[Git][security-tracker-team/security-tracker][master] Update status ofr CVE-2025-3416/rust-openssl (RUSTSEC-2025-0022)

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 9 07:36:22 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8e12ecca by Salvatore Bonaccorso at 2025-04-09T08:35:53+02:00
Update status ofr CVE-2025-3416/rust-openssl (RUSTSEC-2025-0022)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6,8 +6,6 @@ CVE-2025-3433 (The Advanced Advertising System plugin for WordPress is vulnerabl
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3432 (The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-3416 (A flaw was found in OpenSSL's handling of the properties argument in c ...)
-	TODO: check
 CVE-2025-3289 (A local code execution vulnerability exists in the Rockwell Automation ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2025-3288 (A local code execution vulnerability exists in the Rockwell Automation ...)
@@ -1166,9 +1164,11 @@ CVE-2024-57868 (Web::API 2.8 and earlier for Perl uses the rand() function as th
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/28503730/
 CVE-2025-30473 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: Apache Airflow SQL provider
-CVE-2025-XXXX [RUSTSEC-2025-0022]
+CVE-2025-3416 [RUSTSEC-2025-0022]
 	- rust-openssl 0.10.72-1 (bug #1102137)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0022.html
+	NOTE: https://github.com/sfackler/rust-openssl/pull/2390
+	NOTE: https://github.com/sfackler/rust-openssl/commit/87085bd67896b7f92e6de35d081f607a334beae4
 CVE-2025-3296 (A vulnerability, which was classified as critical, has been found in S ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-3268 (A vulnerability has been found in qinguoyi TinyWebServer up to 1.0 and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e12ecca8d55a7081a6ba55d32c9ac45a22b5370

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e12ecca8d55a7081a6ba55d32c9ac45a22b5370
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250409/a68c4b50/attachment.htm>

More information about the debian-security-tracker-commits mailing list