Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6947898f by Moritz Muehlenhoff at 2025-04-21T13:41:41+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13944,16 +13944,19 @@ CVE-2025-25925 (A stored cross-scripting (XSS)
vulnerability in Openmrs v2.4.3 B
NOT-FOR-US: Openmrs
CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users
to set w ...)
- hoteldruid <unfixed> (bug #1101015)
+ [trixie] - hoteldruid <no-dsa> (Minor issue)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7
CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of
HotelDruid ...)
- hoteldruid <unfixed> (bug #1101015)
+ [trixie] - hoteldruid <no-dsa> (Minor issue)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7
CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid
v.3.0.7 ...)
- hoteldruid <unfixed> (bug #1101015)
+ [trixie] - hoteldruid <no-dsa> (Minor issue)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7
@@ -22569,6 +22572,7 @@ CVE-2025-24841 (Movable Type contains a stored
cross-site scripting vulnerabilit
CVE-2025-22921 (FFmpeg git-master,N-113007-g8d24a28d06 was discovered to
contain a seg ...)
{DLA-4073-1}
- ffmpeg <unfixed>
+ [trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 7.1 branch)
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
NOTE: https://trac.ffmpeg.org/ticket/11393
NOTE: Fixed by:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7f9c7f9849a2155224711f0ff57ecdac6e4bfb57q
@@ -36233,16 +36237,19 @@ CVE-2024-12970 (Improper Neutralization of Special
Elements used in an OS Comman
NOT-FOR-US: TUBITAK BILGEM Pardus OS My Computer
CVE-2023-6605 (A flaw was found in FFmpeg's DASH playlist support. This
vulnerability ...)
- ffmpeg <unfixed>
+ [trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 7.1 branch)
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed
upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334336
CVE-2023-6604 (A flaw was found in FFmpeg. This vulnerability allows
unexpected addit ...)
- ffmpeg <unfixed>
+ [trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 7.1 branch)
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed
upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2334337
CVE-2023-6601 (A flaw was found in FFmpeg's HLS demuxer. This vulnerability
allows by ...)
- ffmpeg <unfixed>
+ [trixie] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 7.1 branch)
[bookworm] - ffmpeg <postponed> (Minor issue, wait until it's fixed in
the 5.1 branch)
[bullseye] - ffmpeg <postponed> (Minor issue, wait until it's fixed
upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2253172
@@ -47704,11 +47711,13 @@ CVE-2024-52765 (H3C GR-1800AX MiniGRW1B0V100R007 is
vulnerable to remote code ex
NOT-FOR-US: H3C GR-1800AX MiniGRW1B0V100R007
CVE-2024-52763 (A cross-site scripting (XSS) vulnerability in the component
/graph_all ...)
- ganglia-web <unfixed> (bug #1088799)
+ [trixie] - ganglia-web <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - ganglia-web <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/ganglia/ganglia-web/issues/382
CVE-2024-52762 (A cross-site scripting (XSS) vulnerability in the component
/master/he ...)
- ganglia-web <unfixed> (bug #1088799)
+ [trixie] - ganglia-web <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - ganglia-web <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - ganglia-web <postponed> (Minor issue; can be fixed in next
update)
NOTE: https://github.com/ganglia/ganglia-web/issues/382
@@ -150324,6 +150333,7 @@ CVE-2023-6377 (A flaw was found in xorg-server.
Querying or changing XKB button
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This
issue oc ...)
- xorg-server <unfixed> (bug #1055426)
+ [trixie] - xorg-server <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - xorg-server <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - xorg-server <no-dsa> (Minor issue)
[buster] - xorg-server <no-dsa> (Minor issue)
@@ -171858,6 +171868,7 @@ CVE-2023-31669 (WebAssembly wat2wasm v1.0.32 allows
attackers to cause a libc++a
NOTE: Crash in CLI tool, no security impact
CVE-2023-31518 (A heap use-after-free in the component
CDataFileReader::GetItem of tee ...)
- teeworlds <unfixed> (bug #1036703)
+ [trixie] - teeworlds <ignored> (Minor issue)
[bookworm] - teeworlds <ignored> (Minor issue)
[bullseye] - teeworlds <ignored> (Minor issue)
[buster] - teeworlds <no-dsa> (Minor issue)
@@ -171865,6 +171876,7 @@ CVE-2023-31518 (A heap use-after-free in the
component CDataFileReader::GetItem
NOTE: https://github.com/teeworlds/teeworlds/issues/2970
CVE-2023-31517 (A memory leak in the component CConsole::Chain of Teeworlds
v0.7.5 all ...)
- teeworlds <unfixed> (bug #1036703)
+ [trixie] - teeworlds <ignored> (Minor issue)
[bookworm] - teeworlds <ignored> (Minor issue)
[bullseye] - teeworlds <ignored> (Minor issue)
[buster] - teeworlds <no-dsa> (Minor issue)
@@ -363048,6 +363060,7 @@ CVE-2020-28599 (A stack-based buffer overflow
vulnerability exists in the import
NOTE:
https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh
stl_fix_norm ...)
- slic3r-prusa <unfixed> (bug #1074415)
+ [trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1222
@@ -363055,16 +363068,19 @@ CVE-2020-28597 (A predictable seed vulnerability
exists in the password reset fu
NOT-FOR-US: Epignosis EfrontPro
CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the
Objparser::o ...)
- slic3r-prusa <unfixed> (bug #1074415)
+ [trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1220
CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp
load_obj() ...)
- slic3r-prusa <unfixed> (bug #1074415)
+ [trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219
CVE-2020-28594 (A use-after-free vulnerability exists in the
_3MF_Importer::_handle_en ...)
- slic3r-prusa <unfixed> (bug #1074415)
+ [trixie] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - slic3r-prusa <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - slic3r-prusa <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1218
@@ -700886,6 +700902,7 @@ CVE-2013-0338 (libxml2 2.9.0 and earlier allows
context-dependent attackers to c
- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and
earlier, uses ...)
- nginx <unfixed> (low; bug #701112)
+ [trixie] - nginx <ignored> (Minor issue)
[bookworm] - nginx <ignored> (Minor issue)
[bullseye] - nginx <ignored> (Minor issue)
[buster] - nginx <ignored> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6947898fb839db09307d81c244cd2d23b199b1f1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6947898fb839db09307d81c244cd2d23b199b1f1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
