[Git][security-tracker-team/security-tracker][master] Add CVE-2025-45766/poco, but not yet clear status
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 6 21:48:36 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
555f3746 by Salvatore Bonaccorso at 2025-08-06T22:48:20+02:00
Add CVE-2025-45766/poco, but not yet clear status
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -55,7 +55,9 @@ CVE-2025-46387 (CWE-639 Authorization Bypass Through User-Controlled Key)
CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key)
TODO: check
CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.)
- TODO: check
+ - poco <undetermined>
+ NOTE: https://github.com/pocoproject/poco/issues/4921
+ TODO: check upstream status, might not be a bug in poco
CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption.)
TODO: check
CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/555f3746e6b560da44ee6657f29f470592f0e8fc
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/555f3746e6b560da44ee6657f29f470592f0e8fc
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250806/07efb170/attachment.htm>
More information about the debian-security-tracker-commits
mailing list