[Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2025-8747

Daniel Leidert (@dleidert) dleidert at debian.org
Wed Aug 20 05:32:17 BST 2025 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5bdc5177 by Daniel Leidert at 2025-08-20T06:31:47+02:00
Triage CVE-2025-8747

- - - - -
81584ee4 by Daniel Leidert at 2025-08-20T06:31:49+02:00
Add some information for CVE-2024-55459

- - - - -
82fc60f3 by Daniel Leidert at 2025-08-20T06:31:50+02:00
Mark CVE-2024-3660 affecting keras as well

The bug is in keras.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3206,6 +3206,10 @@ CVE-2025-8817 (A vulnerability was identified in Linksys RE6250, RE6300, RE6350,
 	NOT-FOR-US: Linksys
 CVE-2025-8747 (A safe mode bypass vulnerability in the `Model.load_model` method in K ...)
 	- keras <removed>
+	[bullseye] - keras <postponed> (Minor issue)
+	NOTE: Follow-up fix for CVE-2025-1550.
+	NOTE: https://github.com/advisories/GHSA-c9rc-mg46-23w3
+	NOTE: https://github.com/keras-team/keras/pull/21429 (v3.11.0)
 CVE-2025-8661 (A stored Cross-Site Scripting vulnerability (XSS) occurs when the serv ...)
 	NOT-FOR-US: Symantec
 CVE-2025-8660 (Privilege escalation occurs when a user gets access to more resources  ...)
@@ -71768,6 +71772,8 @@ CVE-2024-55517 (An issue was discovered in the Interllect Core Search in Polaris
 	NOT-FOR-US: Polaris FT Intellect Core Banking
 CVE-2024-55459 (An issue in keras 3.7.0 allows attackers to write arbitrary files to t ...)
 	- keras <removed>
+	[bullseye] - keras <postponed> (Minor issue)
+	NOTE: https://github.com/advisories/GHSA-cjgq-5qmw-rcj6
 CVE-2024-54818 (SourceCodester Computer Laboratory Management System 1.0 is vulnerable ...)
 	NOT-FOR-US: SourceCodester Computer Laboratory Management System
 CVE-2024-53526 (composio >=0.5.40 is vulnerable to Command Execution in composio_opena ...)
@@ -147653,6 +147659,9 @@ CVE-2024-3672 (The BA Book Everything plugin for WordPress is vulnerable to Stor
 	NOT-FOR-US: WordPress plugin
 CVE-2024-3660 (A arbitrary code injection vulnerability in TensorFlow's Keras framewo ...)
 	- tensorflow <itp> (bug #804612)
+	- keras <removed>
+	[bullseye] - keras <postponed> (Minor issue)
+	NOTE: https://github.com/advisories/GHSA-x4wf-678h-2pmq
 CVE-2024-3367 (Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1. ...)
 	- check-mk <removed>
 CVE-2024-3243 (The Customer Reviews for WooCommerce plugin for WordPress is vulnerabl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1abcd2b3ace9c88d2bc8dbc5a85261d35db472ce...82fc60f3d8e8422a2acb0e430c4fc9ef7ea7015e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1abcd2b3ace9c88d2bc8dbc5a85261d35db472ce...82fc60f3d8e8422a2acb0e430c4fc9ef7ea7015e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/d8e8e950/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list