[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-29923

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Apr 21 15:38:24 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
30cb0a92 by Salvatore Bonaccorso at 2025-04-21T16:38:05+02:00
Update status for CVE-2025-29923

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11261,12 +11261,11 @@ CVE-2025-2311 (Incorrect Use of Privileged APIs, Cleartext Transmission of Sensi
 CVE-2025-29980 (A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1 ...)
 	NOT-FOR-US: eTRAKiT.net
 CVE-2025-29923 (go-redis is the official Redis client library for the Go programming l ...)
-	- golang-github-go-redis-redis <unfixed>
-	[bullseye] - golang-github-go-redis-redis <postponed> (Minor issue, workaround exists)
+	- golang-github-go-redis-redis <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/redis/go-redis/security/advisories/GHSA-92cp-5422-2mw7
 	NOTE: https://github.com/redis/go-redis/pull/3295
+	NOTE: Introduced with: https://github.com/redis/go-redis/commit/5da49b1abaef3bc65acae10debdbc72d7f5f32a1 (v9.5.1)
 	NOTE: Fixed by: https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6
-	TODO: research introducing commit, might be post 9.5.1
 CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and use-cases  ...)
 	NOT-FOR-US: kcp Kubernetes control plane
 CVE-2025-29914 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30cb0a92811f2ce9fe052ea9a8d38e3fdaa65274

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30cb0a92811f2ce9fe052ea9a8d38e3fdaa65274
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250421/ffeddedf/attachment.htm>

More information about the debian-security-tracker-commits mailing list