[Git][security-tracker-team/security-tracker][master] CVE-2025-30346 was already included as well in DSA-5918-1

Salvatore Bonaccorso (@carnil) Thu, 15 May 2025 14:01:37 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e364d46e by Salvatore Bonaccorso at 2025-05-15T22:51:04+02:00
CVE-2025-30346 was already included as well in DSA-5918-1

As the version was preivously accepted in bookworm-pu but not officially
released in stable, move the CVE and fixed version to the DSA along

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18922,7 +18922,6 @@ CVE-2025-30347 (Varnish Enterprise before 6.0.13r13 
allows remote attackers to o
 CVE-2025-30346 (Varnish Cache before 7.6.2 and Varnish Enterprise before 
6.0.13r10 all ...)
        {DLA-4101-1}
        - varnish 7.7.0-1
-       [bookworm] - varnish <no-dsa> (Minor issue)
        NOTE: https://varnish-cache.org/security/VSV00015.html
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/8ef69a03b36aeac5f364c01eb20f821860e47f14
 (varnish-7.7.0)
        NOTE: 
https://github.com/varnishcache/varnish-cache/commit/a9640a13276048815cc51a12cda2603f4d4444e4
 (varnish-7.6.2)


=====================================
data/DSA/list
=====================================
@@ -5,7 +5,7 @@
        {CVE-2025-22247}
        [bookworm] - open-vm-tools 2:12.2.0-1+deb12u3
 [13 May 2025] DSA-5918-1 varnish - security update
-       {CVE-2025-47905}
+       {CVE-2025-30346 CVE-2025-47905}
        [bookworm] - varnish 7.1.1-2+deb12u1
 [08 May 2025] DSA-5917-1 libapache2-mod-auth-openidc - security update
        {CVE-2025-3891}


=====================================
data/next-point-update.txt
=====================================
@@ -96,8 +96,6 @@ CVE-2025-1860
        [bookworm] - libdata-entropy-perl 0.007-4+deb12u1
 CVE-2025-30673
        [bookworm] - libsub-handlesvia-perl 0.050000-1+deb12u1
-CVE-2025-30346
-       [bookworm] - varnish 7.1.1-1.1+deb12u1
 CVE-2025-0838
        [bookworm] - abseil 20220623.1-1+deb12u1
 CVE-2023-4641



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e364d46ec754e73b5ca7ffd5811302f063d02b38

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e364d46ec754e73b5ca7ffd5811302f063d02b38
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE-2025-30346 was already included as well in DSA-5918-1

Reply via email to