[Git][security-tracker-team/security-tracker][master] new nsis issue, bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Apr 18 17:11:55 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a76ae82 by Moritz Muehlenhoff at 2025-04-18T18:11:37+02:00
new nsis issue, bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -722,7 +722,9 @@ CVE-2020-36789 (In the Linux kernel, the following vulnerability has been resolv
 CVE-2025-43717 (In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests direct ...)
 	NOT-FOR-US: PEAR HTTP_Request2
 CVE-2025-43715 (Nullsoft Scriptable Install System (NSIS) before 3.11 on Windows allow ...)
-	TODO: check
+	- nsis <unfixed> (bug #1103524)
+	NOTE: https://sourceforge.net/p/nsis/bugs/1315/
+	NOTE: https://nsis.sourceforge.io/Docs/AppendixF.html#v3.11-rl
 CVE-2025-43708 (VisiCut 2.1 allows stack consumption via an XML document with nested s ...)
 	NOT-FOR-US: VisiCut
 CVE-2025-43704 (Arctera/Veritas Data Insight before 7.1.2 can send cleartext credentia ...)
@@ -2320,9 +2322,8 @@ CVE-2025-3589 (A vulnerability, which was classified as critical, was found in S
 CVE-2025-3588 (A vulnerability, which was classified as problematic, has been found i ...)
 	NOT-FOR-US: joelittlejohn jsonschema2pojo
 CVE-2025-3576 (A vulnerability in the MIT Kerberos implementation allows GSSAPI-prote ...)
-	- krb5 <unfixed>
+	- krb5 <unfixed> (bug #1103525)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
-	TODO: check upstream details
 CVE-2025-3573 (Versions of the package jquery-validation before 1.20.0 are vulnerable ...)
 	- civicrm <unfixed> (bug #1103445)
 	NOTE: https://github.com/jquery-validation/jquery-validation/pull/2462



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a76ae82b714f832b2c7d454fb3100d5de0fd998

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a76ae82b714f832b2c7d454fb3100d5de0fd998
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250418/6e54e180/attachment.htm>

More information about the debian-security-tracker-commits mailing list