Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d18c2f83 by Sylvain Beucler at 2025-11-08T13:40:26+01:00
dla: drop icingaweb2
Only minor issues
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -75724,6 +75724,7 @@ CVE-2025-30217 (Frappe is a full-stack web application
framework. Prior to versi
NOT-FOR-US: Frappe Framework
CVE-2025-30164 (Icinga Web 2 is an open source monitoring web interface,
framework and ...)
- icingaweb2 2.12.4-1
+ [bullseye] - icingaweb2 <postponed> (Minor issue, open redirect,
unknown patch)
NOTE:
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-8r73-6686-wv8q
CVE-2025-30073 (An issue was discovered in OPC cardsystems Webapp Aufwertung
2.1.0. Th ...)
NOT-FOR-US: OPC cardsystems Webapp Aufwertung
@@ -75811,6 +75812,7 @@ CVE-2025-28361 (Unauthorized stack overflow
vulnerability in Telesquare TLR-2005
NOT-FOR-US: Telesquare TLR-2005KSH
CVE-2025-27609 (Icinga Web 2 is an open source monitoring web interface,
framework and ...)
- icingaweb2 2.12.4-1
+ [bullseye] - icingaweb2 <postponed> (Minor issue, reflected XSS,
unknown patch)
NOTE:
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5cjw-fwjc-8j38
CVE-2025-27406 (Icinga Reporting is the central component for reporting
related functi ...)
- icingaweb2-module-reporting 1.0.4-1 (bug #1101885)
@@ -75818,9 +75820,11 @@ CVE-2025-27406 (Icinga Reporting is the central
component for reporting related
NOTE:
https://github.com/Icinga/icingaweb2-module-reporting/security/advisories/GHSA-7qvq-54vm-r7hx
CVE-2025-27405 (Icinga Web 2 is an open source monitoring web interface,
framework and ...)
- icingaweb2 2.12.4-1
+ [bullseye] - icingaweb2 <postponed> (Minor issue, reflected XSS,
unknown patch)
NOTE:
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-3x37-fjc3-ch8w
CVE-2025-27404 (Icinga Web 2 is an open source monitoring web interface,
framework and ...)
- icingaweb2 2.12.4-1
+ [bullseye] - icingaweb2 <postponed> (Minor issue, reflected XSS,
unknown patch)
NOTE:
https://github.com/Icinga/icingaweb2/security/advisories/GHSA-c6pg-h955-wf66
CVE-2025-27267 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin or theme
=====================================
data/dla-needed.txt
=====================================
@@ -136,12 +136,6 @@ hdf5
NOTE: 20251014: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117607
NOTE: 20251107: Please fix what can be reasonably fixed, and add a
README.Debian as requested in #1117607 (Beuc/front-desk)
--
-icingaweb2
- NOTE: 20250421: Added by Front-Desk (rouca)
- NOTE: 20250603: I checked the CVEs fixed with the latest release but cannot
find the related patches (dleidert)
- NOTE: 20250603: I also saw in the release log that multiple issues were
fixed without mentioning any CVE (dleidert)
- NOTE: 20250603: upstream should be asked about the patches for CVE 2025-*
(dleidert)
---
jackson-core
NOTE: 20250707: Added by Front-Desk (apo)
NOTE: 20251016: A single patch is not possible to apply to fix the CVE. I'm
working on backporting more than one.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18c2f83b0c686e452c7b4aa74f0143986ee84fc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d18c2f83b0c686e452c7b4aa74f0143986ee84fc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
