[Git][security-tracker-team/security-tracker][master] CVE-2025--32049: Drop reference to not yet merged commit

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 27 21:13:26 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
22ff9009 by Salvatore Bonaccorso at 2025-04-27T22:12:56+02:00
CVE-2025--32049: Drop reference to not yet merged commit

REference instead the current MR which handles to address the fix and
retain the note added by Andreas Henriksson about what the proposed fix
is aiming to do.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7103,9 +7103,9 @@ CVE-2025-32049 (A flaw was found in libsoup. The SoupWebsocketConnection may acc
 	- libsoup3 <unfixed> (bug #1102067)
 	- libsoup2.4 <unfixed> (bug #1102211)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/390
-	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/5a83501544a7ff180a5f3490192a280252cd7d04
-	NOTE: The fix commit above is not merged, just proposed in a MR.
-	NOTE: The fix commit just adds an option with the default retaining old behaviour: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
+	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408
+	NOTE: Proposed fix adds an option with the default retaining old behaviour:
+	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/408#note_2394070
 CVE-2025-31911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31909 (Missing Authorization vulnerability in NotFound Apptivo Business Site  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22ff9009c878b1a64b90b99ae2b705882743b94c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/22ff9009c878b1a64b90b99ae2b705882743b94c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250427/f9f0b106/attachment.htm>

More information about the debian-security-tracker-commits mailing list