Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c3d1c0af by Thorsten Alteholz at 2025-04-20T01:34:37+02:00
mark CVE-2025-3416 as postponed for Bullseye
- - - - -
4083b599 by Thorsten Alteholz at 2025-04-20T01:36:51+02:00
mark CVE-2024-39780 as postponed for Bullseye
- - - - -
ecac546f by Thorsten Alteholz at 2025-04-20T01:38:25+02:00
mark CVE-2024-57868 as postponed for Bullseye
- - - - -
f9edce55 by Thorsten Alteholz at 2025-04-20T01:39:47+02:00
mark CVE-2024-58036 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4995,16 +4995,19 @@ CVE-2024-57835 (Amon2::Auth::Site::LINE uses the
String::Random moduleto generat
CVE-2024-58036 (Net::Dropbox::API 1.9 and earlier for Perl uses the rand()
function as ...)
- libnet-dropbox-api-perl <unfixed> (bug #1102147)
[bookworm] - libnet-dropbox-api-perl <no-dsa> (Minor issue)
+ [bullseye] - libnet-dropbox-api-perl <postponed> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28504518/
CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as
the defa ...)
- libweb-api-perl <unfixed> (bug #1102148)
[bookworm] - libweb-api-perl <no-dsa> (Minor issue)
+ [bullseye] - libweb-api-perl <postponed> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
NOT-FOR-US: Apache Airflow SQL provider
CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties
argument in c ...)
- rust-openssl 0.10.72-1 (bug #1102137)
[bookworm] - rust-openssl <no-dsa> (Minor issue)
+ [bullseye] - rust-openssl <postponed> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
NOTE: https://github.com/sfackler/rust-openssl/pull/2390
NOTE:
https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
@@ -6320,6 +6323,7 @@ CVE-2024-42325 (Zabbix API user.get returns all users
that share common group wi
CVE-2024-39780 (A YAML deserialization vulnerability was found in the Robot
Operating ...)
- ros-dynamic-reconfigure <unfixed> (bug #1102010)
[bookworm] - ros-dynamic-reconfigure <no-dsa> (Minor issue)
+ [bullseye] - ros-dynamic-reconfigure <postponed> (Minor issue)
NOTE: https://github.com/ros/dynamic_reconfigure/pull/202
NOTE: Fixed by:
https://github.com/ros/dynamic_reconfigure/commit/9975cc8b55b3039115da6662cc7279cc65303844
CVE-2024-36469 (Execution time for an unsuccessful login differs when using a
non-exis ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b9126193e037409acabd43fa867dc5ed6b95c186...f9edce55409380f2fa769c02c522504097699a51
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b9126193e037409acabd43fa867dc5ed6b95c186...f9edce55409380f2fa769c02c522504097699a51
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
