Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4b897b48 by Salvatore Bonaccorso at 2025-08-29T04:48:14+02:00
kanboard re-uploaded again into archive mark issues as unfixed for now
Retrigger checks/triage on those which were marked as removed from
usntable without having back then the resolution. Most of them should be
now addressed but needs to be reckecked explicitly.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5279,11 +5279,11 @@ CVE-2025-55166 (savg-sanitizer is a PHP SVG/XML
sanitizer. Prior to version 0.22
CVE-2025-55164 (content-security-policy-parser parses content security policy
directiv ...)
NOT-FOR-US: helmetjs/content-security-policy-parser
CVE-2025-55011 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed>
+ - kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55
NOTE:
https://github.com/kanboard/kanboard/commit/523a6135e944b6884c091a3fd7605af8ef13368
(v1.2.47)
CVE-2025-55010 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed>
+ - kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r
NOTE:
https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f
(v1.2.47)
CVE-2025-54864 (Hydra is a continuous integration service for Nix based
projects. Prio ...)
@@ -19077,7 +19077,7 @@ CVE-2025-52889 (Incus is a system container and virtual
machine manager. When us
NOTE: Introduced with:
https://github.com/lxc/incus/commit/a7c33301738aede3c035063e973b1d885d9bac7c
(v6.12.0)
NOTE: Fixed by:
https://github.com/lxc/incus/commit/2516fb19ad8428454cb4edfe70c0a5f0dc1da214
CVE-2025-52576 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed>
+ - kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-qw57-7cx6-wvp7
NOTE:
https://github.com/kanboard/kanboard/commit/3079623640dc39f9c7b0c840d2a79095331051f1
(v1.2.46)
CVE-2025-52569 (GitForge.jl is a unified interface for interacting with Git
"forges." ...)
@@ -19552,7 +19552,7 @@ CVE-2025-52562 (Convoy is a KVM server management panel
for hosting businesses.
CVE-2025-52561 (HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to
version ...)
NOT-FOR-US: HTMLSanitizer.jl
CVE-2025-52560 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed>
+ - kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-2ch5-gqjm-8p92
NOTE:
https://github.com/kanboard/kanboard/commit/bca2bd7ab95e7990e358fd35a7daf51a9c16aa75
(v1.2.46)
CVE-2025-52558 (changedetection.io is a free open source web page change
detection, we ...)
@@ -32543,7 +32543,7 @@ CVE-2025-47859
CVE-2025-47858
REJECTED
CVE-2025-46825 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed>
+ - kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-5wj3-c9v4-pj9v
NOTE: Fixed by:
https://github.com/kanboard/kanboard/commit/6ebf22eeaae9f8b4abab72e3c18e45a2c4a2a808
(v1.2.45)
NOTE: Introduced by:
https://github.com/kanboard/kanboard/commit/ac94004ea9fc455dcc5edc8a242d67d1ccd85564
(v1.2.26)
@@ -79852,7 +79852,7 @@ CVE-2024-56116 (A Cross-Site Request Forgery
vulnerability in Amiro.CMS before 7
CVE-2024-56115 (A vulnerability in Amiro.CMS before 7.8.4 exists due to the
failure to ...)
NOT-FOR-US: Amiro.CMS
CVE-2024-55603 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed> (bug #1090923)
+ - kanboard <unfixed> (bug #1090923)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-gv5c-8pxr-p484
NOTE:
https://github.com/kanboard/kanboard/commit/7ce61c34d962ca8b5dce776289ddf4b207be6e78
(v1.2.43)
CVE-2024-55506 (An IDOR vulnerability in CodeAstro's Complaint Management
System v1.0 ...)
@@ -84026,7 +84026,7 @@ CVE-2024-54127 (This vulnerability exists in the
TP-Link Archer C50 due to prese
CVE-2024-54126 (This vulnerability exists in the TP-Link Archer C50 due to
improper si ...)
NOT-FOR-US: TP-Link
CVE-2024-54001 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed> (bug #1089187)
+ - kanboard <unfixed> (bug #1089187)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-4vvp-jf72-chrj
CVE-2024-53857 (rPGP is a pure Rust implementation of OpenPGP. Prior to
0.14.1, rPGP a ...)
- rust-pgp 0.14.2-1
@@ -91222,10 +91222,10 @@ CVE-2024-52286 (Stirling-PDF is a locally hosted web
application that allows you
CVE-2024-51992 (Orchid is a @laravel package that allows for rapid application
develop ...)
NOT-FOR-US: Orchid laravel package
CVE-2024-51748 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed> (bug #1088798)
+ - kanboard <unfixed> (bug #1088798)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-jvff-x577-j95p
CVE-2024-51747 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed> (bug #1088798)
+ - kanboard <unfixed> (bug #1088798)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-78pf-vg56-5p8v
CVE-2024-51490 (Ampache is a web based audio/video streaming application and
file mana ...)
- ampache <removed>
@@ -132036,7 +132036,7 @@ CVE-2024-36732 (An issue in OneFlow-Inc. Oneflow
v0.9.1 allows attackers to caus
CVE-2024-36730 (Improper input validation in OneFlow-Inc. Oneflow v0.9.1
allows attack ...)
NOT-FOR-US: OneFlow
CVE-2024-36399 (Kanboard is project management software that focuses on the
Kanban met ...)
- - kanboard <removed> (bug #1072791)
+ - kanboard <unfixed> (bug #1072791)
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv
NOTE:
https://github.com/kanboard/kanboard/commit/b6703688aac8187f5ea4d4d704fc7afeeffeafa7
(v1.2.37)
CVE-2024-36394 (SysAid - CWE-78: Improper Neutralization of Special Elements
used in a ...)
@@ -173315,7 +173315,7 @@ CVE-2024-22725 (Orthanc versions before 1.12.2 are
affected by a reflected cross
[buster] - orthanc <postponed> (Minor issue, XSS)
NOTE: https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0
CVE-2024-22720 (Kanboard 1.2.34 is vulnerable to Html Injection in the group
managemen ...)
- - kanboard <removed> (bug #1062710)
+ - kanboard <unfixed> (bug #1062710)
NOTE:
https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b
NOTE: https://github.com/kanboard/kanboard/issues/5411
NOTE: Fixed by:
https://github.com/kanboard/kanboard/commit/70df1210259a2e5ec258a753318bddfda6f7d024
(v1.2.35)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b897b48c334bc39665d25bd2fbb1c0983686e35
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b897b48c334bc39665d25bd2fbb1c0983686e35
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
