Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5736b6b4 by Moritz Muehlenhoff at 2025-06-02T09:57:20+02:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -337,13 +337,13 @@ CVE-2025-44906 (jhead v3.08 was discovered to contain a
heap-use-after-free via
NOTE:
https://github.com/madao123123/crash_report/blob/main/jhead/jhead.md
NOTE: https://github.com/Matthias-Wandel/jhead/issues/90
CVE-2025-44905 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow
via the ...)
- - hdf5 <unfixed>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc5.md
- TODO: reported upstream?
+ NOTE: Negligible security impact
CVE-2025-44904 (hdf5 v1.14.6 was discovered to contain a heap buffer overflow
via the ...)
- - hdf5 <unfixed>
+ - hdf5 <unfixed> (unimportant)
NOTE:
https://github.com/madao123123/crash_report/blob/main/hdf5_poc/hdf5_poc1.md
- TODO: reported upstream?
+ NOTE: Negligible security impact
CVE-2025-44619 (Tinxy WiFi Lock Controller v1 RF was discovered to be
configured to tr ...)
NOT-FOR-US: Tinxy
CVE-2025-44614 (Tinxy WiFi Lock Controller v1 RF was discovered to store
users' sensit ...)
@@ -497,7 +497,8 @@ CVE-2024-51392 (An issue in OpenKnowledgeMaps Headstart v7
allows a remote attac
CVE-2024-49350 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2024-22654 (tcpreplay v4.4.4 was discovered to contain an infinite loop
via the tc ...)
- - tcpreplay 4.5.1-1
+ - tcpreplay 4.5.1-1 (unimportant)
+ NOTE: Hang in CLI tool, no security impact
NOTE: https://github.com/appneta/tcpreplay/issues/827
NOTE: https://github.com/appneta/tcpreplay/pull/842
NOTE: https://github.com/appneta/tcpreplay/pull/859
@@ -2273,9 +2274,9 @@ CVE-2025-5003 (A vulnerability has been found in
projectworlds Online Time Table
CVE-2025-5002 (A vulnerability, which was classified as critical, was found in
Source ...)
NOT-FOR-US: SourceCodester
CVE-2025-5001 (A vulnerability was found in GNU PSPP
82fb509fb2fedd33e7ac0c46ca99e108 ...)
- - pspp <unfixed> (bug #1106251)
- [bullseye] - pspp <postponed> (Minor issue, DoS)
+ - pspp <unfixed> (bug #1106251; unimportant)
NOTE: https://savannah.gnu.org/bugs/index.php?67069
+ NOTE: Crash in CLI tool, no security impact
CVE-2025-5000 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK
up to 1 ...)
NOT-FOR-US: Linksys
CVE-2025-4999 (A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK
up to 1 ...)
@@ -11513,12 +11514,14 @@ CVE-2025-46435 (Cross-Site Request Forgery (CSRF)
vulnerability in Yash Binani T
CVE-2025-46421 (A flaw was found in libsoup. When libsoup clients encounter an
HTTP re ...)
- libsoup3 3.6.5-1
- libsoup2.4 <unfixed> (bug #1104054)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/439
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/436
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/3e5c26415811f19e7737238bb23305ffaf96f66b
(3.6.5)
CVE-2025-46420 (A flaw was found in libsoup. It is vulnerable to memory leaks
in the s ...)
- libsoup3 3.6.4-1
- libsoup2.4 2.74.3-10.1 (bug #1104055)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/438
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/421
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/c9083869ec2a3037e6df4bd86b45c419ba295f8e
(3.6.2)
@@ -15122,6 +15125,7 @@ CVE-2025-32914 (A flaw was found in libsoup, where the
soup_multipart_new_from_m
{DLA-4140-1}
- libsoup3 <unfixed> (bug #1103267)
- libsoup2.4 2.74.3-10.1 (bug #1103512)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/436
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
NOTE:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/5bfcf8157597f2d327050114fb37ff600004dbcf
@@ -15129,6 +15133,7 @@ CVE-2025-32913 (A flaw was found in libsoup, where the
soup_message_headers_get_
{DLA-4140-1}
- libsoup3 3.6.4-1
- libsoup2.4 2.74.3-10.1 (bug #1103515)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/435
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(3.6.2)
@@ -15136,6 +15141,7 @@ CVE-2025-32912 (A flaw was found in libsoup, where
SoupAuthDigest is vulnerable
{DLA-4140-1}
- libsoup3 3.6.5-1
- libsoup2.4 2.74.3-10.1 (bug #1103516)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/434
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832
(3.6.2)
@@ -15146,6 +15152,7 @@ CVE-2025-32911 (A use-after-free type vulnerability was
found in libsoup, in the
{DLA-4140-1}
- libsoup3 3.6.4-1
- libsoup2.4 2.74.3-10.1 (bug #1103515)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/433
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/422
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/f4a761fb66512fff59798765e8ac5b9e57dceef0
(3.6.2)
@@ -15153,6 +15160,7 @@ CVE-2025-32910 (A flaw was found in libsoup, where
soup_auth_digest_authenticate
{DLA-4140-1}
- libsoup3 3.6.4-1
- libsoup2.4 2.74.3-10.1 (bug #1103516)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/432
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/ea16eeacb052e423eb5c3b0b705e5eab34b13832
(3.6.2)
@@ -15160,6 +15168,7 @@ CVE-2025-32909 (A flaw was found in libsoup.
SoupContentSniffer may be vulnerabl
{DLA-4140-1}
- libsoup3 3.6.4-1
- libsoup2.4 2.74.3-10.1 (bug #1103517)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/431
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/ba4c3a6f988beff59e45801ab36067293d24ce92
(3.6.2)
CVE-2025-32908 (A flaw was found in libsoup. The HTTP/2 server in libsoup may
not full ...)
@@ -51714,6 +51723,7 @@ CVE-2024-56522 (An issue was discovered in TCPDF before
6.8.0. unserializeTCPDFt
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
(6.8.0)
CVE-2024-56521 (An issue was discovered in TCPDF before 6.8.0. If libcurl is
used, CUR ...)
- tcpdf 6.8.0+dfsg-1 (bug #1091687)
+ [bookworm] - tcpdf <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554
(6.8.0)
CVE-2024-56520 (An issue was discovered in tc-lib-pdf-font before 2.6.4, as
used in TC ...)
{DSA-5933-1 DLA-4199-1}
@@ -458351,6 +458361,7 @@ CVE-2019-16537
RESERVED
CVE-2019-16536 (Stack overflow leading to DoS can be triggered by a malicious
authenti ...)
- clickhouse <removed>
+ [bookworm] - clickhouse <no-dsa> (Minor issue)
CVE-2019-16535 (In all versions of ClickHouse before 19.14, an OOB read, OOB
write and ...)
NOT-FOR-US: ClickHouse
CVE-2019-16534 (On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists
via a c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5736b6b46da60db6d471f6df81f43124b738aa4d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5736b6b46da60db6d471f6df81f43124b738aa4d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
