[Git][security-tracker-team/security-tracker][master] Add Debian bug reference forCVE-2025-8959/golang-github-hashicorp-go-getter

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a0c3dcb by Salvatore Bonaccorso at 2025-08-16T21:05:02+02:00
Add Debian bug reference forCVE-2025-8959/golang-github-hashicorp-go-getter

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -265,7 +265,7 @@ CVE-2025-38502 [bpf: Fix oob access in cgroup local storage]
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/abad3d0bad72a52137e0c350c59542d75ae4f513 (6.17-rc1)
 CVE-2025-8959 (HashiCorp's go-getter library subdirectory download feature is vulnera ...)
-	- golang-github-hashicorp-go-getter <unfixed>
+	- golang-github-hashicorp-go-getter <unfixed> (bug #1111318)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242
 CVE-2025-8898 (The Taxi Booking Manager for Woocommerce | E-cab plugin for WordPress  ...)
 	NOT-FOR-US: WordPress plugin



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0c3dcb46768e1d731712cb136137db07a16f5b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a0c3dcb46768e1d731712cb136137db07a16f5b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250816/d389f5a5/attachment.htm>