-US: SAS
 CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point 
Exceptio ...)
+       {DLA-4198-1}
        - espeak-ng 1.51+dfsg-12 (bug #1059060)
        [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
        [buster] - espeak-ng <no-dsa> (Minor issue)
        NOTE: https://github.com/espeak-ng/espeak-ng/issues/1823
        NOTE: 
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow 
via the ...)
+       {DLA-4198-1}
        - espeak-ng 1.51+dfsg-12 (bug #1059060)
        [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
        [buster] - espeak-ng <no-dsa> (Minor issue)
        NOTE: https://github.com/espeak-ng/espeak-ng/issues/1826
        NOTE: 
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer 
Overflow v ...)
+       {DLA-4198-1}
        - espeak-ng 1.51+dfsg-12 (bug #1059060)
        [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
        [buster] - espeak-ng <no-dsa> (Minor issue)
        NOTE: https://github.com/espeak-ng/espeak-ng/issues/1827
        NOTE: 
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer 
Underflow  ...)
+       {DLA-4198-1}
        - espeak-ng 1.51+dfsg-12 (bug #1059060)
        [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
        [buster] - espeak-ng <no-dsa> (Minor issue)
        NOTE: https://github.com/espeak-ng/espeak-ng/issues/1825
        NOTE: 
https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
 CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow 
via the ...)
+       {DLA-4198-1}
        - espeak-ng 1.51+dfsg-12 (bug #1059060)
        [bookworm] - espeak-ng 1.51+dfsg-10+deb12u1
        [buster] - espeak-ng <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a1762d7723fd7fe3cfaa850cdba380935fd44a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35a1762d7723fd7fe3cfaa850cdba380935fd44a
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to