Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25023fc6 by Moritz Muehlenhoff at 2025-02-18T16:02:02+01:00
bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -154,28 +154,34 @@ CVE-2021-46686 (Improper neutralization of special
elements used in an OS comman
NOT-FOR-US: acmailer CGI
CVE-2024-57259 [Heap corruption in U-Boot's SquashFS directory listing
function]
- u-boot <unfixed> (bug #1098254)
+ [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/048d795bb5b3d9c5701b4855f5e74bcf6849bf5e
(v2025.01-rc1)
CVE-2024-57258 [Multiple integer overflows in U-Boot's memory allocator]
- u-boot <unfixed> (bug #1098254)
+ [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/0a10b49206a29b4aa2f80233a3e53ca0466bb0b3
(v2025.01-rc1)
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/8642b2178d2c4002c99a0b69a845a48f2ae2706f
(v2025.01-rc1)
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/c17b2a05dd50a3ba437e6373093a0d6a359cdee0
(v2025.01-rc1)
CVE-2024-57257 [Stack overflow in U-Boot's SquashFS symlink resolution
function]
- u-boot <unfixed> (bug #1098254)
+ [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/4f5cc096bfd0a591f8a11e86999e3d90a9484c34
(v2025.01-rc1)
CVE-2024-57256 [Integer overflow in U-Boot's ext4 symlink resolution function]
- u-boot <unfixed> (bug #1098254)
+ [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/35f75d2a46e5859138c83a75cd2f4141c5479ab9
(v2025.01-rc1)
CVE-2024-57255 [Integer overflow in U-Boot's SquashFS symlink resolution
function]
- u-boot <unfixed> (bug #1098254)
+ [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/233945eba63e24061dffeeaeb7cd6fe985278356
(v2025.01-rc1)
CVE-2024-57254 [Integer overflow in U-Boot's SquashFS symlink size calculation
function]
- u-boot <unfixed> (bug #1098254)
+ [bookworm] - u-boot <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2025/02/17/2
NOTE: Fixed by:
https://source.denx.de/u-boot/u-boot/-/commit/c8e929e5758999933f9e905049ef2bf3fe6b140d
(v2025.01-rc1)
CVE-2024-57262
@@ -414,6 +420,7 @@ CVE-2024-10581 (The DirectoryPress Frontend plugin for
WordPress is vulnerable t
NOT-FOR-US: WordPress plugin
CVE-2025-26819 (Monero through 0.18.3.4 before ec74ff4 does not have response
limits o ...)
- monero 0.18.3.4+~0+20200826-2 (bug #1098240)
+ [bookworm] - monero <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d
CVE-2025-21401 (Microsoft Edge (Chromium-based) Security Feature Bypass
Vulnerability)
NOT-FOR-US: Microsoft
@@ -2054,6 +2061,7 @@ CVE-2024-12797 (Issue summary: Clients using RFC7250 Raw
Public Keys (RPKs) to a
NOTE: https://openssl-library.org/news/secadv/20250211.txt
CVE-2025-XXXX [RUSTSEC-2025-0005: Out of bounds write triggered by crafted
coverage data]
- rust-grcov <unfixed>
+ [bookworm] - rust-grcov <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0005.html
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1917475
CVE-2025-25243 (SAP Supplier Relationship Management (Master Data Management
Catalog) ...)
@@ -2413,6 +2421,7 @@ CVE-2025-25188 (Hickory DNS is a Rust based DNS client,
server, and resolver. A
CVE-2025-25186 (Net::IMAP implements Internet Message Access Protocol (IMAP)
client fu ...)
- ruby3.3 <unfixed>
- ruby3.1 <removed>
+ [bookworm] - ruby3.1 <no-dsa> (Minor issue)
NOTE:
https://github.com/ruby/net-imap/security/advisories/GHSA-7fc5-f82f-cx69
NOTE: Fixed by:
https://github.com/ruby/net-imap/commit/70e3ddd071a94e450b3238570af482c296380b35
(v0.5.6)
NOTE: Fixed by:
https://github.com/ruby/net-imap/commit/c8c5a643739d2669f0c9a6bb9770d0c045fd74a3
(v0.4.19)
@@ -3758,6 +3767,7 @@ CVE-2025-25062 (An XSS issue was discovered in Backdrop
CMS 1.28.x before 1.28.5
CVE-2025-24898 (rust-openssl is a set of OpenSSL bindings for the Rust
programming lan ...)
{DLA-4049-1}
- rust-openssl 0.10.70-1
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0004.html
NOTE:
https://github.com/sfackler/rust-openssl/security/advisories/GHSA-rpmj-rpgj-qmpm
NOTE: https://github.com/sfackler/rust-openssl/pull/2360
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25023fc606da3e1958c57329e6f40541ee4ffb8c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25023fc606da3e1958c57329e6f40541ee4ffb8c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
