[Git][security-tracker-team/security-tracker][master] CVE-2025-54869

Thu, 07 Aug 2025 15:57:58 -0700 


Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
5668eb43 by Bastien Roucariès at 2025-08-08T00:55:55+02:00
CVE-2025-54869

icingaweb2-module-pdfexport include FPDI for pdf handling.

The import module of FPDI is vulnerable to DoS

However the export function likely does not need import path.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -456,9 +456,11 @@ CVE-2025-54872 (onion-site-template is a complete, 
scalable tor hidden service s
        NOT-FOR-US: onion-site-template
 CVE-2025-54869 (FPDI is a collection of PHP classes that facilitate reading 
pages from ...)
        - icingaweb2-module-pdfexport <unfixed>
+       [bullseye] - icingaweb2-module-pdfexport <postponed> (minor; DoS)
        NOTE: 
https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3
        NOTE: 
https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0
        NOTE: icingaweb2-module-pdfexport embedds FPDI
+       NOTE: Likely not affected CVE is on import PDF module, likely not used 
by codepath of pdfexport
 CVE-2025-54801 (Fiber is an Express inspired web framework written in Go. In 
versions  ...)
        NOT-FOR-US: Fiber
 CVE-2025-54655 (Race condition vulnerability in the virtualization base 
module. Succes ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5668eb43a8ce4fa06014f08414885ee71d7d7038

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5668eb43a8ce4fa06014f08414885ee71d7d7038
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to