[Git][security-tracker-team/security-tracker][master] bookworm triage

Moritz Muehlenhoff (@jmm) Fri, 07 Feb 2025 11:59:31 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
521e05b9 by Moritz Muehlenhoff at 2025-02-07T20:58:58+01:00
bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -97,6 +97,7 @@ CVE-2025-24786 (WhoDB is an open source database management 
tool. While the appl
        NOT-FOR-US: WhoDB
 CVE-2025-23217 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy 
for pen ...)
        - mitmproxy <unfixed>
+       [bookworm] - mitmproxy <no-dsa> (Minor issue)
        NOTE: 
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p
 CVE-2025-22992 (A SQL Injection vulnerability exists in the /feed/insert.json 
endpoint ...)
        NOT-FOR-US: Emoncms
@@ -1413,8 +1414,10 @@ CVE-2025-0938 (The Python standard library functions 
`urllib.parse.urlsplit` and
        - python3.13 <unfixed>
        - python3.12 <unfixed>
        - python3.11 <removed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        - pypy3 <unfixed>
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        NOTE: 
https://mail.python.org/archives/list/security-annou...@python.org/thread/K4EUG6EKV6JYFIC24BASYOZS4M5XOQIB/
        NOTE: https://github.com/python/cpython/issues/105704
        NOTE: https://github.com/python/cpython/pull/129418
@@ -2000,6 +2003,7 @@ CVE-2024-10309 (The Tracking Code Manager WordPress 
plugin before 2.4.0 does not
        NOT-FOR-US: WordPress plugin
 CVE-2025-24528 [Prevent overflow when calculating ulog block size]
        - krb5 <unfixed> (bug #1094730)
+       [bookworm] - krb5 <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2342796
        NOTE: Fixed by: 
https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0
 CVE-2025-24882 (regclient is a Docker and OCI Registry Client in Go. A 
malicious regis ...)
@@ -11758,6 +11762,7 @@ CVE-2024-56738 (GNU GRUB (aka GRUB2) through 2.12 does 
not use a constant-time a
        NOTE: https://savannah.gnu.org/bugs/?66603
 CVE-2024-56737 (GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer 
overflow in  ...)
        - grub2 <unfixed>
+       [bookworm] - grub2 <no-dsa> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/?66599
 CVE-2024-13006 (A vulnerability, which was classified as critical, has been 
found in 1 ...)
        NOT-FOR-US: 1000 Projects Human Resource Management System


=====================================
data/dsa-needed.txt
=====================================
@@ -46,6 +46,8 @@ opennds
 --
 pagure
 --
+pam-pkcs11 (carnil)
+--
 php-laravel-framework
 --
 python-django



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521e05b92cfd2bb24d9fd5e62e2117fce4cce126

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/521e05b92cfd2bb24d9fd5e62e2117fce4cce126
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bookworm triage

Reply via email to