[Git][security-tracker-team/security-tracker][master] 3 commits: lts: triage CVE-2025-9308/node-yarnpkg for Bullseye

Sat, 23 Aug 2025 17:24:24 -0700 


Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
11e1fd43 by Daniel Leidert at 2025-08-24T02:00:03+02:00
lts: triage CVE-2025-9308/node-yarnpkg for Bullseye

Mark as postponed. Minor issue that can produce a local DoS similar to
CVE-2025-8262 (same submitter as well). Follow triage of CVE-2025-8262.

- - - - -
a3d6f623 by Daniel Leidert at 2025-08-24T02:09:47+02:00
lts: triage CVE-2015-1554/kgb-bot

Mark as ignored. This has not been reproduced by third parties since the issue
has been reported. Thus, it has been ignored. Reflect that in the LTS triage.

- - - - -
a1925a75 by Daniel Leidert at 2025-08-24T02:20:36+02:00
Add links for CVE-2024-44905/golang-gopkg-pg.v5

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -591,6 +591,7 @@ CVE-2025-9309 (A vulnerability was found in Tenda AC10 
16.03.10.13. Affected is
        NOT-FOR-US: Tenda
 CVE-2025-9308 (A vulnerability has been found in yarnpkg Yarn up to 1.22.22. 
This imp ...)
        - node-yarnpkg <unfixed>
+       [bullseye] - node-yarnpkg <postponed> (minor issue; DoS)
        NOTE: https://github.com/yarnpkg/yarn/pull/9203
 CVE-2025-9307 (A flaw has been found in PHPGurukul Online Course Registration 
3.1. Th ...)
        NOT-FOR-US: PHPGurukul
@@ -21847,6 +21848,8 @@ CVE-2024-44906 (uptrace pgdriver v1.2.1 was discovered 
to contain a SQL injectio
 CVE-2024-44905 (go-pg pg v10.13.0 was discovered to contain a SQL injection 
vulnerabil ...)
        - golang-gopkg-pg.v5 <undetermined>
        TODO: check details
+       NOTE: https://github.com/advisories/GHSA-6xp3-p59p-q4fj
+       NOTE: Fixed by: 
https://github.com/go-pg/pg/commit/eff50a43724e52347559687a6945c116afbb41c1 
(v10.15.0)
 CVE-2023-45256 (Multiple SQL injection vulnerabilities in the EuroInformation 
Monetico ...)
        NOT-FOR-US: PrestaShop module
 CVE-2025-30399 (Untrusted search path in .NET and Visual Studio allows an 
unauthorized ...)
@@ -691145,7 +691148,8 @@ CVE-2015-1401 (Improper Authentication vulnerability 
in the "LDAP / SSO Authenti
        NOT-FOR-US: typo3 extension
 CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of 
service (c ...)
        - kgb-bot <undetermined> (low; bug #776424)
-       [buster] - kgb-bot <no-dsa> (Minor issue, not reproducible)
+       [bullseye] - kgb-bot <ignored> (Minor issue, not reproducible)
+       [buster] - kgb-bot <ignored> (Minor issue, not reproducible)
        NOTE: 20190201: random crash still not reproducible
 CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for 
Node.js  ...)
        NOT-FOR-US: sequelize



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/678cc89c138ab1a158e3907d6ed962fac5f492ea...a1925a75dbac25bff36e36d34f3ef56cd3b3637a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/678cc89c138ab1a158e3907d6ed962fac5f492ea...a1925a75dbac25bff36e36d34f3ef56cd3b3637a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to