Andreas Henriksson pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a8887931 by Andreas Henriksson at 2025-06-21T15:12:14+02:00
Mark sslh CVEs as not affecting <= bookworm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6609,16 +6609,28 @@ CVE-2025-47272 (The CE Phoenix eCommerce platform,
starting in version 1.0.9.7 a
NOT-FOR-US: CE Phoenix
CVE-2025-46807 (A Allocation of Resources Without Limits or Throttling
vulnerability i ...)
- sslh <unfixed> (bug #1107213)
+ [bookworm] - sslh <not-affected> (Vulnerable code not present)
+ [bullseye] - sslh <not-affected> (Vulnerable code not present)
+ [buster] - sslh <not-affected> (Vulnerable code not present)
+ [stretch] - sslh <not-affected> (Vulnerable code not present)
+ [jessie] - sslh <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1243122
NOTE: Fixed by:
https://github.com/yrutschle/sslh/commit/ff8206f7c8a47f901b78a1b78db5a4c788f6aa6f
(v2.2.4)
NOTE: https://www.openwall.com/lists/oss-security/2025/06/13/1
+ NOTE: Introduced in https://github.com/yrutschle/sslh/commit/750e828d
(v2.0-rc1)
CVE-2025-46806 (A Use of Out-of-range Pointer Offset vulnerability in sslh
leads to de ...)
- sslh <unfixed> (bug #1107214)
+ [bookworm] - sslh <not-affected> (Vulnerable code not present)
+ [bullseye] - sslh <not-affected> (Vulnerable code not present)
+ [buster] - sslh <not-affected> (Vulnerable code not present)
+ [stretch] - sslh <not-affected> (Vulnerable code not present)
+ [jessie] - sslh <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1243120
NOTE: Fixed by:
https://github.com/yrutschle/sslh/commit/204305a88fb32cffaf1349253a2b052186ca8d39
(v2.2.4)
NOTE: Original fix in 2.2.4 was incomplete.
NOTE: Fixed by:
https://github.com/yrutschle/sslh/commit/cd9b85fd4f2dafe4eab01c9d9c0706f00d81c12a
NOTE: https://www.openwall.com/lists/oss-security/2025/06/13/1
+ NOTE: Introduced by:
https://github.com/yrutschle/sslh/commit/aa17061e26a06624d7bb375baeffe4a905842a02
(v2.0-rc2)
CVE-2025-45542 (SQL injection vulnerability in the registrationform endpoint
of CloudC ...)
NOT-FOR-US: CloudClassroom-PHP-Project
CVE-2025-45387 (osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken
Access ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a888793199d647ddf3964d756d86f4db1dd1b95f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a888793199d647ddf3964d756d86f4db1dd1b95f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
