Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9816b63a by Thorsten Alteholz at 2025-04-18T15:15:56+02:00
mark CVE-2024-12368 for odoo as EOL
- - - - -
7dbbe8e4 by Thorsten Alteholz at 2025-04-18T15:15:58+02:00
mark CVE-2025-3549 and CVE-2025-3548 as postponed for Bullseye
- - - - -
5a2b42bd by Thorsten Alteholz at 2025-04-18T15:16:00+02:00
mark CVE-2025-29482 as postponed for Bullseye
- - - - -
43be37ce by Thorsten Alteholz at 2025-04-18T15:16:02+02:00
mark CVE-2025-3409, CVE-2025-3408, CVE-2025-3407 and CVE-2025-3406 as postponed
for Bullseye
- - - - -
ef591571 by Thorsten Alteholz at 2025-04-18T15:16:02+02:00
add thunderbird
- - - - -
e8964a56 by Thorsten Alteholz at 2025-04-18T15:16:04+02:00
mark CVE-2025-29088 as postponed for Bullseye
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2529,10 +2529,12 @@ CVE-2025-3550 (A vulnerability has been found in wowjoy
\u6d59\u6c5f\u6e56\u5dde
CVE-2025-3549 (A vulnerability, which was classified as critical, was found in
Open A ...)
- assimp <unfixed> (bug #1103444)
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6070
CVE-2025-3548 (A vulnerability, which was classified as critical, has been
found in O ...)
- assimp <unfixed> (bug #1103443)
[bookworm] - assimp <no-dsa> (Minor issue)
+ [bullseye] - assimp <postponed> (Minor issue)
NOTE: https://github.com/assimp/assimp/issues/6068
NOTE: https://github.com/assimp/assimp/pull/6073
NOTE: Fixed by:
https://github.com/assimp/assimp/commit/0ae66d27039481dc2a507bbc8482f691037c1a5a
@@ -3034,6 +3036,7 @@ CVE-2025-29150 (BlueCMS 1.6 suffers from Arbitrary File
Deletion via the id para
CVE-2025-29088 (In SQLite 3.49.0 before 3.49.1, certain argument values to
sqlite3_db_ ...)
- sqlite3 <unfixed> (bug #1102670)
[bookworm] - sqlite3 <no-dsa> (Minor issue)
+ [bullseye] - sqlite3 <postponed> (Minor issue)
NOTE:
https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4
CVE-2025-29017 (A Remote Code Execution (RCE) vulnerability exists in Code
Astro Inter ...)
NOT-FOR-US: CodeAstro
@@ -4174,18 +4177,22 @@ CVE-2025-3410 (A vulnerability classified as critical
was found in mymagicpower
CVE-2025-3409 (A vulnerability classified as critical has been found in
Nothings stb ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
+ [bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1771
CVE-2025-3408 (A vulnerability was found in Nothings stb up to f056911. It has
been r ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
+ [bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1770
CVE-2025-3407 (A vulnerability was found in Nothings stb up to f056911. It has
been d ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
+ [bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1769
CVE-2025-3406 (A vulnerability was found in Nothings stb up to f056911. It has
been c ...)
- libstb <unfixed>
[bookworm] - libstb <no-dsa> (Minor issue)
+ [bullseye] - libstb <postponed> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1772
CVE-2025-3405 (A vulnerability was found in FCJ Venture Builder appclientefiel
3.0.27 ...)
NOT-FOR-US: FCJ Venture Builder appclientefiel
@@ -4439,6 +4446,7 @@ CVE-2025-29594 (A vulnerability exists in the
errorpage.php file of the CS2-Weap
CVE-2025-29482 (Buffer Overflow vulnerability in libheif 1.19.7 allows a local
attacke ...)
- libheif <unfixed>
[bookworm] - libheif <no-dsa> (Minor issue)
+ [bullseye] - libheif <postponed> (Minor issue)
NOTE: https://github.com/lmarch2/poc/blob/main/libheif/libheif.md
CVE-2025-29481 (Buffer Overflow vulnerability in libbpf 1.5.0 allows a local
attacker ...)
- libbpf <unfixed> (bug #1102672)
@@ -21069,6 +21077,7 @@ CVE-2024-12424
REJECTED
CVE-2024-12368 (Improper access control in the auth_oauth module of Odoo
Community 15. ...)
- odoo 16.0.0+dfsg.1-1
+ [bullseye] - odoo <end-of-life> (EOL in bullseye LTS)
NOTE: https://github.com/odoo/odoo/issues/193854
CVE-2024-11955 (A vulnerability was found in GLPI up to 10.0.17. It has been
declared ...)
- glpi <removed>
=====================================
data/dla-needed.txt
=====================================
@@ -296,6 +296,9 @@ tcpdf
NOTE: 20241205: Added by Front-Desk (santiago)
NOTE: 20241230: https://lists.debian.org/debian-lts/2024/12/msg00057.html
(bunk)
--
+thunderbird
+ NOTE: 20250418: Added by Front-Desk (ta)
+--
trafficserver
NOTE: 20241120: Added by Front-Desk (Beuc)
NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f49f36cff4f692eeb9dbe7787575bc361dbdf782...e8964a569ad3c8816496d9fb8c9ae52d953f4769
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f49f36cff4f692eeb9dbe7787575bc361dbdf782...e8964a569ad3c8816496d9fb8c9ae52d953f4769
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
