[Git][security-tracker-team/security-tracker][master] new pytorch issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b966b5cf by Moritz Muehlenhoff at 2025-04-01T14:07:32+02:00
new pytorch issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -588,9 +588,13 @@ CVE-2025-3003 (A vulnerability, which was classified as critical, was found in E
 CVE-2025-3002 (A vulnerability, which was classified as critical, has been found in D ...)
 	NOT-FOR-US: Digital China
 CVE-2025-3001 (A vulnerability classified as critical was found in PyTorch 2.6.0. Thi ...)
-	TODO: check
+	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	NOTE: https://github.com/pytorch/pytorch/issues/149626
 CVE-2025-3000 (A vulnerability classified as critical has been found in PyTorch 2.6.0 ...)
-	TODO: check
+	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	NOTE: https://github.com/pytorch/pytorch/issues/149623
 CVE-2025-31629 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31627 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -790,9 +794,13 @@ CVE-2025-30005 (Xorcom CompletePBX is vulnerable to a path traversal via the Dia
 CVE-2025-30004 (Xorcom CompletePBX is vulnerable to command injection in the administr ...)
 	NOT-FOR-US: Xorcom CompletePBX
 CVE-2025-2999 (A vulnerability was found in PyTorch 2.6.0. It has been rated as criti ...)
-	TODO: check
+	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	NOTE: https://github.com/pytorch/pytorch/issues/149622
 CVE-2025-2998 (A vulnerability was found in PyTorch 2.6.0. It has been declared as cr ...)
-	TODO: check
+	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	NOTE: https://github.com/pytorch/pytorch/issues/149622
 CVE-2025-2997 (A vulnerability was found in zhangyanbo2007 youkefu 4.2.0. It has been ...)
 	NOT-FOR-US: zhangyanbo2007 youkefu
 CVE-2025-2996 (A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified ...)
@@ -972,7 +980,9 @@ CVE-2025-2955 (A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.518
 CVE-2025-2954 (A vulnerability, which was classified as problematic, was found in man ...)
 	NOT-FOR-US: OpenManus
 CVE-2025-2953 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	NOTE: https://github.com/pytorch/pytorch/issues/149274
 CVE-2025-2952 (A vulnerability classified as critical was found in Bluestar Micro Mal ...)
 	NOT-FOR-US: Bluestar Micro Mall
 CVE-2025-2951 (A vulnerability classified as critical has been found in Bluestar Micr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b966b5cf2c281e013b4555f8ee6e7a1c460abdc4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b966b5cf2c281e013b4555f8ee6e7a1c460abdc4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250401/6d58eb1d/attachment.htm>