[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2025-20128 in clamav for bullseye LTS.

Chris Lamb (@lamby) Fri, 24 Jan 2025 04:17:36 -0800


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker



Commits:
35a60def by Chris Lamb at 2025-01-24T12:11:56+00:00
Triage CVE-2025-20128 in clamav for bullseye LTS.

- - - - -
98e67cde by Chris Lamb at 2025-01-24T12:12:26+00:00
Triage CVE-2025-0395 in glibc for bullseye LTS.

- - - - -
837cdc74 by Chris Lamb at 2025-01-24T12:14:38+00:00
Triage CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150 &amp; 
CVE-2024-53869 in nvidia-graphics-drivers for bullseye LTS.

- - - - -
66e7f3b0 by Chris Lamb at 2025-01-24T12:16:35+00:00
Triage CVE-2024-0131, CVE-2024-0147, CVE-2024-0149 &amp; CVE-2024-0150 in 
nvidia-graphics-drivers-tesla-470 for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56,6 +56,7 @@ CVE-2023-46400 (KWHotel 0.47 is vulnerable to CSV Formula 
Injection in the add g
 CVE-2024-0149
        - nvidia-graphics-drivers <unfixed> (bug #1093908)
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+       [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -65,6 +66,7 @@ CVE-2024-0149
        NOTE: 460.106.00-3 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers-tesla-470
        - nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
        [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not 
supported)
        - nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
        NOTE: 525.147.05-6 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers
        - nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -73,6 +75,7 @@ CVE-2024-0149
 CVE-2024-0131
        - nvidia-graphics-drivers <unfixed> (bug #1093908)
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+       [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -82,6 +85,7 @@ CVE-2024-0131
        NOTE: 460.106.00-3 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers-tesla-470
        - nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
        [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not 
supported)
        - nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
        NOTE: 525.147.05-6 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers
        - nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -94,6 +98,7 @@ CVE-2024-53869
 CVE-2024-0147
        - nvidia-graphics-drivers <unfixed> (bug #1093908)
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+       [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -103,6 +108,7 @@ CVE-2024-0147
        NOTE: 460.106.00-3 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers-tesla-470
        - nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
        [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not 
supported)
        - nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
        NOTE: 525.147.05-6 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers
        - nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -111,6 +117,7 @@ CVE-2024-0147
 CVE-2024-0150
        - nvidia-graphics-drivers <unfixed> (bug #1093908)
        [bookworm] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
+       [bullseye] - nvidia-graphics-drivers <ignored> (Non-free not supported)
        - nvidia-graphics-drivers-legacy-340xx <unfixed> (bug #1093909)
        - nvidia-graphics-drivers-legacy-390xx <unfixed> (bug #1093910)
        - nvidia-graphics-drivers-tesla-418 <unfixed> (bug #1093911)
@@ -120,6 +127,7 @@ CVE-2024-0150
        NOTE: 460.106.00-3 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers-tesla-470
        - nvidia-graphics-drivers-tesla-470 <unfixed> (bug #1093914)
        [bookworm] - nvidia-graphics-drivers-tesla-470 <no-dsa> (Non-free not 
supported)
+       [bullseye] - nvidia-graphics-drivers-tesla-470 <ignored> (Non-free not 
supported)
        - nvidia-graphics-drivers-tesla 525.147.05-6 (bug #1093915)
        NOTE: 525.147.05-6 turned the package into a metapackage to aid 
switching to nvidia-graphics-drivers
        - nvidia-open-gpu-kernel-modules <unfixed> (bug #1093916)
@@ -540,6 +548,7 @@ CVE-2025-20156 (A vulnerability in the REST API of Cisco 
Meeting Management coul
 CVE-2025-20128 (A vulnerability in the Object Linking and Embedding 2 (OLE2) 
decryptio ...)
        - clamav <unfixed> (bug #1093880)
        [bookworm] - clamav <no-dsa> (clamav is being updated via -updates)
+       [bullseye] - clamav <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: 
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
 CVE-2025-0651 (Improper Privilege Management vulnerability in Cloudflare WARP 
on Wind ...)
        NOT-FOR-US: Cloudflare
@@ -558,6 +567,7 @@ CVE-2025-0604 (A flaw was found in Keycloak. When an Active 
Directory user reset
 CVE-2025-0395 (When the assert() function in the GNU C Library versions 2.13 
to 2.40  ...)
        - glibc 2.40-6
        [bookworm] - glibc <no-dsa> (Minor issue)
+       [bullseye] - glibc <postponed> (Minor issue; can be fixed in next 
update)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32582
        NOTE: https://www.openwall.com/lists/oss-security/2025/01/22/4
        NOTE: Fixed by: 
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c
 (2.40-branch)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/14bfbb842fe3ef229373206b3000e8e5f816296b...66e7f3b0124200dc408c87ab578cfb9e19043a40

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/14bfbb842fe3ef229373206b3000e8e5f816296b...66e7f3b0124200dc408c87ab578cfb9e19043a40
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 4 commits: Triage CVE-2025-20128 in clamav for bullseye LTS.

Reply via email to