[Git][security-tracker-team/security-tracker][master] Add information for CVE-2025-43703/anki

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 17 10:00:39 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea39b77d by Salvatore Bonaccorso at 2025-04-17T10:59:33+02:00
Add information for CVE-2025-43703/anki

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,9 @@ CVE-2025-43708 (VisiCut 2.1 allows stack consumption via an XML document with ne
 CVE-2025-43704 (Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentia ...)
 	NOT-FOR-US: Veritas
 CVE-2025-43703 (An issue was discovered in Ankitects Anki through 25.02. A crafted sha ...)
-	TODO: check
+	- anki <not-affected> (Incomplete fix for CVE-2024-32484 not applied)
+	NOTE: https://github.com/ankitects/anki/pull/3925
+	NOTE: Issue exists because of an incomplete fix for CVE-2024-32484
 CVE-2025-3730 (A vulnerability, which was classified as problematic, was found in PyT ...)
 	TODO: check
 CVE-2025-3729 (A vulnerability, which was classified as critical, has been found in S ...)
@@ -78798,6 +78800,7 @@ CVE-2024-32484 (An reflected XSS vulnerability exists in the handling of invalid
 	- anki <removed> (bug #1077548)
 	[bullseye] - anki <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995
+	NOTE: When fixing this issue, make sure to fix it completely to not open up CVE-2025-43703
 CVE-2024-32152 (A blocklist bypass vulnerability exists in the LaTeX functionality of  ...)
 	- anki <removed> (bug #1077548)
 	[bullseye] - anki <postponed> (Minor issue; can be fixed in next update)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea39b77d7df5bda9281e29c51919bf1f3ea8c664

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea39b77d7df5bda9281e29c51919bf1f3ea8c664
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250417/a2a31472/attachment.htm>

More information about the debian-security-tracker-commits mailing list