[automatic] Publish 5 advisories for 4 packages

[jlsec-bot]

This action searched recent NVD/EUVD changes/publications, checking 408 (+0) advisories from NVD and 527 (+264) from EUVD for advisories that pertain here. It identified 5 advisories as being related to the Julia package(s): Poppler_jll, XML2_jll, GnuPG_jll, and HTTP.

3 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

• CVE-2024-56378 for packages: Poppler_jll
  • Poppler_jll computed ["*"]. Its latest version (24.6.0+0) has components: {poppler = "24.06.0", poppler-ink = "24.06.0"}
    • freedesktop:poppler at <= 24.12.0 includes all versions
• CVE-2025-30258 for packages: GnuPG_jll
  • GnuPG_jll computed ["*"]. Its latest version (2.4.7+0) has components: {gnupg = "2.4.7"}
    • gnupg:gnupg at < 2.5.5 includes all versions
• CVE-2025-52886 for packages: Poppler_jll
  • Poppler_jll computed ["*"]. Its latest version (24.6.0+0) has components: {poppler = "24.06.0", poppler-ink = "24.06.0"}
    • freedesktop:poppler at < 25.06.0 includes all versions

2 advisories found concrete vulnerable ranges

• CVE-2024-34459 for packages: XML2_jll
  • XML2_jll computed ["< 2.12.7+0"]. Its latest version (2.14.4+0) has components: {libxml2 = "2.14.4"}
• CVE-2025-61689 for packages: HTTP
  • HTTP computed ["< 1.10.19"].

[mbauman]

We'll just tackle all of these projects independently:

• HTTP is [automatic] Publish 1 advisory for HTTP #169
• XML2 is [automatic] Publish 26 advisories for XML2_jll and XSLT_jll #176
• Poppler is [automatic] Publish 11 advisories for Poppler_jll #175
• GnuPG is [GnuPG] update version to 2.4.8 JuliaPackaging/Yggdrasil#12320 and [automatic] Publish 3 advisories for GnuPG_jll and Libksba_jll #179