[Git][security-tracker-team/security-tracker][master] CVE-2025-50200/rabbitmq-server
Bastien Roucariès (@rouca)
rouca at debian.org
Fri Aug 15 21:44:46 BST 2025
Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker
Commits:
033301d0 by Bastien Roucariès at 2025-08-15T22:44:35+02:00
CVE-2025-50200/rabbitmq-server
According to bug fix this is introduced by 383ddb1
Use correct version and mark older version not affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16487,8 +16487,11 @@ CVE-2025-52464 (Meshtastic is an open source mesh networking solution. In versio
NOT-FOR-US: Meshtastic
CVE-2025-50200 (RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and p ...)
- rabbitmq-server <unfixed> (bug #1108075)
+ [bookworm] - rabbitmq-server <not-affected> (vulnerable code introduced later)
+ [bullseye] - rabbitmq-server <not-affected> (vulnerable code introduced later)
NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-gh3x-4x42-fvq8
NOTE: Fixed by https://github.com/rabbitmq/rabbitmq-server/pull/13612
+ NOTE: Introduced with: https://github.com/rabbitmq/rabbitmq-server/commit/383ddb16341200f63091e2dd8bb7c0c6346e3ef7 (3.13.1)
CVE-2025-4738 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Yirmibes Software MY ERP
CVE-2025-49014 (jq is a command-line JSON processor. In version 1.8.0 a heap use after ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/033301d00d329a5cd49b087b795b103ef0b068cd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/033301d00d329a5cd49b087b795b103ef0b068cd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/df247da7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list